System and method of monitoring and controlling application files
First Claim
1. A method of adapting a system over the Internet which protects computers from malicious software programs, the method comprising:
- identifying a malicious software program stored on a first computer;
determining whether the malicious software program is identified in a first database, the first database including categorized programs;
if the malicious software program is identified in the first database, applying one or more policies associated with the malicious software program identified in the first database;
only if the malicious software program is not identified in the first database, adding an identifier indicative of the malicious software program to a second database;
uploading the second database including the identifier to a database factory over the Internet;
determining by the database factory, whether the malicious software program associated with the identifier has been previously analyzed by the database factory;
for each identifier that was not previously analyzed, associating the identifier with a respective digital fingerprint;
adding the respective digital fingerprint to a third database;
downloading the third database to a second computer; and
scanning the second computer for the malicious software program associated with the respective digital fingerprint in the third database.
21 Assignments
0 Petitions
Accused Products
Abstract
A system and method for updating a system that controls files executed on a workstation. The workstation includes a workstation management module configured to detect the launch of an application. A workstation application server receives data associated with the application from the workstation. This data can include a hash value. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized by the application database factory and provides the category to the application server module. Once the application server module has the category, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the launched application to control access to the application on the workstation.
-
Citations
14 Claims
-
1. A method of adapting a system over the Internet which protects computers from malicious software programs, the method comprising:
-
identifying a malicious software program stored on a first computer; determining whether the malicious software program is identified in a first database, the first database including categorized programs; if the malicious software program is identified in the first database, applying one or more policies associated with the malicious software program identified in the first database; only if the malicious software program is not identified in the first database, adding an identifier indicative of the malicious software program to a second database; uploading the second database including the identifier to a database factory over the Internet; determining by the database factory, whether the malicious software program associated with the identifier has been previously analyzed by the database factory; for each identifier that was not previously analyzed, associating the identifier with a respective digital fingerprint; adding the respective digital fingerprint to a third database; downloading the third database to a second computer; and scanning the second computer for the malicious software program associated with the respective digital fingerprint in the third database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
Specification