Temporary process deprivileging

US 9,723,006 B2
Filed: 06/27/2015
Issued: 08/01/2017
Est. Priority Date: 06/27/2015
Status: Active Grant

First Claim

Patent Images

1. A computing apparatus, comprising:

a process deprivileging engine operable for;

recognizing that a process has an undetermined reputation;

intercepting a first access request by the process directed to a first resource;

determining that the first resource is not owned by the process; and

based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

There is disclosed in an example a computing apparatus, including: a process deprivilging engine operable for: recognizing that a process has an undetermined reputation; intercepting a first access request directed to a first resource; determining that the first resource is not owned by the process; and at least partially blocking access to the first resource. There is further disclosed a method of providing the process deprivileging engine, and one or more computer-readable mediums having stored thereon executable instructions for providing the process deprivileging engine.

10 Citations

21 Claims

1. A computing apparatus, comprising:
- a process deprivileging engine operable for;
  
  recognizing that a process has an undetermined reputation;
  
  intercepting a first access request by the process directed to a first resource;
  
  determining that the first resource is not owned by the process; and
  
  based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for:
    - intercepting a second access request directed to a second resource;
      
      determining that the second resource is owned by the process; and
      
      permitting access to the second resource.
  - 3. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for:
    - intercepting a third access request directed to a third resource;
      
      determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and
      
      permitting read-only access to the third resource.
  - 4. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for determining that the first access request is a safe access, and restoring privileges to the process.
  - 5. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for determining that the first access request is an auto-blocked access, and terminating the process.
  - 6. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process.
  - 7. The computing apparatus of claim 1, wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving a negative response, and terminating the process.

8. One or more tangible, non-transitory computer-readable mediums having stored thereon executable instructions for providing a deprivileging engine operable for:
- recognizing that a process has an undetermined reputation;
  
  intercepting a first access request by the process directed to a first resource;
  
  determining that the first resource is not owned by the process; and
  
  based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for:
    - intercepting a second access request directed to a second resource;
      
      determining that the second resource is owned by the process; and
      
      permitting access to the second resource.
  - 10. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for:
    - intercepting a third access request directed to a third resource;
      
      determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and
      
      permitting read-only access to the third resource.
  - 11. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for determining that the first access request is a safe access, and restoring privileges to the process.
  - 12. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for determining that the first access request is an auto-blocked access, and terminating the process.
  - 13. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process.
  - 14. The one or more tangible, non-transitory computer-readable storage mediums of claim 8, wherein the process deprivileging engine is further operable for prompting a user for a verification input, receiving a negative response, and terminating the process.

15. A computer-implemented method of providing a process deprivileging engine, comprising:
- recognizing that a process has an undetermined reputation;
  
  intercepting a first access request by the process directed to a first resource;
  
  determining that the first resource is not owned by the process; and
  
  based at least in part on the undetermined reputation and the determination that the first resource is not owned by the process, at least partially blocking access to the first resource.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. The computer-implemented method of claim 15, further comprising:
    - intercepting a second access request directed to a second resource;
      
      determining that the second resource is owned by the process; and
      
      permitting access to the second resource.
  - 17. The computer-implemented method of claim 15, further comprising:
    - intercepting a third access request directed to a third resource;
      
      determining that the third resource is owned by a user owning the process, and that the resource is not owned by the process; and
      
      permitting read-only access to the third resource.
  - 18. The computer-implemented method of claim 15, further comprising determining that the first access request is a safe access, and restoring privileges to the process.
  - 19. The computer-implemented method of claim 15, further comprising determining that the first access request is an auto-blocked access, and terminating the process.
  - 20. The computer-implemented method of claim 15, further comprising prompting a user for a verification input, receiving an affirmative response, and restoring privileges to the process.
  - 21. The computer-implemented method of claim 15, further comprising prompting a user for a verification input, receiving a negative response, and terminating the process.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Zhang, Zheng, Merrill, Clint R., Mehta, Kunal, Teddy, John D., Schmugar, Craig D., Aktas, Erdem
Primary Examiner(s)
HOFFMAN, BRANDON S

Application Number

US14/752,902
Publication Number

US 20160381024A1
Time in Patent Office

766 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/51   at application loading time...

H04L 63/10   for controlling access to d...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Temporary process deprivileging

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

10 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Temporary process deprivileging

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

10 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links