Systems and methods for reporting security vulnerabilities
First Claim
1. A computer-implemented method for reporting security vulnerabilities, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
- detecting that a malware application is present on an endpoint computing system;
determining a window of time during which the malware application was present in a specified condition on the endpoint computing system;
logging a list of sensitive data items accessed during the window of time;
performing a security action to report the list of sensitive data items based on a determination that both;
a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item;
the malware application was accessed during the window of time.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for reporting security vulnerabilities may include (1) detecting that a malware application is present on an endpoint computing system, (2) determining a window of time during which the malware application was present in a specified condition on the endpoint computing system, (3) logging a list of sensitive data items accessed during the window of time, and (4) conditioning performance of a security action to report the list of sensitive data items on a determination that both (A) a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item and (B) the malware application was accessed during the window of time. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for reporting security vulnerabilities, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
-
detecting that a malware application is present on an endpoint computing system; determining a window of time during which the malware application was present in a specified condition on the endpoint computing system; logging a list of sensitive data items accessed during the window of time; performing a security action to report the list of sensitive data items based on a determination that both; a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item; the malware application was accessed during the window of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system for reporting security vulnerabilities, the system comprising:
-
a detection module, stored in memory, that detects that a malware application is present on an endpoint computing system; a determination module, stored in memory, that determines a window of time during which the malware application was present in a specified condition on the endpoint computing system; a logging module, stored in memory, that logs a list of sensitive data items accessed during the window of time; a conditioning module, stored in memory, that performs a security action to report the list of sensitive data items based on a determination that both; a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item; the malware application was accessed during the window of time; at least one physical processor configured to execute the detection module, the determination module, the logging module, and the conditioning module. - View Dependent Claims (17, 18, 19)
-
-
20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
detect that a malware application is present on an endpoint computing system; determine a window of time during which the malware application was present in a specified condition on the endpoint computing system; log a list of sensitive data items accessed during the window of time; performs a security action to report the list of sensitive data items based on a determination that both; a length of the window of time is longer than a security threshold length and is indicative of the malware application being located on the endpoint computing system long enough to potentially compromise a sensitive data item; the malware application was accessed during the window of time.
-
Specification