System and method for network virus protection

US 7,010,807 B1
Filed: 04/13/2001
Issued: 03/07/2006
Est. Priority Date: 04/13/2001
Status: Expired due to Term

First Claim

Patent Images

1. A system, comprising:

a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning;

a communication module to communicate anti-virus protect ion information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the at least one host device; and

the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least one host device, and, if the status of the anti-virus protection of the at least one host device is not compliant with the policy, to deny the at least one host device access to the Internet and to bring the anti-virus protection of the at least one host device into compliance with the policy.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for virus protection of computers on a local area network (LAN) is disclosed. The LAN'"'"'s anti-virus policy is programmed into the firewall, or other Internet access module, which applies that policy to the client computers on the LAN. This policy might include the frequency with which the anti-virus software is updated and the number of versions that the software is permitted to be out of date. Any client computer not meeting the policy is not permitted to access the Internet. The firewall can also update out of date client computers to make them compliant with the policy.

144 Citations

48 Claims

1. A system, comprising:
- a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning;
  
  a communication module to communicate anti-virus protect ion information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the at least one host device; and
  
  the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least one host device, and, if the status of the anti-virus protection of the at least one host device is not compliant with the policy, to deny the at least one host device access to the Internet and to bring the anti-virus protection of the at least one host device into compliance with the policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system defined in claim 1 wherein the communication module is part of the at least one host device.
  - 3. The system defined in claim 1 wherein the access module sends at least one command to the at least one host device via the communication module.
  - 4. The system defined in claim 3 wherein the at least one command comprises a command selected from a group comprising:
    - a command to request status of the anti-virus protection of the at least on host device, a command to have the at least one host to update the anti-virus protection, a command to uninstall the anti-virus protection, and a command to check a specific file or directory.
  - 5. The system of claim 1, wherein a system administrator sets a range of compliance for the anti-virus protection policy.
  - 6. The system of claim 5, wherein the Internet access module denies access to the Internet to the at least one host device if not in the range of compliance.
  - 7. The system of claim 1, wherein the access module enforces and maintains the anti-virus protection policies for more than one host device.
  - 8. The system of claim 7, wherein the anti-virus protection policies differ between host devices on the LAN.
  - 9. The system of claim 1, wherein the status of the anti-virus protection of the host device includes a version number of the anti-virus protection software on the host device.
  - 10. The system of claim 1, wherein the status of the anti-virus protection of the host device includes a time stamp indicating when the anti-virus protection software was last updated on the host device.
  - 11. The system of claim 1, wherein the access module initiates an update in anti-virus protection for the host-device.
  - 12. The system of claim 1, wherein the host device reports a problem with a virus to the Internet access module.
  - 13. The system of claim 1, wherein the access module is one or more of:
    - a live firewall, a proxy server, a router, or a gateway.
  - 14. The system of claim 1, wherein the access module is an application server.

15. A method, comprising:
- connecting a local area network to an Internet via an Internet access module;
  
  connecting a host device to the Internet via the local area network; and
  
  using the Internet access module to enforce a policy for anti-virus protection onthe host device based on the status of anti-virus protection on the host device, wherein the using includes,denying the host device access to the Internet if the status of the anti-virus protection on the host device is not compliant with the policy, wherein the denying includes,applying a range of compliance for the anti-virus protection policy set by a system administrator,removing the range of compliance and requiring the most current anti-virus protection upon notice of a virus alert.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The method of claim 15, further comprising connecting the host device with the Internet access module via an out of band protocol.
  - 17. The method of claim 16, further comprising communicating a version number of the anti-virus protection on the host device to the Internet access module over the out of band protocol.
  - 18. The method of claim 16, further comprising communicating a time stamp indicating when the anti-virus protection was last updated on the host device to the Internet access module over the out of band protocol.
  - 19. The method of claim 16, further comprising initiating an update in anti-virus protection for the host device over the out of band protocol.
  - 20. The method of claim 16, further comprising encrypting the out of band protocol.
  - 21. The method of claim 15, further comprising connecting more than one host device to the local area network.
  - 22. The method of claim 21, further comprising using the Internet access module enforces and maintains the anti-virus protection policies for more than one host device.
  - 23. The method of claim 22, wherein the anti-virus protection policies differ between host devices.
  - 24. The method of claim 15, further comprising the host device is checked repeatedly to make sure the anti-virus protection is not disabled.
  - 25. The method of claim 15, further comprising reporting a problem with a virus to the Internet access module.

26. A system, comprising:
- a local area network (LAN) having at least one host device, the at least one host device having software to perform anti-virus scanning;
  
  a communication module to communicate anti-virus protection information for the at least one host device to an access module, the anti-virus protection information including status of anti-virus protection of the host device; and
  
  the access module coupled to the LAN to maintain a policy regarding anti-virus protection for the LAN and manage anti-virus protection scanning performed by the at least one host device, the access module to exchange anti-virus protection information with the at least one host device using the communication module of the at least host device and to deny the at least one host device access to the Internet if the at least one host device docs not have anti-virus protection compliant with the policy, wherein compliance with the policy is either a range of compliance or the most up to date anti-virus protection depending on whether there is currently a virus alert.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The system of claim 26, wherein the access module enforces and maintains the anti-virus protection policies for more than one host device;
    - andwherein the anti-virus protection policies differ between host devices on the LAN.
  - 28. The system of claim 26, wherein the status of the anti-virus protection of the at least one host device includes one or more of a version number of the anti-virus protection software on the host device and a time stamp indicating when the anti-virus protection software was last updated on the host device.
  - 29. The system of claim 26, wherein the access module initiates an update in anti-virus protection for the at least one host device.
  - 30. The system of claim 26, wherein the at least one host device reports a problem with a virus to the access module.
  - 31. The system of claim 26, wherein the access module is one or more of:
    - a live firewall, a proxy server, a router, a modem, a gateway, or an application server.

32. An apparatus comprising:
- an Internet access module to be coupled to connect the Internet and a local area network (LAN) including host devices, the Internet access module to receive from the host devices their anti-virus protection status and to deny Internet access to those of the host devices whose anti-virus protection status is not compliant with a corresponding anti-virus protection policy and make available software components necessary to bring those host devices whose anti-virus protection status is not compliant into compliance with the corresponding anti-virus protection policy.
- View Dependent Claims (33, 34, 35, 36, 37, 38)
- - 33. The apparatus of claim 32, wherein the anti-virus protection policy includes a range of compliance.
  - 34. The apparatus of claim 32, wherein the anti-virus protection policy differs between the host devices on the LAN.
  - 35. The system of claim 32, wherein the status of the anti-virus protection of at least one of the host devices includes one or more of a version number of the anti-virus protection software on that host device and a time stamp indicating when the anti-virus protection software was last updated on that host device.
  - 36. The system of claim 32, wherein the Internet access module initiates an update in anti-virus protection for at least one of the host devices.
  - 37. The system of claim 32, wherein the Internet access module is one or more of:
    - a live firewall, a proxy server, a router, a modem, a gateway, or an application server.
  - 38. The system of claim 32, wherein compliance with the anti-virus protection policy is either a range of compliance or the most up to date anti-virus protection depending on whether there is currently a virus alert.

39. A method comprising:
- enforcing anti-virus protection in a module providing Internet access to a plurality of host devices belonging to a local area network by performing the following for each of the plurality of host devices repeatedly,receiving status of the anti-virus protection on the host device,determining compliance with an anti-virus protection policy based on the anti-virus protection status,denying Internet access to the host device if its anti-virus protection status is determined not compliant, andproviding software components to bring the host devices into compliance with the anti-virus protection policy if its anti-virus protection status is determined not compliant.
- View Dependent Claims (40, 41, 42, 43)
- - 40. The method of claim 39, wherein the determining compliance including determining if the anti-virus protection status is within a range of compliance.
  - 41. The method of claim 39, the performing for each of the plurality of host devices also includes removing the range of compliance upon notices of a virus alert.
  - 42. The method of claim 39, wherein status of the anti-virus protection includes one or more of a version number of the anti-virus protection software on the host device and when the anti-virus protection software was last updated.
  - 43. The method of claim 39, wherein the performing for each of the plurality of host devices also includes initiating an update of the anti-virus protection on the host device.

44. A machine-readable medium that provides instructions, which when executed by a machine, cause said machine to perform operations comprising:
- enforcing anti-virus protection in a module providing Internet access to a plurality of host devices belonging to a local area network by performing the following for each of the plurality of host devices repeatedly,receiving status of the anti-virus protection on the host device,determining compliance with an anti-virus protection policy based on the anti-virus protection status,denying Internet access to the host device if its anti-virus protection status is determined not compliant, andproviding software components to brings the host devices into compliance with the anti-virus protection policy if its anti-virus protection status is determined not compliant.
- View Dependent Claims (45, 46, 47, 48)
- - 45. The machine-readable medium of claim 44, wherein the determining compliance including determining if the anti-virus protection status is within a range of compliance.
  - 46. The machine-readable medium of claim 44, the performing for each of the plurality of host devices also includes removing the range of compliance upon notices of a virus alert.
  - 47. The machine-readable medium of claim 44, wherein status of the anti-virus protection includes one or more of a version number of the anti-virus protection software on the host device and when the anti-virus protection software was last updated.
  - 48. The machine-readable medium of claim 44, wherein the performing for each of the plurality of host devices also includes initiating an update of the anti-virus protection on the host device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Quest Software, Inc.
Original Assignee
SonicWALL, Inc. (SonicWall Holdings Ltd.)
Inventors
Yanovsky, Boris
Primary Examiner(s)
Song, Hosuk

Application Number

US09/835,054
Time in Patent Office

1,789 Days
Field of Search

713200-201, 713/188, 713/187, 713/191, 709/200, 709223-225, 709/229, 726/1, 726/3, 726 22- 24
US Class Current

726/24
CPC Class Codes

G06F 21/567 using dedicated hardware

H04L 63/145 the attack involving the pr...

System and method for network virus protection

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

144 Citations

48 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for network virus protection

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

144 Citations

48 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links