System and method for selectively grouping and managing program files
First Claim
1. A method, comprising:
- determining a plurality of frequency ranges, wherein a particular frequency range corresponds to a proper subset of a plurality of program files, wherein the plurality of program files is associated with a greylist of program files, wherein the proper subset of the plurality of program files is associated with one or more hosts of a plurality of hosts in a network environment, wherein each of the one or more hosts includes at least one occurrence of at least one program file of the proper subset, and wherein the particular frequency range indicates a prevalence of each program file of the proper subset across the plurality of hosts;
receiving an indication that the particular frequency range corresponding to the proper subset is selected;
identifying a plurality of first groupings of the proper subset in response to receiving the indication that the particular frequency range corresponding to the proper subset is selected, wherein a particular first grouping of the plurality of first groupings includes one or more program files of the proper subset based on a value of a primary attribute of the one or more program files included in the particular first grouping;
generating a set of first counts corresponding, respectively, to the plurality of first groupings, wherein a particular first count represents an aggregate amount of program files in the particular first grouping;
receiving an indication that the particular first grouping is selected; and
receiving an indication that an action is selected by a user via a user interface, wherein the action includes blocking execution of at least one program file identified in the particular first grouping, or quarantining the at least one program file identified in the particular first grouping, wherein, if the particular first grouping and the action are selected, the action is performed on the at least one program file identified in the particular first grouping.
10 Assignments
0 Petitions
Accused Products
Abstract
A method in one embodiment includes determining a frequency range corresponding to a subset of a plurality of program files on a plurality of hosts in a network environment. The method also includes generating a first set of counts including a first count that represents an aggregate amount of program files in a first grouping of one or more program files of the subset, where each of the one or more program files of the first grouping includes a first value of a primary attribute. In specific embodiments, each program file is unknown. In further embodiments, the primary attribute is one of a plurality of file attributes provided in file metadata. Other specific embodiments include either blocking or allowing execution of each of the program files of the first grouping. More specific embodiments include determining a unique identifier corresponding to at least one program file of the first grouping.
279 Citations
16 Claims
-
1. A method, comprising:
-
determining a plurality of frequency ranges, wherein a particular frequency range corresponds to a proper subset of a plurality of program files, wherein the plurality of program files is associated with a greylist of program files, wherein the proper subset of the plurality of program files is associated with one or more hosts of a plurality of hosts in a network environment, wherein each of the one or more hosts includes at least one occurrence of at least one program file of the proper subset, and wherein the particular frequency range indicates a prevalence of each program file of the proper subset across the plurality of hosts; receiving an indication that the particular frequency range corresponding to the proper subset is selected; identifying a plurality of first groupings of the proper subset in response to receiving the indication that the particular frequency range corresponding to the proper subset is selected, wherein a particular first grouping of the plurality of first groupings includes one or more program files of the proper subset based on a value of a primary attribute of the one or more program files included in the particular first grouping; generating a set of first counts corresponding, respectively, to the plurality of first groupings, wherein a particular first count represents an aggregate amount of program files in the particular first grouping; receiving an indication that the particular first grouping is selected; and receiving an indication that an action is selected by a user via a user interface, wherein the action includes blocking execution of at least one program file identified in the particular first grouping, or quarantining the at least one program file identified in the particular first grouping, wherein, if the particular first grouping and the action are selected, the action is performed on the at least one program file identified in the particular first grouping. - View Dependent Claims (2, 3, 4)
-
-
5. An apparatus, comprising:
-
a program file grouping module; a memory element for storing a program file inventory of a plurality of program files associated with a plurality of hosts in a network environment; and a processor operable to execute instructions associated with the program file grouping module and the memory element, including; determining a plurality of frequency ranges, wherein a particular frequency range corresponds to a proper subset of the plurality of program files, wherein the plurality of program files is associated with a greylist of program files, wherein the proper subset of the plurality of program files is associated with one or more hosts of the plurality of hosts, wherein each of the one or more hosts includes at least one occurrence of at least one program file of the proper subset, and wherein the particular frequency range indicates a prevalence of each program file of the proper subset across the plurality of hosts; receiving an indication that the particular frequency range corresponding to the proper subset is selected; identifying a plurality of first groupings of the proper subset in response to receiving the indication that the particular frequency range corresponding to the proper subset is selected, wherein a particular first grouping of the plurality of first groupings includes one or more program files of the proper subset based on a value of a primary attribute of the one or more program files included in the particular first grouping; generating a set of first counts corresponding, respectively, to the plurality of first groupings, wherein a particular first count represents an aggregate amount of program files of the particular first grouping; receiving an indication that the particular first grouping is selected; and receiving an indication that an action is selected by a user via a user interface, wherein the action includes blocking execution of at least one program file identified in the particular first grouping, or quarantining the at least one program file identified in the particular first grouping, wherein, if the particular first grouping and the action are selected, the action is performed on the at least one program file identified in the particular first grouping. - View Dependent Claims (6, 7, 8)
-
-
9. One or more non-transitory media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
determining a plurality of frequency ranges, wherein a particular frequency range corresponds to a proper subset of a plurality of program files, wherein the plurality of program files is associated with a greylist of program files, wherein the proper subset of the plurality of program files is associated with one or more hosts of a plurality of hosts in a network environment, wherein each of the one or more hosts includes at least one occurrence of at least one program file of the proper subset, and wherein the particular frequency range indicates a prevalence of each program file of the proper subset across the plurality of hosts; receiving an indication that the particular frequency range corresponding to the proper subset is selected; identifying a plurality of first groupings of the proper subset in response to receiving the indication that the particular frequency range corresponding to the proper subset is selected, wherein a particular first grouping of the plurality of first groupings includes one or more program files of the proper subset based on a value of a primary attribute of the one or more program files included in the particular first grouping; generating a set of first counts corresponding, respectively, to the plurality of first groupings, wherein a particular first count represents an aggregate amount of program files in the particular first grouping; receiving an indication that the particular first grouping is selected; and receiving an indication that an action is selected by a user via a user interface, wherein the action includes blocking execution of at least one program file identified in the particular first grouping, or quarantining the at least one program file identified in the particular first grouping, wherein, if the particular first grouping and the action are selected, the action is performed on the at least one program file identified in the particular first grouping. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
Specification