System, method and computer program product for identifying unwanted code associated with network communications
First Claim
Patent Images
1. A method performed by at least one computer, comprising:
- identifying a network communication that includes computer code;
comparing the computer code to a plurality of trusted codes, wherein a state associated with the computer code is stored such that if the computer code were disabled through a changing of references to registry locations, the computer code can be re-enabled utilizing the state, which was stored;
comparing content within the network communication to a plurality of stored network communication content known to be initiated by unwanted code when the comparing of the computer code to the plurality of trusted codes indicates that the computer code does not match one of the plurality of trusted codes; and
determining, utilizing a firewall, whether the network communication is initiated by a process associated with unwanted code based upon the comparison of the content within the network communication to the plurality of stored network communication content.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided including identifying a network communication and determining whether the network communication is initiated by a process associated with unwanted code. As an option, a firewall may identify the network communication and computer code may determine whether the network communication is initiated by a process associated with unwanted code. As an option, in one embodiment, a method may be provided whereby unwanted code identified by network communication may be quarantined and/or the process associated with the unwanted code may be terminated.
-
Citations
18 Claims
-
1. A method performed by at least one computer, comprising:
-
identifying a network communication that includes computer code; comparing the computer code to a plurality of trusted codes, wherein a state associated with the computer code is stored such that if the computer code were disabled through a changing of references to registry locations, the computer code can be re-enabled utilizing the state, which was stored; comparing content within the network communication to a plurality of stored network communication content known to be initiated by unwanted code when the comparing of the computer code to the plurality of trusted codes indicates that the computer code does not match one of the plurality of trusted codes; and determining, utilizing a firewall, whether the network communication is initiated by a process associated with unwanted code based upon the comparison of the content within the network communication to the plurality of stored network communication content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
-
identifying a network communication that includes computer code; comparing the computer code to a plurality of trusted codes, wherein a state associated with the computer code is stored such that if the computer code were disabled through a changing of references to registry locations, the computer code can be re-enabled utilizing the state, which was stored; comparing content within the network communication to a plurality of stored network communication content known to be initiated by unwanted code when the comparing of the computer code to the plurality of trusted codes indicates that the computer code does not match one of the plurality of trusted codes; and determining, utilizing a firewall, whether the network communication is initiated by a process associated with unwanted code based upon the comparison of the content within the network communication to the plurality of stored network communication content.
-
-
18. A system, comprising:
a firewall that includes a processor, the system being configured for; identifying a network communication that includes computer code; comparing the computer code to a plurality of trusted codes, wherein a state associated with the computer code is stored such that if the computer code were disabled through a changing of references to registry locations, the computer code can be re-enabled utilizing the state, which was stored; comparing content within the network communication to a plurality of stored network communication content known to be initiated by unwanted code when the comparing of the computer code to the plurality of trusted codes indicates that the computer code does not match one of the plurality of trusted codes; and determining, utilizing a firewall, whether the network communication is initiated by a process associated with unwanted code based upon the comparison of the content within the network communication to the plurality of stored network communication content.
Specification