Risk-aware scanning of objects

US 8,443,445 B1
Filed: 06/28/2006
Issued: 05/14/2013
Est. Priority Date: 03/31/2006
Status: Active Grant

First Claim

Patent Images

1. A method for scanning objects in a system, comprising:

monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object;

determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object;

scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels;

performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period;

performing additional scans of the object at the scan interval until the collection period is complete; and

updating the risk level for the object event upon update to a scan engine.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Scanning is disclosed. A system is monitored to detect object events. A risk level is determined for an object event, and a scan is scheduled for an object associated with the object event according to the risk level. The risk level may be based on the risk level of the object type, and on the risk level of the operation. An immediate on access scan may be scheduled for a first risk range, a differential scan may be scheduled for a second risk range, and an incremental scan may be scheduled for a third risk range. The scheduled scan is performed.

47 Citations

View as Search Results

19 Claims

1. A method for scanning objects in a system, comprising:
- monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object;
  
  determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object;
  
  scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels;
  
  performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period;
  
  performing additional scans of the object at the scan interval until the collection period is complete; and
  
  updating the risk level for the object event upon update to a scan engine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method as recited in claim 1, wherein determining the risk level comprises determining a risk level of an object type associated with the object.
  - 3. The method as recited in claim 2, wherein determining the risk level further comprises determining a risk level of the operation associated with the object event.
  - 4. The method as recited in claim 3, wherein the risk level comprises a risk of infection.
  - 5. The method as recited in claim 3, further comprising performing the scheduled scan.
  - 6. The method as recited in claim 5, wherein the scan further comprises an immediate on access scan if the risk level falls within a first risk range.
  - 7. The method as recited in claim 6, wherein the scan further comprises a first incremental scan if the risk level falls within a second risk range.
  - 8. The method as recited in claim 7, wherein the scan further comprises a second incremental scan if the risk level falls within a third risk range.
  - 9. The method as recited in claim 8, wherein the first risk range is higher than the second risk range.
  - 10. The method as recited in claim 9, wherein the second risk range is higher than the third risk range.
  - 11. The method as recited in claim 5, wherein the scan further comprises an incremental scan.
  - 12. The method as recited in claim 11, wherein scheduling the incremental scan comprises updating an incremental scan list with information regarding the object associated with the object event.
  - 13. The method as recited in claim 5, wherein scheduling the differential scan comprises updating a differential scan list with information regarding the object associated with the object event.
  - 14. The method as recited in claim 13, wherein scheduling the differential scan further comprises determining a scan collection period.
  - 15. The method as recited in claim 14, further comprising removing from the differential scan list information regarding objects associated with object events occurring prior to the scan collection period.
  - 16. The method as recited in claim 5, wherein the scan further comprises an incremental scan.
  - 17. The method as recited in claim 16, wherein scheduling the incremental scan comprises updating an incremental scan list with information regarding the object associated with the object event, and wherein scheduling the differential scan comprises updating a differential scan list with information regarding the object associated with the object event.

18. A system for scanning objects, comprising a storage device configured to store the objects, and a processor configured to:
- monitor the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object;
  
  determine a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object;
  
  scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels;
  
  performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period;
  
  performing additional scans of the object at the scan interval until the collection period is complete; and
  
  updating the risk level for the object event upon update to a scan engine.

19. A computer program product for scanning objects in a system, comprising a non-transitory computer usable medium having machine readable code embodied therein for:
- monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object;
  
  determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object;
  
  scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels;
  
  performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period;
  
  performing additional scans of the object at the scan interval until the collection period is complete; and
  
  updating the risk level for the object event upon update to a scan engine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Andruss, William, Claudatos, Christopher, Leetch, Bruce, Terwilliger, Steven
Primary Examiner(s)
ZECHER, CORDELIA P K

Application Number

US11/477,634
Time in Patent Office

2,512 Days
Field of Search

726/24, 726/25, 713/188, 713/113, 713/189
US Class Current

726/24
CPC Class Codes

G06F 16/122 using management policies b...

G06F 21/564 by virus signature recognition

Risk-aware scanning of objects

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

47 Citations

19 Claims

Specification

Use Cases

Quick Links

Others

Risk-aware scanning of objects

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

47 Citations

19 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others