Systems and methods for protecting networks from infected computing devices
First Claim
1. A computer-implemented method for protecting networks from infected computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- providing a computing system with a first level of access to a network, the computing system being managed by an endpoint management system that controls the computing system'"'"'s access to the network;
determining that the computing system is infected with malware by performing one of;
detecting diminished system performance without detecting explicit evidence of malware;
detecting explicit evidence of malware;
determining that the computing system cannot autonomously neutralize the malware at least in part by;
periodically checking, by the endpoint management system, a flag to determine whether the computing system is infected with malware;
executing software by the computing device in an attempt to autonomously neutralize the malware;
setting the flag by the computing device indicating that the attempt by the software to autonomously neutralize the malware failed;
reading the flag by the endpoint management system and determining that the flag is set;
in response to the determining that the computing system cannot autonomously neutralize the malware, modifying by the endpoint management system a network access control policy to alter the computing system'"'"'s first level of access to the network to a second level of access to the network, the second level providing more limited access to the network than the first level.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for protecting networks from infected computing devices may include providing a computing system with a first level of access to a network. The method may also include determining that the computing system is infected with malware. The method may further include determining that the computing system cannot autonomously neutralize the malware. The method may additionally include modifying by an endpoint management system a network access control policy that controls network access of the first computing system. Various other methods, systems, and computer-readable media are also disclosed.
119 Citations
20 Claims
-
1. A computer-implemented method for protecting networks from infected computing devices, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
providing a computing system with a first level of access to a network, the computing system being managed by an endpoint management system that controls the computing system'"'"'s access to the network; determining that the computing system is infected with malware by performing one of; detecting diminished system performance without detecting explicit evidence of malware; detecting explicit evidence of malware; determining that the computing system cannot autonomously neutralize the malware at least in part by; periodically checking, by the endpoint management system, a flag to determine whether the computing system is infected with malware; executing software by the computing device in an attempt to autonomously neutralize the malware; setting the flag by the computing device indicating that the attempt by the software to autonomously neutralize the malware failed; reading the flag by the endpoint management system and determining that the flag is set; in response to the determining that the computing system cannot autonomously neutralize the malware, modifying by the endpoint management system a network access control policy to alter the computing system'"'"'s first level of access to the network to a second level of access to the network, the second level providing more limited access to the network than the first level. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system for protecting networks from infected computing devices, the system comprising:
-
an access control module programmed to provide a computing system with a first level of access to a network, the computing system being managed by an endpoint management system that controls the computing system'"'"'s access to the network; a determining module programmed to determine; that the computing system is infected with malware by performing one of; detecting diminished system performance without detecting explicit evidence of malware; detecting explicit evidence of malware; that the computing system cannot autonomously neutralize the malware at least in part by; periodically checking, by the endpoint management system, a flag to determine whether the computing system is infected with malware; executing software by a computing device in an attempt to autonomously neutralize the malware; setting the flag by the computing device indicating that the attempt by the software to autonomously neutralize the malware failed; reading the flag by the endpoint management system and determining that the flag is set; wherein the access control module is further programmed to, in response to the determining that the computing system cannot autonomously neutralize the malware, modify a network access control policy to alter the computing system'"'"'s first level of access to the network to a second level of access to the network, the second level providing more limited access to the network than the first level; a physical processor configured to execute at least one of the access control module and the determining module. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
provide a computing system with a first level of access to a network, the computing system being managed by an endpoint management system that controls the computing system'"'"'s access to the network; determine that the computing system is infected with malware by performing one of; detecting diminished system performance without detecting explicit evidence of malware; detecting explicit evidence of malware; determine that the computing system cannot autonomously neutralize the malware at least in part by; periodically checking, by the endpoint management system, a flag to determine whether the computing system is infected with malware; executing software by the computing device in an attempt to autonomously neutralize the malware; setting the flag by the computing device indicating that the attempt by the software to autonomously neutralize the malware failed; reading the flag by the endpoint management system and determining that the flag is set; in response to the determining that the computing system cannot autonomously neutralize the malware, modify by the endpoint management system a network access control policy to alter the computing system'"'"'s first level of access to the network to a second level of access to the network, the second level providing more limited access to the network than the first level.
-
Specification