System and method of monitoring and controlling application files

US 8,689,325 B2
Filed: 06/01/2005
Issued: 04/01/2014
Est. Priority Date: 03/14/2003
Status: Active Grant

First Claim

Patent Images

1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising:

a first computer;

a database stored in the first computer including identification information for malicious and non-malicious software programs;

a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;

a first client inventory module configured to access the database and determine whether the software program on the first computer is identified in the database;

a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load;

a first upload-download module associated with the first computer and configured to transmit information relating to the software program on the first computer if the software program is not identified in the database to a database factory, the information comprising at least the hash associated with the software program, wherein the information is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;

a second computer;

a second upload-download module configured to receive the software program information relating to the software program and the classification of the software program from the database factory; and

a second client inventory module configured to receive and store the classification of the software program received from the database factory to the second computer.

View all claims

23 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for identifying and notifying computers of malicious software programs over an Internet. The system includes a first client inventory module configured to scan a first computer so as to find an un-identified software program and to upload information associated with the un-identified software program; a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program; a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software programs from the database factory; and a second client inventory module in communication with the second upload-download module and configured to receive and store the information associated with the determined malicious software program to a second computer.

160 Citations

21 Claims

1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising:
- a first computer;
  
  a database stored in the first computer including identification information for malicious and non-malicious software programs;
  
  a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;
  
  a first client inventory module configured to access the database and determine whether the software program on the first computer is identified in the database;
  
  a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load;
  
  a first upload-download module associated with the first computer and configured to transmit information relating to the software program on the first computer if the software program is not identified in the database to a database factory, the information comprising at least the hash associated with the software program, wherein the information is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;
  
  a second computer;
  
  a second upload-download module configured to receive the software program information relating to the software program and the classification of the software program from the database factory; and
  
  a second client inventory module configured to receive and store the classification of the software program received from the database factory to the second computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein the software program is a spyware program.
  - 3. The system of claim 1, wherein the software program is an anti-virus program.
  - 4. The system of claim 1, wherein the software program is a hacking program.
  - 5. The system of claim 1, wherein the software program is a remote access program.
  - 6. The system of claim 1, wherein the second client inventory module is configured to identify software programs stored on the second computer and wherein if the second client inventory module identifies one or more malicious software programs stored on the second computer, then the second client inventory module is configured to disallow the identified one or more malicious software programs from running on the second computer.
  - 7. The system of claim 1, wherein if the second client inventory module identifies that one or more malicious software programs is stored on the second computer, then the second client inventory module is configured to notify a user of the second computer.
  - 8. The system of claim 1, wherein the database factory comprises:
    - an application analyst'"'"'s classification module configured to analyze the software program related to the information received from said first upload-download module if not previously analyzed by the database factory; and
      
      a master application database configured to store the information received from the first client inventory module.
  - 9. The system of claim 1 further comprising a third client inventory module configured to access a second database containing identification information for software programs so as to identify one or more software programs on a third computer, wherein the one or more software programs identified by the second client inventory module is identified by the first and third client inventory modules.
  - 10. The system of claim 9, wherein the database factory distributes information based at least in part upon a request frequency that is associated with the number of times that the database factory receives software program information relating to one or more software programs from the first and third client inventory modules.
  - 11. The system of claim 9, wherein the database factory merges and sorts information received from the first client inventory module with information received from the third client inventory module.
  - 12. The system of claim 1, further comprising an application server module, comprising:
    - an application server in communication with the first computer and also in communication with the database factory,wherein the first upload-download module is associated with the application server and is in communication with the first computer so as to deliver information between the first computer and the application server;
      
      wherein the second upload-download module is associated with the application server and is in communication with the database factory so as to deliver information between the database factory and the application server, andwherein the application server module couples the first computer with an Internet via connection devices.

13. A system for identifying malicious software programs over an Internet, the system comprising:
- a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;
  
  a first client inventory module configured to scan a database stored in a first computer to determine whether the software program is identified in the database, the database including identification information for malicious and non-malicious software programs, the first client inventory module uploading information associated with the un-identified software program;
  
  a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load;
  
  a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program, the information associated with the un-identified software program comprising at least the hash associated with the software program, wherein the information associated with the un-identified software program is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;
  
  a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software program and the classification of the software program from the database factory; and
  
  a second client inventory module in communication with the second upload-download module and configured to receive and store the classification of the software program received to a second computer.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The system of claim 13, wherein the software program is a spyware program.
  - 15. The system of claim 13, wherein the software program is an anti-virus program.
  - 16. The system of claim 13, wherein the second client inventory module is configured to scan the second computer, and wherein if the scanning of the second computer identifies that the software program is stored on the second computer, then the second client inventory module is configured to disallow the software program from running on the second computer.
  - 17. The system of claim 13, wherein the second client inventory module is configured to scan the second computer, and wherein if the scanning of the second computer identifies that the software program is stored on the second computer, then the second client inventory module is configured to notify a user of the second computer.
  - 18. The system of claim 13 further comprising a third client inventory module configured to access a database so as to identify a second malicious software program, wherein the second malicious software program scanned for by the second client inventory module is identified by the first and third client inventory modules.
  - 19. The system of claim 18, wherein the database factory distributes information at least in part upon a request frequency that is associated with the number of times that the database factory receives software program information relating to the second malicious software program from the first and third client inventory modules.
  - 20. The system of claim 18, wherein the database factory merges and sorts the information relating to the second malicious software program received from the first client inventory module with information relating to the second malicious software program received from the third client inventory module.
  - 21. The system of claim 13, further comprising an application server module, comprising:
    - an application server in communication with the first computer and also in communication with the database factory,wherein the first upload-download module is associated with the application server and is in communication with the first computer so as to deliver information between the first computer and the application server;
      
      wherein the second upload-download module is associated with the application server and is in communication with the database factory so as to deliver information between the database factory and the application server, andwherein the application server module couples the first computer with an Internet via connection devices.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Forcepoint LLC
Original Assignee
Forcepoint LLC
Inventors
Kester, Harold M., Hegli, Ronald B., Dimm, John Ross, Anderson, Mark Richard
Primary Examiner(s)
Vaughan, Michael R

Application Number

US11/146,318
Publication Number

US 20060004636A1
Time in Patent Office

3,226 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/6218   to a system of files or obj...

G06Q 20/203   Inventory monitoring

H04L 63/0428   wherein the data content is...

H04L 63/20   for managing network securi...

Y10S 707/99931   Database or file accessing

Y10S 707/99943   Generating database or data...

Y10S 707/99945   Object-oriented database st...

System and method of monitoring and controlling application files

First Claim

23 Assignments

0 Petitions

Accused Products

Abstract

160 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and method of monitoring and controlling application files

First Claim

23 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

160 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others