System, method, and computer program product for tailoring security responses for local and remote file open requests
First Claim
Patent Images
1. A security method, comprising:
- receiving a request to open a file on a local computer;
determining whether the request is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network, by identifying a thread associated with the request and determining whether a start address of code associated with the thread is within a kernel component; and
categorizing the request as a remote request received via the network or a local request received locally based on the determination;
wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning.
11 Assignments
0 Petitions
Accused Products
Abstract
A security system, method and computer program product are provided. In use, a request is received to open a file on a local computer. Thereafter, it is determined whether the request is received from a local process operating on a local computer or from a remote computer, so that such determination may be used for security purposes.
-
Citations
19 Claims
-
1. A security method, comprising:
-
receiving a request to open a file on a local computer; determining whether the request is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network, by identifying a thread associated with the request and determining whether a start address of code associated with the thread is within a kernel component; and categorizing the request as a remote request received via the network or a local request received locally based on the determination; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A security method, comprising:
-
receiving a request to open a file on a local computer; determining whether the request is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning; wherein a kernel component of the local computer handles the request if the request is received from the remote computer via a network, and the determination is carried out utilizing the kernel component; wherein the kernel component creates a plurality of threads to process a plurality of the requests received from a plurality of the remote computers via the network; wherein at least one of the threads associated with the requests is identified utilizing a virus scanner; wherein the virus scanner obtains a start address of code associated with the identified thread. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A security computer program product embodied on a computer readable medium, comprising:
-
computer code for receiving a request to open a file on a local computer; computer code for determining whether the request is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network, by identifying a thread associated with the request and determining whether a start address of code associated with the thread is within a kernel component; computer code for categorizing the request as a remote request received via the network or a local request received locally based on the determination; and computer code for scanning the file based on the determination for tailoring the scanning in accordance with the type of the request; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning.
-
-
17. A security system, comprising:
-
means for receiving a request to open a file on a local computer; means for determining whether the request is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network, by identifying a thread associated with the request and determining whether a start address of code associated with the thread is within a kernel component; means for categorizing the request as a remote request received via the network or a local request received locally based on the determination; and means for scanning the file based on the determination for tailoring the scanning in accordance with the type of the request; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning.
-
-
18. A security system, comprising:
-
a virus scanner adapted for determining whether a request to open a file on a local computer is a local request received from a local process operating on the local computer or a remote request received from a remote computer coupled to the local computer via a network, by identifying a thread associated with the request and determining whether a start address of code associated with the thread is within a kernel component; wherein the virus scanner is further adapted to categorize the request as a remote request received via the network or a local request received locally based on the determination; wherein the file is scanned based on the determination for tailoring the scanning in accordance with the type of the request; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the file and utilizing more virus signatures during scanning.
-
-
19. A security method, comprising:
-
receiving a plurality of requests to open files on a local computer, wherein the requests received via a network are handled by a kernel component which creates a plurality of threads to process the requests received from the network; intercepting the requests, utilizing a virus scanner; identifying one of the threads associated with one of the requests, utilizing the virus scanner; obtaining a start address of code associated with the identified thread, utilizing the virus scanner; determining whether the start address is within the kernel component; if it is determined that the start address is within the kernel component, categorizing the associated request as a remote request received via the network; if it is determined that the start address is not within the kernel component, categorizing the associated request as a local request received locally; scanning the files based on the determination for tailoring the scanning in accordance with the type of the request; wherein the remote request is handled with more scrutiny with respect to the local request by at least one of denying the remote request to open the files and utilizing more virus signatures during scanning.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeMcAfee, LLC
-
Original AssigneeMcAfee, Inc. (McAfee, LLC)
-
InventorsEdwards, Jonathan L., Lowe, Joseph C., Kumar, Srin N.
-
Primary Examiner(s)LAFORGIA, CHRISTIAN A
-
Application NumberUS10/876,523Time in Patent Office1,517 DaysField of Search726/24, 713/188US Class Current726/24CPC Class CodesG06F 21/564 by virus signature recognition
