Restricting a processing system being compromised with a threat
First Claim
1. A computer-implemented method of restricting a client processing system being compromised by a threat, wherein the method comprises:
- receiving, by a processor of a computing device, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system;
determining whether the response data comprises an executable file;
upon determining that the response data does not comprise an executable file, analyzing the response data to determine whether the response data is indicative of a threat to the client processing system;
generating a wrapper of the analyzed response data, wherein the wrapper is indicative of scan data;
upon determining that the response data does comprise an executable file, using, in one or more emulated operating systems of the computing device, the response data;
monitoring, by the processor, behavior of the use of the data in the one or more emulated operating systems;
analyzing the monitored behavior of the use of the data in the one or more emulated operating systems to determine whether malicious behavior indicative of a threat is detected; and
in response to detecting a threat of the response data, restricting, by the processor, the client processing system being compromised with the threat of the response data, wherein restricting the client processing system comprises;
removing a portion of the response data which is associated with malicious activity; and
replacing the portion removed from the response data with a non-malicious portion.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system, computer readable medium of instructions and/or computer program product. The method comprises receiving, in a proxy server, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; using, in one or more emulated operating systems of the proxy server, the downloaded data; monitoring behavior of the use of the data in the one or more emulated operating systems; and in response to detecting malicious behavior indicative of a threat, restricting the client processing system being compromised with the threat of the response data.
-
Citations
17 Claims
-
1. A computer-implemented method of restricting a client processing system being compromised by a threat, wherein the method comprises:
-
receiving, by a processor of a computing device, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; determining whether the response data comprises an executable file; upon determining that the response data does not comprise an executable file, analyzing the response data to determine whether the response data is indicative of a threat to the client processing system; generating a wrapper of the analyzed response data, wherein the wrapper is indicative of scan data; upon determining that the response data does comprise an executable file, using, in one or more emulated operating systems of the computing device, the response data; monitoring, by the processor, behavior of the use of the data in the one or more emulated operating systems; analyzing the monitored behavior of the use of the data in the one or more emulated operating systems to determine whether malicious behavior indicative of a threat is detected; and in response to detecting a threat of the response data, restricting, by the processor, the client processing system being compromised with the threat of the response data, wherein restricting the client processing system comprises; removing a portion of the response data which is associated with malicious activity; and replacing the portion removed from the response data with a non-malicious portion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system to restrict a client processing system being compromised with a threat, wherein the system comprises:
-
a processor; memory in electronic communication with the processor; the processor configured to receive response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; the processor configured to determine whether the response data comprises an executable file; upon determining that the response data does not comprise an executable file, the processor configured to analyze the response data to determine whether the response data is indicative of a threat to the client processing system; the processor configured to generate a wrapper of the analyzed response data, wherein the wrapper is indicative of scan data; upon determining that the response data does comprise an executable file, an emulation module configured to use, in one or more emulated operating systems of the system, the response data; a monitor module configured to monitor behavior of the use of the data in the one or more emulated operating systems; the processor configured to analyze the monitored behavior of the use of the data in the one or more emulated operating systems to determine whether malicious behavior indicative of a threat is detected; and in response to detecting a threat of the response data, a modification module configured to restrict the client processing system being compromised with the threat of the response data, wherein restricting the client processing system comprises the modification module being configured to; remove a portion of the response data which is associated with malicious activity; and replace the portion removed from the response data with a non-malicious portion. - View Dependent Claims (14, 15, 16)
-
-
17. A computer program product comprising a non-transitory computer readable medium having a computer program recorded therein or thereon, the computer program enabling restriction of a client processing system being compromised by data downloaded from a remote processing system, wherein the computer program product configures the client processing system or a second processing system in data communication with the client processing system to:
-
receive, in a proxy server, response data from a remote processing system, according to a request from the client processing system to download data from the remote processing system; determine whether the response data comprises an executable file; upon determining that the response data does not comprise an executable file, analyze the response data to determine whether the response data is indicative of a threat to the client processing system; generate a wrapper of the analyzed response data, wherein the wrapper is indicative of scan data; upon determining that the response data does comprise an executable file, use, in one or more emulated operating systems of the proxy server, the response data; monitor behavior of the use of the data in the one or more emulated operating systems; analyze the monitored behavior of the use of the data in the one or more emulated operating systems to determine whether malicious behavior indicative of a threat is detected; and in response to detecting a threat of the response data, restrict the client processing system being compromised with the threat of the response data, wherein restricting the client processing system comprises; removing a portion of the response data which is associated with malicious activity; and replacing the portion removed from the response data with a non-malicious portion.
-
Specification