Method and system for detecting and protecting against potential data loss from unknown applications
First Claim
Patent Images
1. A computer-implemented method, comprising:
- detecting, by a client computing device, that a local application has accessed a document on the client computing device;
determining that the document contains sensitive data according to one or more endpoint data loss prevention (DLP) polices;
determining that the local application and a type of the document is not included in a whitelist of the DLP policies;
presenting a notice to a user of the application that the application is subject to capture of visual data that presents privacy issues;
capturing visual data pertaining to one or more operations that the application performs on the document; and
sending the captured visual data to a server, wherein the server analyzes the captured visual data to determine if the captured visual data indicates at least one of a malicious or a suspicious activity occurred with respect to the document on the endpoint device.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method for detecting and protecting against potential data loss from unknown applications is described. In one embodiment, a method includes detecting, by a client computing device, that a local application has accessed a document on the client computing device, determining that the document contains sensitive data according to one or more endpoint data loss prevention (DLP) polices, determining that the local application and a type of the document is not included in a whitelist of the DLP policies, capturing visual data pertaining to one or more operations that the application performs on the document, and sending the captured visual data to a server.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
detecting, by a client computing device, that a local application has accessed a document on the client computing device; determining that the document contains sensitive data according to one or more endpoint data loss prevention (DLP) polices; determining that the local application and a type of the document is not included in a whitelist of the DLP policies; presenting a notice to a user of the application that the application is subject to capture of visual data that presents privacy issues; capturing visual data pertaining to one or more operations that the application performs on the document; and sending the captured visual data to a server, wherein the server analyzes the captured visual data to determine if the captured visual data indicates at least one of a malicious or a suspicious activity occurred with respect to the document on the endpoint device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An endpoint device, comprising:
-
a memory to store instructions for a data loss prevention (DLP) policy; and a processing device coupled with the memory, wherein the processing device is configured to; detect that a local application has accessed a document on the endpoint device; determine that the document contains sensitive data according to one or more endpoint data loss prevention (DLP) polices; determine that the local application and a type of the document is not included in a whitelist of the DLP policies; present a notice to a user of the application that the application may be subject to capture of visual data that presents privacy issues; capture visual data pertaining to one or more operations that the application performs on the document; and send the captured visual data to a server, wherein the server analyzes the captured visual data to determine if the captured visual data indicates at least one of a malicious or a suspicious activity occurred with respect to the document on the endpoint device. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer readable storage medium including instructions that, when executed by a processing device, cause the processing device to perform operations comprising:
-
receiving, by the processing device, data representing captured visual data pertaining to an application manipulating a sensitive document at a client computing device executing an endpoint data loss prevention (DLP) system, wherein the client computing device presents a notice to a user of the application that the application may be subject to capture of visual data that presents privacy issues; analyzing, by the processing device, the received captured visual data to determine whether at least one of suspicious or malicious activity occurred with respect to the sensitive document; updating, by the processing device, one or more DLP policies based on the results of the analysis; and deploying, by the processing device, the one or more updated DLP policies. - View Dependent Claims (17, 18, 19, 20)
-
Specification