Systems and methods for preventing data loss on external devices

US 8,224,796 B1
Filed: 09/11/2009
Issued: 07/17/2012
Est. Priority Date: 09/11/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for preventing data loss on external devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:

identifying an external device;

intercepting a write attempt to a file on the external device;

creating a sandbox version of the file;

redirecting the intercepted write attempt from the file to the sandbox version of the file;

analyzing the sandbox version of the file for potential data-loss violations and then either;

determining, based on the analysis of the sandbox version of the file that a data-loss violation has not occurred and then copying the sandbox version of the file to the file on the external device ordetecting, based on the analysis of the sandbox version of the file, a data-loss violation and then deleting the sandbox version of the file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method for data loss prevention may include: 1) indentifying an external device, 2) intercepting a write attempt to a file on the external device, 3) creating a sandbox version of the file, 4) performing the write attempt on the sandbox version of the file, and then 5) analyzing the sandbox version of the file for potential data-loss violations. Various other methods, systems, and computer-readable media are also disclosed.

Citations

16 Claims

1. A computer-implemented method for preventing data loss on external devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- identifying an external device;
  
  intercepting a write attempt to a file on the external device;
  
  creating a sandbox version of the file;
  
  redirecting the intercepted write attempt from the file to the sandbox version of the file;
  
  analyzing the sandbox version of the file for potential data-loss violations and then either;
  
  determining, based on the analysis of the sandbox version of the file that a data-loss violation has not occurred and then copying the sandbox version of the file to the file on the external device ordetecting, based on the analysis of the sandbox version of the file, a data-loss violation and then deleting the sandbox version of the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein creating the sandbox version of the file comprises creating the sandbox version of the file on a local device.
  - 3. The computer-implemented method of claim 1, wherein creating the sandbox version of the file comprises:
    - intercepting an attempt to open the file;
      
      determining that the file is not open;
      
      copying the contents of the file to the sandbox version of the file.
  - 4. The computer-implemented method of claim 1, wherein creating the sandbox version of the file comprises at least one of:
    - creating the sandbox version of the file on a hidden virtual disk;
      
      creating the sandbox version of the file with restricted access privileges.
  - 5. The computer-implemented method of claim 1, wherein analyzing the sandbox version of the file for potential data-loss violations comprises:
    - intercepting an attempt to close the file;
      
      analyzing the sandbox version of the file for potential data-loss violations before closing the file.
  - 6. The computer-implemented method of claim 1, further comprising redirecting an attempt to read from the file to the sandbox version of the file.
  - 7. The computer-implemented method of claim 1, further comprising marking the sandbox version of the file as modified.
  - 8. The computer-implemented method of claim 1, wherein analyzing the sandbox version of the file for potential data-loss violations comprises determining that the sandbox version of the file was modified.
  - 9. The computer-implemented method of claim 1, wherein identifying the external device comprises identifying at least one of:
    - a network share;
      
      a USB storage device;
      
      a compact disc drive;
      
      a DVD drive.

10. A system for preventing data loss on external devices, the system comprising:
- an identification module programmed to identify an external device;
  
  an interception module programmed to intercept a write attempt to a file on the external device;
  
  a sandbox module programmed to;
  
  create a sandbox version of the file;
  
  redirect the intercepted write attempt from the file to the sandbox version of the file;
  
  an analysis module programmed to analyze the sandbox version of the file for potential data-loss violations and then either;
  
  determine, based on the analysis of the sandbox version of the file that a data-less violation has not occurred and then copying the sandbox version of the file to the file on the external device ordetect, based on the analysis of the sandbox version of the file, a data-loss violation and then deleting the sandbox version of the file;
  
  at least one processor configured to execute the identification module, the interception module, the sandbox module, and the analysis module.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The system of claim 10, wherein the sandbox module is programmed to create the sandbox version of the file by creating the sandbox version of the file on a local device.
  - 12. The system of claim 10, wherein the sandbox module is programmed to create the sandbox version of the file by:
    - intercepting an attempt to open the file;
      
      determining that the file is not open;
      
      copying the contents of the file to the sandbox version of the file.
  - 13. The system of claim 10, wherein the sandbox module is programmed to create the sandbox version of the file by at least one of:
    - creating the sandbox version of the file on a hidden virtual disk;
      
      creating the sandbox version of the file with restricted access privileges.
  - 14. The system of claim 10, wherein the analysis module is programmed to analyze the sandbox version of the file for potential data-loss violations by:
    - intercepting an attempt to close the file;
      
      analyzing the sandbox version of the file for potential data-loss violations before closing the file.
  - 15. The system of claim 10, wherein the interception module is further programmed to redirect an attempt to read from the file to the sandbox version of the file.

16. A computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
- identify an external device;
  
  intercept a write attempt to a file on the external device;
  
  create a sandbox version of the file;
  
  redirect the intercepted write attempt from the file to the sandbox version of the file;
  
  analyze the sandbox version of the file for potential data-loss violations and then either;
  
  determine, based on the analysis of the sandbox version of the file that a data-less violation has not occurred and then copying the sandbox version of the file to the file on the external device ordetect, based on the analysis of the sandbox version of the file. a data-loss violation and then deleting the sandbox version of the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Upadhyay, Rajesh, Shinde, Amit, Graham, Jeff
Primary Examiner(s)
Ly, Anh

Application Number

US12/558,333
Time in Patent Office

1,040 Days
Field of Search

707/647, 707/782, 707/783, 707/821, 707/695, 726/1, 726/22, 726/26
US Class Current

707/695
CPC Class Codes

G06F 16/162 Delete operations erasing i...

Systems and methods for preventing data loss on external devices

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for preventing data loss on external devices

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links