×

Detecting and countering malicious code in enterprise networks

  • US 7,934,103 B2
  • Filed: 04/15/2003
  • Issued: 04/26/2011
  • Est. Priority Date: 04/17/2002
  • Status: Expired due to Fees
First Claim
Patent Images

1. A system for detecting and countering malicious code in an enterprise network, comprising:

  • a server; and

    a plurality of local machines connected to the server through the enterprise network, each local machine comprising a pattern recognition processor, the pattern recognition processor monitoring local operations to detect irregular local behavior patterns, and generating an alert after an irregularity in local behavior pattern is detected,wherein the server monitors for and analyzes irregular behavior alerts from the plurality of local machines, and, if similar alerts are received from at least a threshold number of local machines over a corresponding period of time, the server selects one or more countermeasure operations based on the analysis of the irregular behavior alerts and communicates to the local machines the selected countermeasure operations to be performed by the local machines, wherein a countermeasure operation communicated by the server to the local machines is identified by utility name.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×