Systems and methods for verifying trust of executable files
First Claim
Patent Images
1. A computer-implemented method for verifying trust of an executable file in an operating system environment, the method comprising:
- determining that the executable file is being introduced into a path of execution, wherein the path of execution is such that the executable file is not installed or loaded into memory for execution;
responsive to said determining, automatically evaluating the executable file with multiple malware checks to determine if the executable file represents a type of malware, wherein the multiple malware checks comprise a virus check, a spy ware check, and a code-integrity check; and
if the executable file is determined to represent a type of malware, implementing a protection path, wherein the protection path comprises revoking trustworthiness of the executable file,if the executable file is not determined to represent a type of malware and is from a trusted source, allowing the path of execution, andif the executable file is not determined to represent a type of malware and is not from a trusted source, allowing a system administrator to make the decision whether to allow the path of execution or implement a protection path.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for validating integrity of an executable file are described. In one aspect, the systems and methods determine that an executable file is being introduced into a path of execution. The executable file is then automatically evaluated in view of multiple malware checks to detect if the executable file represents a type of malware. The multiple malware checks are integrated into an operating system trust verification process along the path of execution.
86 Citations
17 Claims
-
1. A computer-implemented method for verifying trust of an executable file in an operating system environment, the method comprising:
-
determining that the executable file is being introduced into a path of execution, wherein the path of execution is such that the executable file is not installed or loaded into memory for execution; responsive to said determining, automatically evaluating the executable file with multiple malware checks to determine if the executable file represents a type of malware, wherein the multiple malware checks comprise a virus check, a spy ware check, and a code-integrity check; and if the executable file is determined to represent a type of malware, implementing a protection path, wherein the protection path comprises revoking trustworthiness of the executable file, if the executable file is not determined to represent a type of malware and is from a trusted source, allowing the path of execution, and if the executable file is not determined to represent a type of malware and is not from a trusted source, allowing a system administrator to make the decision whether to allow the path of execution or implement a protection path. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-readable medium comprising computer-program instructions for verifying trust of an executable file in an operating system environment, executable by a processor for:
-
determining that the executable file is being introduced into a path of execution, wherein the path of execution is such that the executable file is not installed or loaded into memory for execution; responsive to said determining, automatically evaluating the executable file with multiple malware checks to determine if the executable file represents a type of malware, wherein the multiple malware checks comprise a virus check, a spy ware check, and a code-integrity check; and if the executable file is determined to represent a type of malware, implementing a protection path, if the executable file is not determined to represent a type of malware and is from a trusted source, allowing the path of execution, and if the executable file is not determined to represent a type of malware and is not from a trusted source, allowing a system administrator to make the decision whether to allow the path of execution or implement a protection path. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computing device for verifying trust of an executable file in an operating system environment, the computing device comprising:
-
a processor; and a memory coupled to the processor, the memory comprising computer-program instructions executable by the processor for; determining that the executable file is being introduced into a path of execution, wherein the path of execution is such that the executable file is not installed or loaded into memory for execution; responsive to said determining, automatically evaluating the executable file with multiple malware checks to determine if the executable file represents a type of malware, wherein the multiple malware checks comprise a virus check, a spy ware check, and a code-integrity check; and if the executable file is determined to represent a type of malware, implementing a protection path, if the executable file is not determined to represent a type of malware and is from a trusted source, allowing the path of execution, and if the executable file is not determined to represent a type of malware and is not from a trusted source, allowing a system administrator to make the decision whether to allow the path of execution or implement a protection path. - View Dependent Claims (15, 16, 17)
-
Specification