Installer trust chain validation
First Claim
1. A computer-program product comprising a non-transitory computer readable storage medium containing computer program code comprising:
- an executable file installer trust chain validation application for determining whether a creator of a created executable file in a local filesystem is a trusted installer, wherein said determining comprises;
receiving an indication of suspicious behavior from a behavior blocking application resulting from execution of said created executable file; and
checking whether said created executable file is a trusted file, wherein said checking comprises determining that said creator is unsigned and determining that a location of said unsigned creator within said local filesystem indicates that said unsigned creator should be trusted,wherein upon a determination that said creator is said trusted installer, said executable file installer trust chain validation application further defines said created executable file as a trusted file.
3 Assignments
0 Petitions
Accused Products
Abstract
A determination is made as to whether a creator of a created executable file is a trusted installer, e.g., a digitally signed installer. Upon a determination that the creator is a trusted installer, the created executable file is defined as a trusted file. By bestowing the trust of a trusted installer to the executable files that the installer creates, suspicious behavior by the created executable files and associated processes, which otherwise would be blocked, is allowed. In this manner, false positives, e.g., blocking of legitimate behavior by the created executable file and associated process(es), are avoided.
-
Citations
16 Claims
-
1. A computer-program product comprising a non-transitory computer readable storage medium containing computer program code comprising:
-
an executable file installer trust chain validation application for determining whether a creator of a created executable file in a local filesystem is a trusted installer, wherein said determining comprises; receiving an indication of suspicious behavior from a behavior blocking application resulting from execution of said created executable file; and checking whether said created executable file is a trusted file, wherein said checking comprises determining that said creator is unsigned and determining that a location of said unsigned creator within said local filesystem indicates that said unsigned creator should be trusted, wherein upon a determination that said creator is said trusted installer, said executable file installer trust chain validation application further defines said created executable file as a trusted file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer system comprising:
-
a memory having stored therein an executable file installer trust chain validation application; and a processor coupled to said memory, wherein execution of said executable file installer trust chain validation application generates a method comprising; receiving an indication of suspicious behavior from a behavior blocking application resulting from execution of said created executable file; checking whether said created executable file is a trusted file, wherein said checking comprises determining whether a creator of a created executable file in a local filesystem is a trusted installer based on a determination that said creator is unsigned and a determination that a location of said unsigned creator within said local filesystem indicates that said unsigned creator should be trusted; and defining said created executable file as a trusted file upon a determination that said creator is said trusted installer.
-
-
15. A computer system comprising:
-
means for determining whether a creator of a created executable file in a local filesystem is a trusted installer, wherein said determining comprises; receiving an indication of suspicious behavior from a behavior blocking application resulting from execution of said created executable file; and checking whether said created executable file is a trusted file, wherein said checking comprises determining that said creator is unsigned and determining that a location of said unsigned creator within said local filesystem indicates that said unsigned creator should be trusted; and means for defining said created executable file as a trusted file upon a determination that said creator is said trusted installer.
-
-
16. A computer-program product comprising a tangible non-transitory computer readable medium containing computer program code comprising:
-
an executable file installer trust chain validation application for detecting suspicious behavior by a process and for determining whether a creator of a created executable file in a local filesystem is a trusted installer, wherein said determining comprises; receiving an indication of suspicious behavior from a behavior blocking application resulting from execution of said created executable file; and checking whether said created executable file is a trusted file, wherein said checking comprises determining that said creator is unsigned and determining that a location of said unsigned creator within said local filesystem indicates that said unsigned creator should be trusted, wherein upon a determination that said creator is said trusted installer, said executable file installer trust chain validation application further defines said created executable file as a trusted file, wherein said creator is an executable file, and wherein execution of said creator creates said created executable file, wherein said created executable file is bestowed trust of said trusted installer.
-
Specification