System and method of monitoring and controlling application files
First Claim
1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising:
- a first computer;
a database stored in the first computer including identification information for malicious and non-malicious software programs;
a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program;
a first client inventory module configured to access the database and determine whether the software program on the first computer is identified in the database;
a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load;
a first upload-download module associated with the first computer and configured to transmit information relating to the software program on the first computer if the software program is not identified in the database to a database factory, the information comprising at least the hash associated with the software program, wherein the information is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module;
a second computer;
a second upload-download module configured to receive the software program information relating to the software program and the classification of the software program from the database factory; and
a second client inventory module configured to receive and store the classification of the software program received from the database factory to the second computer.
23 Assignments
0 Petitions
Accused Products
Abstract
A system for identifying and notifying computers of malicious software programs over an Internet. The system includes a first client inventory module configured to scan a first computer so as to find an un-identified software program and to upload information associated with the un-identified software program; a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program; a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software programs from the database factory; and a second client inventory module in communication with the second upload-download module and configured to receive and store the information associated with the determined malicious software program to a second computer.
160 Citations
21 Claims
-
1. A system configured to protect a second computer from malicious software programs based at least partially on information collected from a first computer over an Internet, the system comprising:
-
a first computer; a database stored in the first computer including identification information for malicious and non-malicious software programs; a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program; a first client inventory module configured to access the database and determine whether the software program on the first computer is identified in the database; a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load; a first upload-download module associated with the first computer and configured to transmit information relating to the software program on the first computer if the software program is not identified in the database to a database factory, the information comprising at least the hash associated with the software program, wherein the information is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module; a second computer; a second upload-download module configured to receive the software program information relating to the software program and the classification of the software program from the database factory; and a second client inventory module configured to receive and store the classification of the software program received from the database factory to the second computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for identifying malicious software programs over an Internet, the system comprising:
-
a first execution launch detection module configured to detect a launch of a software program and to generate a hash associated with the software program; a first client inventory module configured to scan a database stored in a first computer to determine whether the software program is identified in the database, the database including identification information for malicious and non-malicious software programs, the first client inventory module uploading information associated with the un-identified software program; a workstation management module configured to apply a policy to the software program if the software program is identified in the database as non-malicious, the policy including one or more of limiting a user'"'"'s access to the software program based on a quota or a network load; a first upload-download module in communication with the first client inventory module and configured to upload information associated with the un-identified software program over the Internet to a database factory for determination of whether said software program is a malicious software program and producing information identifying the determined malicious software program, the information associated with the un-identified software program comprising at least the hash associated with the software program, wherein the information associated with the un-identified software program is at least partially created at the first computer, the first upload-download module being configured to receive software program information relating to the software program and a classification of the software program from the database factory, the classification being determined by an analysis of the information received from the first upload-download module; a second upload-download module in communication with the database factory and configured to receive information relating to the determined malicious software program and the classification of the software program from the database factory; and a second client inventory module in communication with the second upload-download module and configured to receive and store the classification of the software program received to a second computer. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
Specification