Remedial action against malicious code at a client facility

US 9,112,899 B2
Filed: 04/29/2014
Issued: 08/18/2015
Est. Priority Date: 03/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method for externally initiating remediation against malicious code executing undetected on a client, the method comprising:

originating a request for an interaction with a network site by a client computing facility;

determining by the client computing facility that the interaction is unacceptable based on an acceptance policy for an enterprise;

denying access to the network site by the client computing facility;

receiving, by the client computing facility, an information file from a gateway facility to the enterprise including information relating to the requested interaction with the network site, wherein the information indicates that the interaction was requested;

interpreting, by the client computing facility, in response to receipt of the information file, the information relating to the requested interaction;

determining, by the client computing facility, whether the requested interaction was the result of an automatically generated request by malicious code; and

taking, by the client computing facility, remedial action in the event that the attempted interaction was the result of the automatically generated request by malicious code.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of this invention may relate to a malicious application remedial action request application where a network site interaction may be requested from a client computing facility; the network site interaction from the client computing facility may be determined to be unacceptable based on an acceptance policy at a gateway facility; access to the network site from the client computing facility may be denied; information relating to the attempted interaction with the network site may be sent from the gateway facility to the client computing facility, wherein the information may indicate that the attempted interaction occurred; and the client computing facility may interpret the information relating to the attempted interaction, determine whether the attempted interaction was the result of an automatically generated request, and take remedial action in the event that the attempted interaction was the result of the automatically generated request.

30 Citations

View as Search Results

18 Claims

1. A method for externally initiating remediation against malicious code executing undetected on a client, the method comprising:
- originating a request for an interaction with a network site by a client computing facility;
  
  determining by the client computing facility that the interaction is unacceptable based on an acceptance policy for an enterprise;
  
  denying access to the network site by the client computing facility;
  
  receiving, by the client computing facility, an information file from a gateway facility to the enterprise including information relating to the requested interaction with the network site, wherein the information indicates that the interaction was requested;
  
  interpreting, by the client computing facility, in response to receipt of the information file, the information relating to the requested interaction;
  
  determining, by the client computing facility, whether the requested interaction was the result of an automatically generated request by malicious code; and
  
  taking, by the client computing facility, remedial action in the event that the attempted interaction was the result of the automatically generated request by malicious code.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein the acceptance policy includes at least one of an unacceptable network site database, an acceptable network site database, or a network site reputation database.
  - 3. The method of claim 1, wherein the acceptance policy is based on at least one of a block list or an acceptance list.
  - 4. The method of claim 1, wherein the acceptance policy includes a rule evaluation of the requested interaction acceptability.
  - 5. The method of claim 1, wherein the interaction is an access request to a network system.
  - 6. The method of claim 1, wherein the information is stored on the client computing facility.
  - 7. The method of claim 6, wherein the stored information is parsed by a client computer facility malicious code analysis application using a virus identity file (IDE).
  - 8. The method of claim 7, wherein the IDE parsed information is used to determine an appropriate action by the client computing facility.
  - 9. The method of claim 1, wherein the remedial action taken by the client computing facility is a result of a client computer facility resident malicious code detection application accessing information using IDE information.
  - 10. The method of claim 1, wherein the information includes data adapted to be interpreted by the client computing facility.
  - 11. The method of claim 1, wherein the information includes at least one command to be executed by the client computing facility.
  - 12. The method of claim 11, wherein the command is to isolate the client computing facility.
  - 13. The method of claim 1, wherein the remedial action includes scanning the client computing facility for malware.
  - 14. The method of claim 1, wherein the remedial action includes any action determined by a client computer facility malicious code analysis application interacting with an IDE and the information.
  - 15. The method of claim 1, wherein the client computing facility is part of a computer network facility.
  - 16. The method of claim 1, further comprising sending an access approval request from the client computing facility to an acceptance policy facility indicating that the requested interaction was user initiated and requesting a policy change to allow the user initiated interaction.
  - 17. The method of claim 10, further comprising allowing at least temporary interaction from the client computing facility through the acceptance policy facility based on the requested policy change.

18. A computer program product for externally initiating remediation against malicious code executing undetected on a client, the computer program product embodied in a non-transitory computer readable medium that, when executing on one or more computers, performs the steps of:
- originating a request for an interaction with a network site at a client computing facility;
  
  determining at the client computing facility that the interaction is unacceptable based on an acceptance policy for an enterprise;
  
  denying access to the network site from the client computing facility;
  
  receiving an information file from a gateway facility to the enterprise at the client computing facility including information relating to the requested interaction with the network site, wherein the information indicates that the interaction was requested; and
  
  causing the client computing facility, in response to receipt of the information file, to interpret the information relating to the requested interaction, to determine whether the requested interaction was the result of an automatically generated request by malicious code, and to take remedial action in the event that the attempted interaction was the result of the automatically generated request by malicious code.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sophos Limited (Sophos Group Ltd.)
Original Assignee
Sophos Limited (Sophos Group Ltd.)
Inventors
Baccas, Paul, Howard, Fraser, Svajcer, Vanja
Primary Examiner(s)
Kim, Tae
Assistant Examiner(s)
TENG, LOUIS C

Application Number

US14/264,148
Publication Number

US 20140237542A1
Time in Patent Office

476 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/56   Computer malware detection ...

H04L 63/1441   Countermeasures against mal...

H04L 63/20   for managing network securi...

H04L 67/56   Provisioning of proxy servi...

H04L 67/564   Enhancement of application ...

Remedial action against malicious code at a client facility

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

30 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

Remedial action against malicious code at a client facility

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

30 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others