System and methods for control of applications using preliminary file filtering
First Claim
1. A method of application control using file filtering, comprising:
- intercepting, by a processor, an operation on a file performed by an application;
selecting at least a part of the file;
applying one or more file filters to the selected part of the file, wherein each of the one or more file filters comprises a bit mask including a sequence of bits;
determining a set of file characteristics based on outcomes of applying the one or more file filters by at least performing an AND operation between the selected part of the file and the bit mask, wherein the AND operation is performed on the selected part of the file and starting from an offset, wherein the offset is included in a file filter corresponding to the bit mask;
determining a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and
based on the decision, excluding the file from the further analysis by the client of the application control system or providing the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and computer program products for control of applications using preliminary file filtering. An example method includes intercepting, by a processor, an operation on a file performed by an application; selecting at least a part of the file; applying one or more file filters to the selected part of the file; determining a set of file characteristics based on outcomes of the file filters; determining a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and based on the decision, excluding the file from the further analysis by the client of the application control system or providing the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file.
19 Citations
15 Claims
-
1. A method of application control using file filtering, comprising:
-
intercepting, by a processor, an operation on a file performed by an application; selecting at least a part of the file; applying one or more file filters to the selected part of the file, wherein each of the one or more file filters comprises a bit mask including a sequence of bits; determining a set of file characteristics based on outcomes of applying the one or more file filters by at least performing an AND operation between the selected part of the file and the bit mask, wherein the AND operation is performed on the selected part of the file and starting from an offset, wherein the offset is included in a file filter corresponding to the bit mask; determining a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and based on the decision, excluding the file from the further analysis by the client of the application control system or providing the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system of application control using file filtering, comprising:
a hardware processor configured to; intercept an operation on a file performed by an application; select at least a part of the file; apply one or more file filters to the selected part of the file, wherein each of the one or more file filters comprises a bit mask including a sequence of bits; determine a set of file characteristics based on outcomes of applying the one or more file filters by at least performing an AND operation between the selected part of the file and the bit mask, wherein the AND operation is performed on the selected part of the file and starting from an offset, wherein the offset is included in a file filter corresponding to the bit mask; determine a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and based on the decision, exclude the file from the further analysis by the client of the application control system or provide the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file. - View Dependent Claims (7, 8, 9, 10)
-
11. A computer program product stored on a non-transitory computer-readable storage medium, the computer program product comprising computer-executable instructions for application control using file filtering, including instructions for:
-
intercepting an operation on a file performed by an application; identifying a selected part of the file; applying one or more file filters to the selected part of the file, wherein each of the one or more file filters comprises a bit mask including a sequence of bits; determining a set of file characteristics based on outcomes of applying the one or more file filters by at least performing an AND operation between the selected part of the file and the bit mask, wherein the AND operation is performed on the selected part of the file and starting from an offset, wherein the offset is included in a file filter corresponding to the bit mask; determining a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and based on the decision, excluding the file from the further analysis by the client of the application control system or providing the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file. - View Dependent Claims (12, 13, 14, 15)
-
Specification