Proxy-based malware scan

US 8,181,245 B2
Filed: 06/19/2007
Issued: 05/15/2012
Est. Priority Date: 06/19/2007
Status: Active Grant

First Claim

Patent Images

1. A system comprising at least one processor coupled to at least one machine-readable storage medium storing instructions executable by the at least one processor to implement:

a proxy server configured to facilitate access to a scanning engine associated with a network live meeting conference service, wherein the scanning engine is configured to check traffic corresponding to a plurality of members of said conference service for harmful data; and

a management component configured to regulate operation of the scanning engine as a function of availability of the scanning engine, at least in part by suspending scanning operations and enabling a subset of the plurality of members to continue the network live meeting conference service while the scanning operations are suspended in response to exceeding a load threshold of the scanning engine.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system that employs out-of-process (‘out-of-proc’) architectures with respect to malware scanning related to network services applications is provided. The ‘out-of-proc’ malware (e.g., virus) scanning is employed in connection with a web conferencing server. This architecture enables more versatile options related to scanning, for example, selective bypass in a crisis situation.

Citations

20 Claims

1. A system comprising at least one processor coupled to at least one machine-readable storage medium storing instructions executable by the at least one processor to implement:
- a proxy server configured to facilitate access to a scanning engine associated with a network live meeting conference service, wherein the scanning engine is configured to check traffic corresponding to a plurality of members of said conference service for harmful data; and
  
  a management component configured to regulate operation of the scanning engine as a function of availability of the scanning engine, at least in part by suspending scanning operations and enabling a subset of the plurality of members to continue the network live meeting conference service while the scanning operations are suspended in response to exceeding a load threshold of the scanning engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1, further comprising a policy component configured to define a procedure of regulating operation of the scanning engine.
  - 3. The system of claim 1, wherein the policy component is configured to employ an access control list to regulate operation of the scanning engine.
  - 4. The system of claim 1, wherein the policy component is configured to employ a type of data to regulate operation of the scanning engine.
  - 5. The system of claim 1, further comprising:
    - an availability detection component configured to detect a performance issue related to the scanning engine; and
      
      a recovery component configured to enable initiation of the scanning engine upon correction of the detected performance issue.
  - 6. The system of claim 5, wherein the performance issue includes at least one of a failure, overload or timeout.
  - 7. The system of claim 5, further comprising a notification component configured to notify a subset of the members of the performance issue.
  - 8. The system of claim 7, further comprising a logic component configured to select the subset as a function of a policy.
  - 9. The system of claim 1, further comprising machine learning and reasoning component configured to employ at least one of a probabilistic or a statistical-based analysis to infer an action to be automatically performed.

10. A computer-implemented method, comprising:
- monitoring availability of a malware scanning application for a conference application supporting a live meeting conference conducted over a communications network;
  
  determining an issue with the malware scanning application in responcse to exceeding a load threshold of the canning application;
  
  sending a notification of the load issue of the scanning application to a plurality of entities participating in the conference, wherein the plurality of entities are connected via the conference application;
  
  suspending operation of the malware scanning application based on the load issue of the scanning application; and
  
  enabling a subset of the plurality of entities to continue participation in the conference while bypassing operation of the suspended malware scanning application.
- View Dependent Claims (11, 12, 13, 14, 15, 16)
- - 11. The computer-implemented method of claim 10, further comprising automatically recovering from the issue.
  - 12. The computer-implemented method of claim 10, further comprising, based on the monitoring the availability of the malware scanning application, detecting that an absence of the availability is due to malicious activity rather than a genuine load based on an occurrence of a preset number of consecutive time-outs.
  - 13. The computer-implemented method of claim 10, further comprising:
    - monitoring a load of the malware scanning application; and
      
      determining the issue based upon the load in view of a threshold.
  - 14. The computer-implemented method of claim 13, further comprising suspending operation of the malware scanning application if the load exceeds the threshold.
  - 15. The computer-implemented method of claim 10, further comprising recovering from the issue at least in part by clearing all pending virus scans from a queue.
  - 16. The computer-implemented method of claim 10, further comprising detecting malicious use of the malware scanning operation, wherein the malicious use defines the issue.

17. A computer-readable storage device storing instructions, the instructions if executed by a processor causing the processor to perform operations comprising:
- identifying a problem with a remote malware scanning application for scanning traffic corresponding to a plurality of members of receiving a network live meeting conference service for harmful data;
  
  suspending operation of the remote malware scanning application as a function of the problem in response to exceeding a load threshold of the scanning application, while enabling a subset of the plurality of members to continue to receive the service; and
  
  restarting the remote malware scanning application based upon correction of the problem.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable storage medium of claim 17, the operations further comprising:
    - determining availability of the remote malware scanning application; and
      
      employing the availability to assess the problem.
  - 19. The computer-readable storage medium of claim 17, the operations further comprising notifying the plurality of members of the problem.
  - 20. The computer-readable storage medium of claim 19, the operations further comprising providing the plurality of members an option to bypass the operation of the remote malware scanning application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Tripathi, Ashutosh, Roychoudhuri, Subrata
Primary Examiner(s)
Chai, Longbit

Application Number

US11/764,931
Publication Number

US 20080320548A1
Time in Patent Office

1,792 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/0281   Proxies

H04L 63/1408   by monitoring network traff...

H04L 63/1441   Countermeasures against mal...

Proxy-based malware scan

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Proxy-based malware scan

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links