Managing malware protection upon a computer network
First Claim
1. A program stored on a computer-readable medium for controlling a managing computer to manage malware protection within a computer network containing a plurality of network connected computers, said computer program product comprising:
- receiving code for receiving at said managing computer a plurality of log data messages identifying detection of malware by respective ones of said plurality of network connected computers;
detecting code for detecting from said plurality of log data messages received by said managing computer a pattern and a network-wide threshold of malware detection across said plurality of network connected computers matching at least one predetermined trigger, the network-wide threshold being applied to a sum of detections, the detections each being associated with a different one of the network connected computers;
wherein said plurality of network connected computers each have a malware scanner for scanning computer files to detect malware within said computer files;
action performing code, responsive to detection of one of said at least one predetermined trigger to perform at least one predetermined anti-malware action;
wherein predefined network-wide thresholds and patterns are provided as templates; and
wherein the predefined network-wide thresholds and patterns are customized based on a network being protected.
2 Assignments
0 Petitions
Accused Products
Abstract
A managing computer within a computer network serves to log messages received from individual computers within that computer network indicating detection of malware. The managing computer detects patterns of malware detection across the network as a whole a triggers associated predetermined anti-malware actions. These may include forcing specific computers to update their malware definition data, forcing particular computers to change their security settings and isolating individual portions of the computer network.
123 Citations
29 Claims
-
1. A program stored on a computer-readable medium for controlling a managing computer to manage malware protection within a computer network containing a plurality of network connected computers, said computer program product comprising:
-
receiving code for receiving at said managing computer a plurality of log data messages identifying detection of malware by respective ones of said plurality of network connected computers; detecting code for detecting from said plurality of log data messages received by said managing computer a pattern and a network-wide threshold of malware detection across said plurality of network connected computers matching at least one predetermined trigger, the network-wide threshold being applied to a sum of detections, the detections each being associated with a different one of the network connected computers; wherein said plurality of network connected computers each have a malware scanner for scanning computer files to detect malware within said computer files; action performing code, responsive to detection of one of said at least one predetermined trigger to perform at least one predetermined anti-malware action; wherein predefined network-wide thresholds and patterns are provided as templates; and wherein the predefined network-wide thresholds and patterns are customized based on a network being protected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of managing malware protection within a computer network containing a plurality of network connected computers, said method comprising the steps of:
-
receiving at a managing computer a plurality of log data messages identifying detection of malware by respective ones of said plurality of network connected computers; detecting from said plurality of log data messages received by said managing computer a pattern and a network-wide threshold of malware detection across said plurality of network connected computers matching at least one predetermined trigger, the network-wide threshold being applied to a sum of detections, the detections each being associated with a different one of the network connected computers; wherein said plurality of network connected computers each have a malware scanner that serves to scan computer files to detect malware within said computer files; in response to detection of said at least one predetermined trigger, performing at least one predetermined anti-malware action; wherein predefined network-wide thresholds and patterns are provided as templates; and wherein the predefined network-wide thresholds and patterns are customized based on a network being protected. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
-
-
22. Apparatus for managing malware protection within a computer network said computer network said computer network containing a plurality of network connected computers, said apparatus comprising:
-
receiving logic for receiving at a managing computer a plurality of log data messages identifying detection of malware by respective ones of said plurality of network connected computers; detecting logic for detecting from said plurality of log data messages received by said managing computer a pattern and a network-wide threshold of malware detection across said plurality of network connected computers matching at least one predetermined trigger, the network-wide threshold being applied to a sum of detections, the detections each being associated with a different one of the network connected computers; wherein each of said plurality of network connected computers have a malware scanner that serves to scan computer files to detect malware within said computer files; action performing logic, in response to detection of at least one predetermined trigger, for performing at least one predetermined anti-malware action; wherein predefined network-wide thresholds and patters are provided as templates; and wherein the predefined network-wide thresholds and patterns are customized based on a network being protected. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29)
-
Specification