Integrated firewall/virus scanner system, method, and computer program product

US 7,568,231 B1
Filed: 06/24/2004
Issued: 07/28/2009
Est. Priority Date: 06/24/2004
Status: Active Grant

First Claim

Patent Images

1. A security method, comprising:

identifying a request from a remote computer to write to a file on a local computer;

determining whether the request results in the local computer being infected with malware;

blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;

wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;

wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;

wherein the blocking includes dropping packets received at the local computer from the remote computer;

wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system, method and computer program product are provided. In use, a request from a remote computer to write to a file on a local computer is identified. It is then determined whether the request results in the local computer being infected with malware. If it is determined that the request results in the local computer being infected with malware, communications between the remote computer and the local computer are blocked.

Citations

16 Claims

1. A security method, comprising:
- identifying a request from a remote computer to write to a file on a local computer;
  
  determining whether the request results in the local computer being infected with malware;
  
  blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;
  
  wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method as recited in claim 1, wherein the request is carried out utilizing a common Internet file system (CIFS) protocol.
  - 3. The method as recited in claim 1, and further comprising decoding the request for obtaining information about the remote computer.
  - 4. The method as recited in claim 3, wherein the decoding is performed utilizing the firewall.
  - 5. The method as recited in claim 1, wherein the IP address is logged.
  - 6. The method as recited in claim 1, wherein a notice is sent from the local computer to the remote computer regarding the malware.
  - 7. The method as recited in claim 1, and further comprising determining whether the file is written.
  - 8. The method as recited in claim 7, wherein, if it is determined that the file is written, scanning the file to determine if the file is infected with malware.
  - 9. The method as recited in claim 8, wherein, if it is determined that the file is infected with malware, carrying out a response.
  - 10. The method as recited in claim 9, wherein the response includes cleaning the file.
  - 11. The method as recited in claim 1, wherein the security method is utilized to counter terrorism by preventing infection of cyber-frameworks with malware initiated by terrorists.

12. A security computer program product embodied on a computer readable medium, comprising:
- computer code for identifying a request from a remote computer to write to a file on a local computer;
  
  computer code for determining whether the request results in the local computer being infected with malware;
  
  computer code for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;
  
  wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

13. A security system, comprising:
- a virus scanner adapted for determining whether a request from a remote computer to write to a file on a local computer results in the local computer being infected with malware;
  
  a firewall in communication with the virus scanner, the firewall adapted for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;
  
  wherein, if it is determined that the file is infected with malware, communicating between the firewall and the virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

14. A security system, comprising:
- means for identifying a request from a remote computer to write to a file on a local computer;
  
  means for determining whether the request results in the local computer being infected with malware;
  
  means for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;
  
  wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

15. A security method, comprising:
- identifying a request from a remote computer to write to a file on a local computer, utilizing a firewall, wherein the request is carried out utilizing a common Internet file system (CIFS) protocol;
  
  decoding the request, utilizing the firewall;
  
  identifying an IP address associated with the remote computer based on the decoding, utilizing the firewall;
  
  determining whether the file is written, utilizing a virus scanner;
  
  if it is determined that the file is written, scanning the file to determine if the file is infected with malware, utilizing the virus scanner;
  
  if it is determined that the file is infected with malware;
  
  cleaning the file, utilizing the virus scanner, andcommunicating between the firewall and the virus scanner for blocking communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein the IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

16. A security method, comprising:
- identifying a request from a remote computer to write to a file on a local computer;
  
  determining whether the file is infected with malware;
  
  blocking communications between the remote computer and the local computer if it is determined that the file is infected with malware;
  
  wherein, if it is determined that the file is infected with malware, a firewall and a virus scanner communicate for blocking the communications between the remote computer and the local computer, utilizing the firewall;
  
  wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer, as a result of the determination that the file is infected with malware;
  
  wherein the blocking includes dropping packets received at the local computer from the remote computer;
  
  wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Kumar, Srin N., Edwards, Jonathan L., Lowe, Joseph C.
Primary Examiner(s)
LAFORGIA, CHRISTIAN A

Application Number

US10/876,522
Time in Patent Office

1,860 Days
Field of Search

726/11, 726/24
US Class Current

726/24
CPC Class Codes

G06F 21/562   Static detection

H04L 63/0236   Filtering by address, proto...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Integrated firewall/virus scanner system, method, and computer program product

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Integrated firewall/virus scanner system, method, and computer program product

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links