Method and apparatus for securing a computer from malicious threats through generic remediation

US 8,549,626 B1
Filed: 03/20/2009
Issued: 10/01/2013
Est. Priority Date: 03/20/2009
Status: Active Grant

First Claim

Patent Images

1. A method for securing a computer from malicious threats through generic remediation, comprising:

processing, using at least one computer processor, at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique;

examining information regarding prior remediation of the at least one malicious threat by at least one computer, wherein the information regarding prior remediation comprises remediation information that indicates remediation techniques used by a plurality of computers for a plurality of malicious threats and a success level of the plurality of computers that previously applied at least one generic remediation technique for the plurality of malicious threats;

determining at least one generic remediation technique for the at least one malicious threat based at least in part on the information regarding prior remediation;

applying the at least one generic remediation technique; and

updating the information regarding prior remediation based at least in part on the at least one applied generic remediation technique.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for securing a computer from malicious threats through generic remediation is described. In one embodiment, the method for securing a computer from malicious threats through generic remediation includes processing at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique and examining information regarding prior remediation of the at least one malicious threat by at least one computer to determine at least one remediation technique for the at least one malicious threat.

43 Citations

View as Search Results

19 Claims

1. A method for securing a computer from malicious threats through generic remediation, comprising:
- processing, using at least one computer processor, at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique;
  
  examining information regarding prior remediation of the at least one malicious threat by at least one computer, wherein the information regarding prior remediation comprises remediation information that indicates remediation techniques used by a plurality of computers for a plurality of malicious threats and a success level of the plurality of computers that previously applied at least one generic remediation technique for the plurality of malicious threats;
  
  determining at least one generic remediation technique for the at least one malicious threat based at least in part on the information regarding prior remediation;
  
  applying the at least one generic remediation technique; and
  
  updating the information regarding prior remediation based at least in part on the at least one applied generic remediation technique.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the at least one generic remediation technique comprises rebooting the computer.
  - 3. The method of claim 1, wherein the at least one generic remediation technique comprises deleting at least one driver associated with the at least one malicious threat.
  - 4. The method of claim 1, wherein the at least one generic remediation technique comprises executing a security scan of file data to remove the at least one malicious threat.
  - 5. The method of claim 1, wherein processing the at least one malicious threat further comprises communicating a query that identifies the at least one malicious threat.
  - 6. The method of claim 5, wherein the query is compared with remediation information to access the information regarding prior remediation of the at least one malicious threat by the at least one computer.
  - 7. The method of claim 1 further comprising applying at least one generic remediation technique to the at least one malicious threat to produce an application result.
  - 8. The method of claim 7 further comprising communicating the application result to update remediation information regarding remediation techniques used by a plurality of computers for a plurality of malicious threats.
  - 9. The method of claim 1, wherein the information regarding prior remediation of the at least one malicious threat by the at least one computer indicates that a plurality of computers have not attempted to remediate the at least one malicious threat, wherein the at least malicious threat are unknown.
  - 10. The method of claim 1, wherein the information regarding prior remediation of the at least one malicious threat by the at least one computer indicates at least one successful remediation of the at least one malicious threat using at least one generic remediation technique.
  - 11. The method of claim 1, wherein the information regarding prior remediation of the at least one malicious threat by the at least one computer indicates at least one unsuccessful remediation of the at least one malicious threat using at least one generic remediation technique.

12. An apparatus for securing a computer from malicious threats through generic remediation, comprising:
- at least one computer processor communicatively coupled to memory, wherein the at least one computer processor is configured to;
  
  execute a manager configured to process at least one malicious threat to the computer, wherein the at least one malicious threat is not associated with a specific remediation technique;
  
  examine information regarding prior remediation of the at least one malicious threat by at least one computer, wherein the information regarding the prior remediation comprises remediation information that indicates remediation techniques used by a plurality of computers for a plurality of malicious threats and a success level of the plurality of computers that previously applied at least one generic remediation technique for the plurality of malicious threats; and
  
  determine at least one generic remediation technique for the at least one malicious threat based at least in part on the information regarding prior remediation;
  
  applying the at least one generic remediation technique; and
  
  updating the information regarding prior remediation based at least in part on the at least one applied generic remediation technique.
- View Dependent Claims (13, 14, 15)
- - 13. The apparatus of claim 12 further comprising security software for removing at least one driver associated with the at least one malicious threat from the computer in accordance with the at least one generic remediation technique.
  - 14. The apparatus of claim 12, wherein the at least one generic remediation technique comprises at least one of rebooting the computer, deleting at least one driver associated with the at least one malicious threat or executing a security scan of file data to remove the at least one malicious threat.
  - 15. The apparatus of claim 12, wherein processing the at least one malicious threat further comprises communicating a query that identifies the at least one malicious threat, wherein the query is compared with remediation information to access the information regarding prior remediation of the at least one malicious threat by the at least one computer.

16. A system for securing a computer from malicious threats through generic remediation, comprising:
- a client comprising;
  
  a manager for communicating a query that identifies at least one malicious threat not associated with a specific remediation technique, the manager configured to;
  
  examine information regarding prior remediation of the at least one malicious threat by at least one computer, wherein the information regarding the prior remediation comprises remediation information that indicates remediation techniques used by a plurality of computers for a plurality of malicious threats and a success level of the plurality of computers that previously applied at least one generic remediation technique for the plurality of malicious threats,determine at least one generic remediation technique for the at least one malicious threat based at least in part on the information regarding prior remediation, wherein information regarding prior remediation indicates a success level of the plurality of computers previously applied at least one generic remediation technique for the plurality of malicious threats,applying the at least one generic remediation technique, andupdating the information regarding prior remediation as needed based at least in part on the at least one applied generic remediation technique; and
  
  a server, coupled to the client, comprising;
  
  storage comprising the remediation information regarding remediation techniques used by a plurality of computers for a plurality of malicious threats, wherein the query is compared with remediation information to access the information regarding prior remediation of the at least one malicious threat by the at least one computer.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the remediation information is generated from application of the remediation techniques on the plurality of malicious threats by the plurality of computers.
  - 18. The system of claim 16, wherein the manager instructs security software to apply the at least one generic remediation technique to the at least one malicious threat to produce an application result, wherein the at least one generic remediation technique comprises at least one of rebooting the computer, deleting at least one driver associated with the at least one malicious threat or executing a security scan of file data to remove the at least one malicious threat.
  - 19. The system of claim 18, wherein the manager communicates the application result to update the remediation information.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Graf, Nicholas Robert, Glick, Adam Lyle, Smith, Spencer Dale
Primary Examiner(s)
Rao, Andy
Assistant Examiner(s)
ELAHI, SHAN E

Application Number

US12/407,903
Time in Patent Office

1,656 Days
Field of Search

726/25, 726/22
US Class Current

726/22
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/577   Assessing vulnerabilities a...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

Method and apparatus for securing a computer from malicious threats through generic remediation

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for securing a computer from malicious threats through generic remediation

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links