System and method of monitoring and controlling application files
First Claim
1. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:
- receiving, at the system and in response to a user requesting access to a spyware program, an identifier from a first computer of the system, the identifier being associated with the spyware program on the first computer;
associating, using an application server module of the system, one or more categories with the identifier based, at least in part, on a frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program;
determining whether the spyware program is associated with any other categories other than the associated one or more categories;
retrieving one or more policies to be applied to programs associated with the associated one or more categories and the other categories to which the spyware program is determined to be associated;
determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and
denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies.
10 Assignments
0 Petitions
Accused Products
Abstract
A system and method for updating a system that controls files executed on a workstation. The workstation includes a workstation management module configured to detect the launch of an application. A workstation application server receives data associated with the application from the workstation. This data can include a hash value. The application server module can determine one or more categories to associate with the application by referencing an application inventory database or requesting the category from an application database factory. The application database factory can receive applications from multiple application server modules. The application database factory determines whether the application was previously categorized by the application database factory and provides the category to the application server module. Once the application server module has the category, it forwards a hash/policy table to the workstation management module. Upon receipt of the hash/policy table, the workstation management module applies the policy that is associated with the launched application to control access to the application on the workstation.
2 Citations
20 Claims
-
1. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:
-
receiving, at the system and in response to a user requesting access to a spyware program, an identifier from a first computer of the system, the identifier being associated with the spyware program on the first computer; associating, using an application server module of the system, one or more categories with the identifier based, at least in part, on a frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program; determining whether the spyware program is associated with any other categories other than the associated one or more categories; retrieving one or more policies to be applied to programs associated with the associated one or more categories and the other categories to which the spyware program is determined to be associated; determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for updating a system which controls access to spyware programs and enforcing policies enumerating rules that govern access to the spyware programs on a computer, the method comprising:
-
receiving a database of identifiers at a database factory, the database being determined at least in part by a comparison between an identifier associated with a spyware program and a database at a first computer; collecting information relating to the spyware program associated with the identifier, the collected information including a frequency of requests to execute the spyware program; associating the spyware program associated with the identifier with a category, the category based, at least in part, the frequency of requested execution of the spyware program if the category was not previously associated with the identifier in a database of categorized programs of the system, the category indicating a type of application of the spyware program based at least in part on the collected information; determining whether the spyware program is associated with any other categories other than the associated category; retrieving one or more policies to be applied to programs associated with the associated category and the other categories to which the spyware program is determined to be associated; determining whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies; and denying access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for sharing a spyware database between a plurality of computers across a network, the system comprising:
-
a first computer having a first database and a spyware program, the first database including one or more identifiers associated with respective spyware programs and associated with one or more categories of types of applications, the first database not including an identifier associated with the spyware program; and a second computer having a second database, the second database including a first identifier associated with the spyware program on the first computer, the second computer-configured to collect information relating to the first identifier and determine a category to associate with the first identifier if the category was not previously associated with the first identifier in a database of categorized programs of the system, the category based at least in part on the collected information, the collected information including a frequency of requests to execute the spyware program, the second computer configured to provide the first computer with the identifier and the category; and wherein the first computer is configured to determine whether the spyware program is associated with any other categories other than the associated category, retrieve one or more policies to be applied to programs associated with the category and the other categories to which the spyware program is determined to be associated, determine whether a user of the first computer that requested access to the spyware program is associated with privileges that violate the retrieved one or more policies, and deny access to the spyware program in response to determining the user includes insufficient privileges to access based on the retrieved one or more policies. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification