Risk-aware scanning of objects
First Claim
Patent Images
1. A method for scanning objects in a system, comprising:
- monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object;
determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object;
scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels;
performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period;
performing additional scans of the object at the scan interval until the collection period is complete; and
updating the risk level for the object event upon update to a scan engine.
9 Assignments
0 Petitions
Accused Products
Abstract
Scanning is disclosed. A system is monitored to detect object events. A risk level is determined for an object event, and a scan is scheduled for an object associated with the object event according to the risk level. The risk level may be based on the risk level of the object type, and on the risk level of the operation. An immediate on access scan may be scheduled for a first risk range, a differential scan may be scheduled for a second risk range, and an incremental scan may be scheduled for a third risk range. The scheduled scan is performed.
47 Citations
19 Claims
-
1. A method for scanning objects in a system, comprising:
-
monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object; determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object; scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels; performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period; performing additional scans of the object at the scan interval until the collection period is complete; and updating the risk level for the object event upon update to a scan engine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for scanning objects, comprising a storage device configured to store the objects, and a processor configured to:
-
monitor the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object; determine a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object; scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels; performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period; performing additional scans of the object at the scan interval until the collection period is complete; and updating the risk level for the object event upon update to a scan engine.
-
-
19. A computer program product for scanning objects in a system, comprising a non-transitory computer usable medium having machine readable code embodied therein for:
-
monitoring the system to detect an object event as the object event occurs, wherein the object event includes an operation performed on an object; determining a risk level for the object event, wherein determining a risk level includes using the nature of the object event to determine a risk level, wherein the risk level is determined based on the operation performed on the object, an object content, an object location, and a type of the object; scheduling a scan of the object associated with the object event according to the risk level, wherein the risk level falls within a risk range, wherein the risk range comprises one or more risk levels; performing the scheduled scan based on the risk range wherein the scheduled scan comprises a differential scan, wherein the differential scan has a scan interval that is a shorter interval than a collection period; performing additional scans of the object at the scan interval until the collection period is complete; and updating the risk level for the object event upon update to a scan engine.
-
Specification