Systems and methods for computer program update protection
First Claim
1. A computer-implemented method comprising:
- detecting, at a computing device that comprises at least one processor, an installation of a computer program onto the computing device;
in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch;
determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein;
the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended;
an administrator causes the predetermined classification to signify vulnerability;
in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device;
while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable;
upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure is directed to systems and methods for computer program update protection. In one example, a patch analysis is conducted for a computer program and a determination is made based on the patch analysis as to whether the computer program is vulnerable. Execution of the computer program is permitted if the computer program is determined not to be vulnerable. Execution of the computer program is prevented if the computer program is determined to be vulnerable. In certain embodiments, the computer program is updated if it is determined to be vulnerable. In certain embodiments, an occurrence of a trigger event associated with the computer program is detected and used to initiate the patch analysis, determination of vulnerability, and permitting or preventing of execution of the computer program.
47 Citations
19 Claims
-
1. A computer-implemented method comprising:
-
detecting, at a computing device that comprises at least one processor, an installation of a computer program onto the computing device; in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch; determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein; the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended; an administrator causes the predetermined classification to signify vulnerability; in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device; while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable; upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system comprising at least one processor configured to execute at least one module that is programmed to:
-
detect, at a computing device, an installation of a computer program onto the computing device; in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch; determine, based on the results of the patch analysis, that the computer program is vulnerable, wherein; the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended; an administrator causes the predetermined classification to signify vulnerability; in response to the determination that the computer program is vulnerable, block the computer program from executing on the computing device; while the computer program is blocked from executing on the computing device, iteratively identify and apply at least one applicable patch to the computer program until the computer program is no longer vulnerable; upon determining that the computer program is no longer vulnerable, allow the computer program to execute on the computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product embodied in at least one non-transitory computer readable medium and comprising computer instructions executable by at least one processor of at least one computing device to perform the functions of:
-
detecting, at the computing device, an installation of a computer program onto the computing device; in response to detecting the installation of the computer program, determining, by causing the computing device to automatically conduct a patch analysis for the computer program, that the computer program is missing at least one applicable patch; determining, based on the results of the patch analysis, that the computer program is vulnerable, wherein; the computer program is determined to be vulnerable based on the at least one applicable patch being associated with a predetermined classification that indicates that the applicable patch is at least one of critical, mandatory, and recommended; an administrator causes the predetermined classification to signify vulnerability; in response to the determination that the computer program is vulnerable, blocking the computer program from executing on the computing device; while the computer program is blocked from executing on the computing device, iteratively identifying and applying at least one applicable patch to the computer program until the computer program is no longer vulnerable; upon determining that the computer program is no longer vulnerable, allowing the computer program to execute on the computing device. - View Dependent Claims (16, 17, 18, 19)
-
Specification