Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

US 7,549,168 B1
Filed: 06/29/2006
Issued: 06/16/2009
Est. Priority Date: 06/29/2001
Status: Expired due to Term

First Claim

Patent Images

1. A method, comprising:

receiving commands for executing a risk-assessment scan from a remote computer utilizing a network;

processing the commands on a local computer utilizing an agent; and

performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;

wherein the agent includes a plurality of risk-assessment modules;

wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;

wherein the commands each indicate at least one of the risk-assessment modules.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided. Commands are received for executing a risk-assessment scan from a remote computer utilizing a network. The commands are processed on a local computer utilizing an agent. Further, the risk-assessment scan is performed on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer. Such agent includes a plurality of risk-assessment modules. Further, the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer.

53 Citations

View as Search Results

19 Claims

1. A method, comprising:
- receiving commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  processing the commands on a local computer utilizing an agent; and
  
  performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method as recited in claim 1, wherein the risk-assessment modules are selected for the agent based on specifications of the local computer.
  - 3. The method as recited in claim 1, wherein the risk-assessment modules include a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 4. The method as recited in claim 1, wherein the risk-assessment modules are selected from the group consisting of a STAT module for performing a stat system call on a file, a READ module for reading a file, a READDIR module for returning contents of a directory, a FIND module for locating a list of files based on a given function, a GETPWENT module for retrieving an entry from a password database, a GETGRENT module for retrieving an entry from a group database, a CHKSUM module for performing a checksum operation on a file, and an EXEC module for executing a command.
  - 5. The method as recited in claim 1, and further comprising transmitting results of the risk-assessment scan from the local computer to the remote computer utilizing the network.
  - 6. The method as recited in claim 5, and further comprising receiving feedback to the results from the remote computer utilizing the network.
  - 7. The method as recited in claim 6, wherein the feedback is active.
  - 8. The method as recited in claim 7, wherein the feedback includes additional commands for correcting the vulnerabilities in response to the additional commands.
  - 9. The method as recited in claim 8, wherein the feedback includes additional modules for correcting the vulnerabilities in response to the additional commands.
  - 10. The method as recited in claim 6, wherein the feedback is passive.
  - 11. The method as recited in claim 10, wherein the feedback includes descriptions as to how to correct the vulnerabilities.
  - 12. The method as recited in claim 5, wherein the results include a log of the risk-assessment scan.
  - 13. The method as recited in claim 5, wherein the results include an identification of the vulnerabilities.
  - 14. The method as recited in claim 1, wherein a plurality of the commands are each associated with only one of the risk-assessment modules.
  - 15. The method as recited in claim 1, wherein a different set of risk-assessment modules exists on different local computers, based on a platform associated with each of the local computers.
  - 16. The method as recited in claim 1, wherein the commands are processed by extracting parameters associated with the commands.
  - 17. The method as recited in claim 16, wherein the commands are processed by executing the risk-assessment modules indicated by the commands utilizing the associated parameters.

18. A computer program product embodied on a computer readable medium, comprising:
- computer code for receiving commands for executing a scan from a remote computer utilizing a network;
  
  computer code for processing the commands on a local computer utilizing an agent; and
  
  computer code for performing the scan on the local computer in accordance with the processed commands to remotely scan the local computer;
  
  wherein the agent includes a plurality of scan modules;
  
  wherein the commands execute the scan modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the scan modules.

19. A system including a tangible computer readable medium, comprising:
- logic for receiving commands for executing a risk-assessment scan from a remote computer utilizing a network;
  
  logic for processing the commands on a local computer utilizing an agent; and
  
  logic for performing the risk-assessment scan on the local computer in accordance with the processed commands to remotely detect local vulnerabilities on the local computer;
  
  wherein the agent includes a plurality of risk-assessment modules;
  
  wherein the commands execute the risk-assessment modules in a specific manner that is configured at the remote computer;
  
  wherein the commands each indicate at least one of the risk-assessment modules.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Osborne, Anthony C., Herath, Nishad P., McDonald, John R., Rahmanovic, Tarik, Magdych, James S., Tellier, Brock E.
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US11/477,888
Time in Patent Office

1,083 Days
Field of Search

726/25, 726/22
US Class Current

726/25
CPC Class Codes

G06F 21/577 Assessing vulnerabilities a...

H04L 63/1433 Vulnerability analysis

Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Network-based risk-assessment tool for remotely detecting local computer vulnerabilities

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links