System and method of limiting the operation of trusted applications in presence of suspicious programs
First Claim
1. A method for limiting the operation of trusted applications in presence of suspicious programs, the method comprising:
- identifying, by a hardware processor, one or more trusted applications installed on a computer;
collecting, by the hardware processor, data relating to the identified one or more trusted applications and to programs installed on the computer;
detecting, based at least partially on the collected data, one or more suspicious programs using suspicious program detection rules indicating that the one or more suspicious programs can access protected information of a given trusted application of the identified one or more trusted applications without authorization;
upon detecting at least one suspicious program, temporarily limiting an operation of the given trusted application;
producing, based on both the data relating to the identified one or more trusted applications and data relating to the detected at least one suspicious program, a list of actions to remove or terminate the at least one suspicious program from the computer; and
removing limitation of the operation of the given trusted application after the list of actions are performed to remove or terminate the at least one suspicious program from the computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Disclosed are systems and methods for limiting the operation of trusted applications in presence of suspicious programs. An example method includes: identifying one or more trusted applications installed on a computer; collecting data about applications and programs installed on the computer; checking for the presence of one or more suspicious programs using suspicious program detection rules, wherein a program is considered to be suspicious when it can access protected information of a trusted application without authorization; and when at least one suspicious program is found, limiting the operation of the trusted application until the suspicious program is terminated or removed from the computer.
67 Citations
20 Claims
-
1. A method for limiting the operation of trusted applications in presence of suspicious programs, the method comprising:
-
identifying, by a hardware processor, one or more trusted applications installed on a computer; collecting, by the hardware processor, data relating to the identified one or more trusted applications and to programs installed on the computer; detecting, based at least partially on the collected data, one or more suspicious programs using suspicious program detection rules indicating that the one or more suspicious programs can access protected information of a given trusted application of the identified one or more trusted applications without authorization; upon detecting at least one suspicious program, temporarily limiting an operation of the given trusted application; producing, based on both the data relating to the identified one or more trusted applications and data relating to the detected at least one suspicious program, a list of actions to remove or terminate the at least one suspicious program from the computer; and removing limitation of the operation of the given trusted application after the list of actions are performed to remove or terminate the at least one suspicious program from the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for limiting the operation of trusted applications in presence of suspicious programs, the system comprising:
-
a memory storing a plurality of software applications and program; and a hardware processor coupled to the memory and configured to; identify one or more trusted applications in the memory; collect data relating to the identified one or more trusted applications and to the programs; detect, based at least partially on the collected data, one or more suspicious programs using suspicious program detection rules indicating that the one or more suspicious programs can access protected information of a given trusted application of the identified one or more trusted applications without authorization; upon detecting at least one suspicious program, temporarily limit an operation of the given trusted application; produce, based on both the data relating to the identified one or more trusted applications and data relating to the detected at least one suspicious program, a list of actions to remove or terminate the at least one suspicious program from the computer; and remove limitation of the operation of the given trusted application after the list of actions are performed to remove or terminate the at least one suspicious program from the computer. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product, stored on a non-transitory computer readable medium, wherein the computer program product includes computer executable instructions for limiting the operation of trusted applications in presence of suspicious programs, including instructions for:
-
identifying one or more trusted applications installed on a computer; collecting, by the hardware processor, data relating to the identified one or more trusted applications and to programs installed on the computer; detecting, based at least partially on the collected data, one or more suspicious programs using suspicious program detection rules indicating that the one or more suspicious programs can access protected information of a given trusted application of the identified one or more trusted applications without authorization; upon detecting at least one suspicious program, temporarily limiting an operation of the given trusted application; producing, based on both the data relating to the identified one or more trusted applications and data relating to the detected at least one suspicious program, a list of actions to remove or terminate the at least one suspicious program from the computer; and removing limitation of the operation of the given trusted application after the list of actions are performed to remove or terminate the at least one suspicious program from the computer. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification