System and method for detecting malicious applications

US 7,788,724 B2
Filed: 04/10/2003
Issued: 08/31/2010
Est. Priority Date: 04/10/2003
Status: Active Grant

First Claim

Patent Images

1. A method for handling communications associated with computer applications comprising:

determining whether a communication from a first computer to a second computer is attempting to occur, wherein the communication is associated with a first application that is trusted;

determining whether a second application launched the first application;

determining whether the second application is trusted; and

initiating a security response relating to the communication in the event it is determined that the second application is not trusted.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are disclosed for detecting malicious computer applications. According to an embodiment of the present invention, it is determined whether a communication is attempting to occur, wherein the communication is associated with a first application. It is also determined whether there is a second application associated with the first application; and also determined whether the second application is trusted.

Citations

14 Claims

1. A method for handling communications associated with computer applications comprising:
- determining whether a communication from a first computer to a second computer is attempting to occur, wherein the communication is associated with a first application that is trusted;
  
  determining whether a second application launched the first application;
  
  determining whether the second application is trusted; and
  
  initiating a security response relating to the communication in the event it is determined that the second application is not trusted.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising associating the first application with the second application in a process tree.
  - 3. The method of claim 1, further comprising listing the second application in a warning if it is determined that the second application is not trusted.
  - 4. The method of claim 1, further comprising determining whether there is an untrusted launcher warning.
  - 5. The method of claim 1, further comprising allowing the communication if there is no warning.
  - 6. The method of claim 1, further comprising allowing the communication if the first application and second application are trusted.
  - 7. The method of claim 1, further comprising allowing the communication if a user permits the communication.
  - 8. The method of claim 7, further comprising adding the second application to a list of trusted launchers if the user permits the communication.

9. A system for handling communications associated with computer applications comprising:
- a processor configured to;
  
  determine whether a communication from a first computer to a second computer is attempting to occur, wherein the communication is associated with a first application;
  
  determine whether a second application launched the first application;
  
  determine whether the second application is trusted; and
  
  initiate a security response relating to the communication in the event it is determined that the second application is not trusted; and
  
  a memory coupled with the processor, wherein the memory provides instructions to the processor.
- View Dependent Claims (10, 11, 12, 13)
- - 10. The system of claim 9, wherein the processor is further configured to list the second application in a warning if it is determined that the second application is not trusted.
  - 11. The system of claim 9, wherein the processor is further configured to determine whether there is an untrusted launcher warning.
  - 12. The system of claim 9, wherein the processor is further configured to allow the communication if a user permits the communication.
  - 13. The system of claim 12, wherein the processor is further configured to add the second application to a list of trusted launchers if the user permits the communication.

14. A non-transitory computer-readable storage medium for handling communications associated with computer applications, the storage medium comprising computer instruction for:
- determining whether a communication from a first computer to a second computer is attempting to occur, wherein the communication is associated with a first application;
  
  determining whether a second application launched the first application;
  
  determining whether the second application is trusted; and
  
  initiating a security response relating to the communication in the event it is determined that the second application is not trusted.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Gabriel, Basil, Spiegel, Mark
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US10/412,708
Publication Number

US 20040205354A1
Time in Patent Office

2,700 Days
Field of Search

726 2- 33
US Class Current

726/25
CPC Class Codes

G06F 21/556   involving covert channels, ...

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

System and method for detecting malicious applications

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for detecting malicious applications

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links