File protection service for a computer system
First Claim
1. In a computer system, a method comprising:
- receiving information indicative of a possible change to a protected file; and
determining whether the possible change is valid by verifying the file, the verifying performed by a verification mechanism, and if not valid, preventing the possible change from being implemented including discarding the information indicative of the possible change and returning a success to a component.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and system that protects selected system and other files, by preventing changes to those files. In an asynchronous alternative, the change is prevented by copying back the original file when a protected file is changed, as known via an asynchronous notification. In an alternative synchronous embodiment, the change to the file is prevented from occurring. In the asynchronous notification alternative, a directory change notification notifies a file protection service whenever a file that has possibly changed is closed, providing the file identity as part of the notification. The file protection service determines from the file identify whether the file has been deemed protected. If protected, the file protection service prevents any actual change by verifying whether the protected file changed, such as by analyzing the file'"'"'s contents against known valid contents. If not valid, the file protection service restores a saved copy that is itself verified.
204 Citations
39 Claims
-
1. In a computer system, a method comprising:
-
receiving information indicative of a possible change to a protected file; and determining whether the possible change is valid by verifying the file, the verifying performed by a verification mechanism, and if not valid, preventing the possible change from being implemented including discarding the information indicative of the possible change and returning a success to a component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium having computer-executable instructions, comprising:
-
(1) selecting a plurality of files as protected files; (2) receiving information indicative of a possible change to a protected file; (3) determining whether the file is an exception case, and (a) if an exception case, allowing the change, or (b) if not an exception case, determining whether the possible change is valid by verifying the file, the verifying performed by a verification mechanism, and (i) if valid, allowing the possible change to be implemented; and (ii) if not valid, preventing the possible change from being implemented; and (4) returning information indicative of a success. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A computer system, comprising,
a protected file, a detection mechanism configured to determine when the protected file may be changed by a possible change, a verification mechanism; - and
a file protection service, the file protection service configured to receive a determination from the detection mechanism that the protected file may be changed, and further configured to communicate with the verification mechanism to verify whether the possible change is valid, and to prevent the possible change from being implemented by discarding the possible change when the possible change is not valid. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35)
- and
-
36. A computer system, comprising,
a protected file, a detection mechanism configured to determine when the protected file may be changed by a possible change; -
a verification mechanism; and a file protection service, the file protection service configured to receive a determination from the detection mechanism that the protected file may be changed, and further configured to communicate with the verification mechanism to verify whether the possible change is valid, and to prevent the possible change from being implemented by locating valid data in a system cache and copying the valid data over changed data when the possible change is not valid. - View Dependent Claims (37)
-
-
38. A computer system, comprising,
a protected file, a detection mechanism configured to determine when the protected file may be changed by a possible change; -
a verification mechanism; and a file protection service, the file protection service configured to receive a determination from the detection mechanism that the protected file may be changed, and further configured to communicate with the verification mechanism to verify whether the possible change is valid, and to prevent the possible change from being implemented by locating valid data at a network share and copying the valid data over changed data when the possible change is not valid.
-
-
39. A computer system, comprising,
a protected file, a detection mechanism configured to determine when the protected file may be changed by a possible change; -
a verification mechanism; and a file protection service, the file protection service configured to receive a determination from the detection mechanism that the protected file may be changed, and further configured to communicate with the verification mechanism to verify whether the possible change is valid, and to prevent the possible change from being implemented by locating valid data in a recorded medium and copying the valid data over changed data when the possible change is not valid.
-
Specification