Integrated firewall/virus scanner system, method, and computer program product
First Claim
Patent Images
1. A security method, comprising:
- identifying a request from a remote computer to write to a file on a local computer;
determining whether the request results in the local computer being infected with malware;
blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware;
wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall;
wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware;
wherein the blocking includes dropping packets received at the local computer from the remote computer;
wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
11 Assignments
0 Petitions
Accused Products
Abstract
A security system, method and computer program product are provided. In use, a request from a remote computer to write to a file on a local computer is identified. It is then determined whether the request results in the local computer being infected with malware. If it is determined that the request results in the local computer being infected with malware, communications between the remote computer and the local computer are blocked.
-
Citations
16 Claims
-
1. A security method, comprising:
-
identifying a request from a remote computer to write to a file on a local computer; determining whether the request results in the local computer being infected with malware; blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware; wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall; wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A security computer program product embodied on a computer readable medium, comprising:
-
computer code for identifying a request from a remote computer to write to a file on a local computer; computer code for determining whether the request results in the local computer being infected with malware; computer code for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware; wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall; wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
-
-
13. A security system, comprising:
-
a virus scanner adapted for determining whether a request from a remote computer to write to a file on a local computer results in the local computer being infected with malware; a firewall in communication with the virus scanner, the firewall adapted for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware; wherein, if it is determined that the file is infected with malware, communicating between the firewall and the virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall; wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
-
-
14. A security system, comprising:
-
means for identifying a request from a remote computer to write to a file on a local computer; means for determining whether the request results in the local computer being infected with malware; means for blocking communications between the remote computer and the local computer if it is determined that the request results in the local computer being infected with malware; wherein, if it is determined that the file is infected with malware, communicating between a firewall and a virus scanner for blocking the communications between the remote computer and the local computer, utilizing the firewall; wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
-
-
15. A security method, comprising:
-
identifying a request from a remote computer to write to a file on a local computer, utilizing a firewall, wherein the request is carried out utilizing a common Internet file system (CIFS) protocol; decoding the request, utilizing the firewall; identifying an IP address associated with the remote computer based on the decoding, utilizing the firewall; determining whether the file is written, utilizing a virus scanner; if it is determined that the file is written, scanning the file to determine if the file is infected with malware, utilizing the virus scanner; if it is determined that the file is infected with malware; cleaning the file, utilizing the virus scanner, and communicating between the firewall and the virus scanner for blocking communications between the remote computer and the local computer, utilizing the firewall; wherein the IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
-
-
16. A security method, comprising:
-
identifying a request from a remote computer to write to a file on a local computer; determining whether the file is infected with malware; blocking communications between the remote computer and the local computer if it is determined that the file is infected with malware; wherein, if it is determined that the file is infected with malware, a firewall and a virus scanner communicate for blocking the communications between the remote computer and the local computer, utilizing the firewall; wherein an IP address of the remote computer is utilized for blocking the communications between the remote computer and the local computer, as a result of the determination that the file is infected with malware; wherein the blocking includes dropping packets received at the local computer from the remote computer; wherein the packet dropping results in the remote computer waiting until the cessation of an associated network driver timeout before resending another request, thus further enhancing security.
-
Specification