Filter driver for identifying disk files by analysis of content
First Claim
Patent Images
1. A method to limit files that can be saved to a system, comprising:
- intercepting an operation to save a file to the system;
comparing a signature of the file to a list of signature criteria, executing a storage policy if there is a match; and
if there is no match, saving the file to the system;
wherein comparing the signature of the file to the list of signature criteria includes;
performing a content scan of the file;
wherein said performing includes;
setting a named event;
writing a file identifier of the file to a circular queue; and
completing the intercepted operation to save the file to the system, the circular queue being read to memory by a system thread; and
processing the file using a signature processing user mode service, wherein said processing includes;
using the file identifier to open the file;
scanning the file to create the file signature; and
comparing the file signature to each entry on the list of signature criteria.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method for excluding certain types of files from being saved to a system by examining file data. The file data is examined by: mapping the circular queue to memory; reading the file identifiers from the circular queue (a named mutex is locked until all file identifiers have been read from the queue); using the file identifier to open the file; scanning the opened file to create a file signature; comparing the file signature to each entry on a list of signature criteria; and performing a storage policy if there is a match.
-
Citations
8 Claims
-
1. A method to limit files that can be saved to a system, comprising:
-
intercepting an operation to save a file to the system; comparing a signature of the file to a list of signature criteria, executing a storage policy if there is a match; and if there is no match, saving the file to the system; wherein comparing the signature of the file to the list of signature criteria includes; performing a content scan of the file;
wherein said performing includes;setting a named event; writing a file identifier of the file to a circular queue; and completing the intercepted operation to save the file to the system, the circular queue being read to memory by a system thread; and processing the file using a signature processing user mode service, wherein said processing includes; using the file identifier to open the file; scanning the file to create the file signature; and comparing the file signature to each entry on the list of signature criteria. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system to limit files that can be saved to a system, comprising:
-
an input/output filter driver; a signature processing user mode service; a signature database; a policy database; and a circular queue for holding a list of file identifiers; wherein the input/output filter driver intercepts an attempt to save a file to the system; wherein the signature processing user mode service compares a signature of the file to a list of signature criteria from the signature database, executing a storage policy from the policy database if there is a match, and if there is no match, saving the file to the system; wherein comparing the signature of the file to the list of signature criteria includes; performing a content scan of the file, wherein said performing includes; writing a file identifier of the file to the circular queue; setting a named event; and completing the intercepted attempt to save the file to the system, the circular queue being mapped to memory by a system thread; and processing the file using the signature processing user mode service, wherein said processing includes; using the file identifier to open the file; scanning the file to create a file signature; and comparing the file signature to each entry on the list of signature criteria. - View Dependent Claims (8)
-
Specification