Firewall control via process interrogation
First Claim
1. A method for controlling a firewall for a user computing system, said method comprising:
- receiving, by a processor of a computer system, a data request at the firewall, the data request being associated with control of a program of the user computing system;
said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server;
in response to the determining that the process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database;
said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and
in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device.
1 Assignment
0 Petitions
Accused Products
Abstract
Generally speaking, systems, methods and media for implementing a firewall control system responsive to process interrogations are disclosed. Embodiments of a method may include receiving a data request at a firewall where the data request is associated with a program and determining whether a process rule exists for the associated program, where the process rule includes a condition to be satisfied for a process of the user computer system. Embodiments may also include, in response to determining that a process rule does exist, determining a method for evaluating a status of the process and determining a current status of the process. Embodiments may also include determining whether the process rule is satisfied based on the current status of the process and using the determined evaluation method. Embodiments may also include, in response to determining whether the condition of the process rule is satisfied, performing one or more firewall actions.
-
Citations
20 Claims
-
1. A method for controlling a firewall for a user computing system, said method comprising:
-
receiving, by a processor of a computer system, a data request at the firewall, the data request being associated with control of a program of the user computing system; said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server; in response to the determining that the process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database; said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product, comprising a computer physically tangible storage device having a computer readable program code stored therein, said program code configured to be executed by a processor of a computer system to implement a method for controlling a firewall for a user computing system, said method comprising:
-
said processor receiving a data request at the firewall, the data request being associated with control of a program of the user computing system; said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server; in response to the determining that a process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database; said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer system comprising a processor, a memory coupled to the processor, and a computer readable storage device coupled to the processor, said storage device containing program code configured to be executed by the processor via the memory to implement a method for controlling a firewall for a user computing system, said method comprising:
-
said processor receiving a data request at the firewall, the data request being associated with control of a program of the user computing system; said processor determining that a process rule exists for the program, the process rule comprising a condition to be satisfied for a process of the user computing system, the process rule having been generated based on preferences received by a process interrogation controller in the firewall, the process rule being stored in a storage unit of the firewall, the user computing system, or a remote server; in response to the determining that a process rule exists for the program, said processor further determining a manner for evaluating a status of the process and determining a current status of the process, wherein said determining the manner for evaluating comprises searching executable file information, calling an application program interface, or querying an operation system database; said processor determining, using the determined manner for evaluating, whether the condition of the process rule is satisfied based on the current status of the process; and in response to determining whether the condition of the process rule is satisfied, said processor performing one or more firewall actions comprising allowing or denying access to data packets, monitoring data packets, or redirecting data packets to another device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification