System, method and computer program product for sending unwanted activity information to a central system

US 8,365,276 B1
Filed: 12/10/2007
Issued: 01/29/2013
Est. Priority Date: 12/10/2007
Status: Expired

First Claim

Patent Images

1. A method, comprising:

identifying information associated with unwanted activity, utilizing a plurality of different types of security systems of a client system, which includes a processor and a memory, and which is configured with a plurality of rules for resolving the unwanted activity independent of instructions provided by a central system, wherein at least one of the different types of security systems utilizes behavioral monitoring that includes heuristics;

sending the information to the central system for aggregating the information with additional information sets provided by additional client systems; and

receiving a response sent from the central system to the client and to the additional client systems, wherein the response is based on the information and is indicative of whether the information was verified as being associated with the unwanted activity, and wherein the response includes a rule for removing code associated with the unwanted activity, and the response includes a rule for detecting future instances of the information, and the response includes a rule for adding the information to a blacklist.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product are provided for sending, to a central system, information associated with unwanted activity. In use, information associated with unwanted activity is identified utilizing a plurality of different types of security systems. Further, the information is sent to a central system.

Citations

14 Claims

1. A method, comprising:
- identifying information associated with unwanted activity, utilizing a plurality of different types of security systems of a client system, which includes a processor and a memory, and which is configured with a plurality of rules for resolving the unwanted activity independent of instructions provided by a central system, wherein at least one of the different types of security systems utilizes behavioral monitoring that includes heuristics;
  
  sending the information to the central system for aggregating the information with additional information sets provided by additional client systems; and
  
  receiving a response sent from the central system to the client and to the additional client systems, wherein the response is based on the information and is indicative of whether the information was verified as being associated with the unwanted activity, and wherein the response includes a rule for removing code associated with the unwanted activity, and the response includes a rule for detecting future instances of the information, and the response includes a rule for adding the information to a blacklist.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the plurality of different types of security systems include two or more of a firewall, an intrusion prevention system, an anti-spyware system, and a virus scanner.
  - 3. The method of claim 1, wherein the information is correlated prior to sending the information to the central system.
  - 4. The method of claim 1, wherein the information includes a source of the unwanted activity.
  - 5. The method of claim 1, wherein the information includes a decision made in response to the unwanted activity.
  - 6. The method of claim 5, wherein the decision is to block execution of the unwanted activity.
  - 7. The method of claim 1, wherein the information includes an alert.
  - 8. The method of claim 1, further comprising detecting the unwanted activity, utilizing the plurality of different security systems.
  - 9. The method of claim 8, wherein the unwanted activity is detected utilizing at least one rule received from the central system.
  - 10. The method of claim 1, wherein the information is sent to a database via the central system.
  - 11. The method of claim 1, wherein the information is sent to the central system for correlation with other information associated with at least one network security system.

12. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
- identifying information associated with unwanted activity, utilizing a plurality of different types of security systems of a client system, which includes a processor and a memory, and which is configured with a plurality of rules for resolving the unwanted activity independent of instructions provided by a central system, wherein at least one of the different types of security systems utilizes behavioral monitoring that includes heuristics;
  
  sending the information to the central system for aggregating the information with additional information sets provided by additional client systems; and
  
  receiving a response sent from the central system to the client and to the additional client systems, wherein the response is based on the information and is indicative of whether the information was verified as being associated with the unwanted activity, and wherein the response includes a rule for removing code associated with the unwanted activity, and the response includes a rule for detecting future instances of the information, and the response includes a rule for adding the information to a blacklist.

13. An apparatus, comprising:
- a processor, wherein the apparatus is configured for;
  
  identifying information associated with unwanted activity, utilizing a plurality of different types of security systems of a client system, which includes a processor and a memory, and which is configured with a plurality of rules for resolving the unwanted activity independent of instructions provided by a central system, wherein at least one of the different types of security systems utilizes behavioral monitoring that includes heuristics;
  
  sending the information to the central system configured for aggregating the information with additional information sets provided by additional client systems; and
  
  receiving a response sent from the central system to the client and to the additional client systems, wherein the response is based on the information and is indicative of whether the information was verified as being associated with the unwanted activity, and wherein the response includes a rule for removing code associated with the unwanted activity, and the response includes a rule for detecting future instances of the information, and the response includes a rule for adding the information to a blacklist.
- View Dependent Claims (14)
- - 14. The apparatus of claim 13, wherein the processor remains in communication with memory and a display via a bus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Sallam, Ahmed Said
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tabor, Amare F

Application Number

US11/953,693
Time in Patent Office

1,877 Days
Field of Search

726/22, 713/189
US Class Current

726/22
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/566   Dynamic detection, i.e. det...

H04L 63/1416   Event detection, e.g. attac...

System, method and computer program product for sending unwanted activity information to a central system

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and computer program product for sending unwanted activity information to a central system

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links