Privacy friendly malware quarantines
First Claim
1. A computer-implemented method for generating a quarantine file from a regular file identified as being infected with a malware, the method comprising:
- encoding data in the regular file with a reversible function;
identifying a set of metadata that describes security attributes of the regular file, the security attributes controlling access to the regular file;
detecting that the regular file is infected with the malware and, in response, generating the quarantine file;
combining the encoded file data and the set of metadata in the generated quarantine file;
setting security attributes of the generated quarantine file to match the security attributes of the regular file;
copying the set of metadata to a central location that is accessible to a user interface while maintaining the original set of metadata in the generated quarantine file, wherein the user interface displays the set of metadata to a user; and
deleting the regular file after the encoded data and the set of metadata are stored in the quarantine file.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
-
Citations
19 Claims
-
1. A computer-implemented method for generating a quarantine file from a regular file identified as being infected with a malware, the method comprising:
-
encoding data in the regular file with a reversible function; identifying a set of metadata that describes security attributes of the regular file, the security attributes controlling access to the regular file; detecting that the regular file is infected with the malware and, in response, generating the quarantine file; combining the encoded file data and the set of metadata in the generated quarantine file; setting security attributes of the generated quarantine file to match the security attributes of the regular file; copying the set of metadata to a central location that is accessible to a user interface while maintaining the original set of metadata in the generated quarantine file, wherein the user interface displays the set of metadata to a user; and deleting the regular file after the encoded data and the set of metadata are stored in the quarantine file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A user computing system for generating a quarantine file from a regular file identified as being infected with malware, the user computing system comprising:
-
a processor; and a computer-readable storage media having stored thereon an antivirus application accessible to the processor, the antivirus application including; an antivirus engine that, when executed by the processor, detects the malware in the regular file on the user computing system; a quarantine module that, when executed by the processor, causes the user computing system to; encode the regular file data; generate the quarantine file that contains the encoded file data and a metadata that describes security attributes of the regular file detected to have malware, the security attributes controlling access to the regular file; create a duplicate copy of the metadata and store the duplicate copy of the metadata in a quarantine folder also stored on the computer-readable storage media of the user computing system; apply the security attributes of the regular file to the quarantine file; and delete the regular file after the encoded file data and the metadata are stored in the quarantine file; and a user interface that, when executed by the processor, causes the user computing system to; search the quarantine folder for the duplicate copy of the metadata and display the metadata to a user; and accept a command to quarantine the regular file, wherein the user interface is further configured to accept commands to; scan the quarantine file for malware; and submit the quarantine file to an antivirus vendor. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification