System and method for resolving conflicts between application control rules

US 9,432,406 B2
Filed: 03/31/2015
Issued: 08/30/2016
Est. Priority Date: 06/28/2013
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for configuring application control rules, comprising:

installing security software on a plurality of computing devices in a network, wherein the security software is configured to control execution of applications on the computing devices using a plurality of application control rules, each computing device being associated with one or more user accounts, each user account having a first unique identifier, and each application having a second unique identifier;

during launching of at least one application on at least one of the plurality of computing devices for testing a new application control rule, transmitting, by the security software from each of the plurality of computing devices in the network, to an administrative server, information relating to one or more user account records and software applications deployed on each computing device for the identification and resolution of conflicts between the new application control rule and one or more existing application control rules, wherein the one or more existing application control rules comprise information linking at least one or more applications each having the second unique identifier with each user account having the first unique identifier, and the conflict is resolved by assigning different priorities to the conflicting rules;

based at least upon the second unique identifier corresponding to the at least one application launched, receiving from the administrative server, by the security software on the at least one of the plurality of computing devices, an application control rule reconfigured with a lower or higher priority than one or more conflicting application control rules to eliminate a conflict between the new application control rule and the one or more existing application control rules; and

applying, by the security software, the one or more application control rules to the applications on the computing devices based on the priorities of said application control rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods and computer program products for configuring application control rules. An example method includes, in response to testing a new application control rule, transmitting, from each of a plurality of computing devices in a network, information relating to software applications deployed on each computing device and one or more application control rules including the new application control rule associated with the software applications, each of the one or more application control rules having a priority, the collected information identifying at least one conflict between at least one application control rule and the new application control rule in executing one of the software applications; and receiving, by at least one of the plurality of computing devices, the new application control rule reconfigured with a lower priority to eliminate the at least one conflict.

17 Citations

20 Claims

1. A computer-implemented method for configuring application control rules, comprising:
- installing security software on a plurality of computing devices in a network, wherein the security software is configured to control execution of applications on the computing devices using a plurality of application control rules, each computing device being associated with one or more user accounts, each user account having a first unique identifier, and each application having a second unique identifier;
  
  during launching of at least one application on at least one of the plurality of computing devices for testing a new application control rule, transmitting, by the security software from each of the plurality of computing devices in the network, to an administrative server, information relating to one or more user account records and software applications deployed on each computing device for the identification and resolution of conflicts between the new application control rule and one or more existing application control rules, wherein the one or more existing application control rules comprise information linking at least one or more applications each having the second unique identifier with each user account having the first unique identifier, and the conflict is resolved by assigning different priorities to the conflicting rules;
  
  based at least upon the second unique identifier corresponding to the at least one application launched, receiving from the administrative server, by the security software on the at least one of the plurality of computing devices, an application control rule reconfigured with a lower or higher priority than one or more conflicting application control rules to eliminate a conflict between the new application control rule and the one or more existing application control rules; and
  
  applying, by the security software, the one or more application control rules to the applications on the computing devices based on the priorities of said application control rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the information relating to software applications deployed on each computing device comprises application version information, unique application identifiers, digital signatures of each application, application manufacturer information, application metadata, and application installation information.
  - 3. The method of claim 1, wherein the information is associated with an identifier uniquely identifying each computing device in the network.
  - 4. The method of claim 1, wherein each computing device transmits the information to test the one or more application control rules in response to a request, or on a periodic basis.
  - 5. The method of claim 1, further comprising transmitting, from each computing device, information relating to hardware configuration and the software applications deployed on each computing device upon launching each of the software application on each computing device.
  - 6. The method of claim 1, wherein each of the one or more application control rules indicates metadata and a unique identifier of each application, a defined category of each application, a user identifier associated with each application, and a verdict of a type of restriction of each application.
  - 7. The method of claim 6, wherein the type of restriction of each application indicates at least one of a direct blocking upon launching, a blocking of applications of a same category, or a blocking of a portion of an application function.

8. A system for configuring application control rules, the system comprising:
- a hardware processor configured to;
  
  install security software on a plurality of computing devices in a network, wherein the security software is configured to control execution of applications on the computing devices using a plurality of application control rules, each computing device being associated with one or more user accounts, each user account having a first unique identifier, and each application having a second unique identifier;
  
  during launching of at least one application on at least one of the plurality of computing devices for testing a new application control rule, transmit, by the security software from each of the plurality of computing devices in the network, to an administrative server, information relating to one or more user account records and software applications deployed on each computing device for the identification and resolution of conflicts between the new application control rule and one or more existing application control rules, wherein the one or more existing application control rules comprise information linking at least one or more applications each having the second unique identifier with each user account having the first unique identifier, and the conflict is resolved by assigning different priorities to the conflicting rules;
  
  based at least upon the second unique identifier corresponding to the at least one application launched, receive from the administrative server, by the security software on the at least one of the plurality of computing devices, an application control rule reconfigured with a lower or higher priority than one or more conflicting application control rules to eliminate a conflict between the new application control rule and the one or more existing application control rules; and
  
  apply, by the security software, the one or more application control rules to the applications on the computing devices based on the priorities of said application control rules.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the information relating to software applications deployed on each computing device comprises application version information, unique application identifiers, digital signatures of each application, application manufacturer information, application metadata, and application installation information.
  - 10. The system of claim 8, wherein the information is associated with an identifier uniquely identifying each computing device in the network.
  - 11. The system of claim 8, wherein each computing device transmits the information to test the one or more application control rules in response to a request, or on a periodic basis.
  - 12. The system of claim 8, wherein the processor is further configured to transmit, from each computing device, information relating to hardware configuration and the software applications deployed on each computing device upon launching each of the software application on each computing device.
  - 13. The system of claim 8, wherein each of the one or more application control rules indicates metadata and a unique identifier of each application, a defined category of each application, a user identifier associated with each application, and a verdict of a type of restriction of each application.
  - 14. The system of claim 13, wherein the type of restriction of each application indicates at least one of a direct blocking upon launching, a blocking of applications of a same category, or a blocking of a portion of an application function.

15. A non-transitory computer-readable storage medium having a computer program product stored thereon, the computer-readable storage medium comprising computer-executable instructions for configuring application control rules, the instructions comprising:
- installing security software on a plurality of computing devices in a network, wherein the security software is configured to control execution of applications on the computing devices using a plurality of application control rules, each computing device being associated with one or more user accounts, each user account having a first unique identifier, and each application having a second unique identifier;
  
  during launching of at least one application on at least one of the plurality of computing devices for testing a new application control rule, transmitting, by the security software from each of the plurality of computing devices in the network, to an administrative server, information relating to one or more user account records and software applications deployed on each computing device for the identification and resolution of conflicts between the new application control rule and one or more existing application control rules, wherein the one or more existing application control rules comprise information linking at least one or more applications each having the second unique identifier with each user account having the first unique identifier, and the conflict is resolved by assigning different priorities to the conflicting rules;
  
  based at least upon the second unique identifier corresponding to the at least one application launched, receiving from the administrative server, by the security software on the at least one of the plurality of computing devices, an application control rule reconfigured with a lower or higher priority than one or more conflicting application control rules to eliminate a conflict between the new application control rule and the one or more existing application control rules; and
  
  applying, by the security software, the one or more application control rules to the applications on the computing devices based on the priorities of said application control rules.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable storage medium of claim 15, wherein the information relating to software applications deployed on each computing device comprises application version information, unique application identifiers, digital signatures of each application, application manufacturer information, application metadata, and application installation information.
  - 17. The computer-readable storage medium of claim 15, wherein the information is associated with an identifier uniquely identifying each computing device in the network.
  - 18. The computer-readable storage medium of claim 15, wherein each computing device transmits the information to test the one or more application control rules in response to a request, or on a periodic basis.
  - 19. The computer-readable storage medium of claim 15, further comprising transmitting, from each computing device, information relating to hardware configuration and the software applications deployed on each computing device upon launching each of the software application on each computing device.
  - 20. The computer-readable storage medium of claim 15, wherein each of the one or more application control rules indicates metadata and a unique identifier of each application, a defined category of each application, a user identifier associated with each application, and a verdict of a type of restriction of each application, wherein the type of restriction of each application indicates at least one of a direct blocking upon launching, a blocking of applications of a same category, or a blocking of a portion of an application function.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Lab A.O. Kaspersky
Inventors
Kazachkov, Andrey V., Pravdivy, Andrey A., Shiyafetdinov, Damir R.
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Korsak, Oleg

Application Number

US14/674,693
Publication Number

US 20150207821A1
Time in Patent Office

518 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/577   Assessing vulnerabilities a...

G06F 21/604   Tools and structures for ma...

G06N 5/027   Frames

H04L 63/20   for managing network securi...

System and method for resolving conflicts between application control rules

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

17 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for resolving conflicts between application control rules

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

17 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links