System and method for managing data loss due to policy violations in temporary files
First Claim
Patent Images
1. A computer-implemented method comprising:
- monitoring, by a client agent, information content on a client for violations of a policy;
determining, by the client agent, that a violation of the policy has occurred for content of a temporary file of an application;
correlating, by the client agent, the policy violation of the temporary file with an original file of the application;
wherein correlating the policy violation of the temporary file with the original file of the application comprises;
monitoring file system operations performed by a file system for the temporary file with a file system driver;
detecting that a first file system operation has occurred;
detecting that a second file system operation has occurred subsequent to the first file system operation; and
correlating the policy violation of the temporary file with a name of the original file in response to detection of a sequence of the first and second file system operations;
generating a report for the policy violation of the temporary file using the name of the original file, andproviding the report indicating the monitored file system operations to a data loss prevention (DLP) agent of a computer system.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for managing data loss due to policy violations in temporary files is described. In one embodiment, the method includes monitoring, by a client agent, information content on a client for violations of a policy. The method further includes determining, by the client agent, that a violation of the policy has occurred for content of a temporary file of an application. In one embodiment, the policy violation of the temporary file is correlated, by the client agent, with an original file of the application.
171 Citations
11 Claims
-
1. A computer-implemented method comprising:
-
monitoring, by a client agent, information content on a client for violations of a policy; determining, by the client agent, that a violation of the policy has occurred for content of a temporary file of an application; correlating, by the client agent, the policy violation of the temporary file with an original file of the application; wherein correlating the policy violation of the temporary file with the original file of the application comprises; monitoring file system operations performed by a file system for the temporary file with a file system driver; detecting that a first file system operation has occurred; detecting that a second file system operation has occurred subsequent to the first file system operation; and correlating the policy violation of the temporary file with a name of the original file in response to detection of a sequence of the first and second file system operations; generating a report for the policy violation of the temporary file using the name of the original file, and providing the report indicating the monitored file system operations to a data loss prevention (DLP) agent of a computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer readable storage medium that provides instructions, which when executed on a processing system cause the processing system to perform a method comprising:
-
monitoring, by a client agent, information content on a client for violations of a policy; determining, by the client agent, that a violation of the policy has occurred for content of a temporary file of an application;
correlating, by the client agent, the policy violation of the temporary file with an original file of the application;wherein correlating the policy violation of the temporary file with the original file of the application comprises; monitoring file system operations performed by a file system for the temporary file with a file system driver; detecting that a first file system operation has occurred; detecting that a second file system operation has occurred subsequent to the first file system operation; and correlating the policy violation of the temporary file with a name of the original file in response to detection of a sequence of the first and second file system operations; generating a report for the policy violation of the temporary file using the name of the original file, and providing the report indicating the monitored file system operations to a data loss prevention (DLP) agent of a computer system. - View Dependent Claims (9)
-
-
10. A client system comprising:
-
a memory to store information content; and a processor coupled to the memory to cause a policy violation detector to monitor information content on the client system for violations of a policy, determine that a violation of the policy has occurred for content of a temporary file of an application, and correlate the policy violation of the temporary file with an original file of the application; wherein correlate the policy violation of the temporary file with the original file of the application comprises; monitor file system operations performed by a file system for the temporary file with a file system driver; detect that a first file system operation has occurred; detect that a second file system operation has occurred subsequent to the first file system operation; and correlate the policy violation of the temporary file with a name of the original file in response to detection of a sequence of the first and second file system operations; generate a report for the policy violation of the temporary file using the name of the original file, and provide the report indicating the monitored file system operations to a data loss prevention (DLP) agent of the client system. - View Dependent Claims (11)
-
Specification