Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
First Claim
Patent Images
1. A method for monitoring applications on user devices, the method comprising:
- monitoring applications requesting to open files using system dynamic-link libraries;
searching for hashes corresponding to the files requested by the applications in caches of the user devices;
upon locating hashes of the files requested by the applications, searching for security policies associated with the hashes;
upon locating the security policies associated with the hashes, enforcing restrictions of the security policies; and
upon failing to locate the hashes of the files requested by the applications;
scanning contents of the files;
calculating hashes for the files; and
updating the caches of the user devices by adding mappings for the hashes to the caches of the user devices and requesting trust scores and establishing security policies based on the trust scores for the files requested by the applications.
4 Assignments
0 Petitions
Accused Products
Abstract
The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.
16 Citations
7 Claims
-
1. A method for monitoring applications on user devices, the method comprising:
-
monitoring applications requesting to open files using system dynamic-link libraries; searching for hashes corresponding to the files requested by the applications in caches of the user devices; upon locating hashes of the files requested by the applications, searching for security policies associated with the hashes; upon locating the security policies associated with the hashes, enforcing restrictions of the security policies; and upon failing to locate the hashes of the files requested by the applications; scanning contents of the files; calculating hashes for the files; and updating the caches of the user devices by adding mappings for the hashes to the caches of the user devices and requesting trust scores and establishing security policies based on the trust scores for the files requested by the applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeCarbon Black, Inc. (Broadcom, Inc.)
-
Original AssigneeCarbon Black, Inc. (Broadcom, Inc.)
-
InventorsKraemer, Jeffrey Albin
-
Primary Examiner(s)HO, DAO Q
-
Application NumberUS15/255,374Publication NumberTime in Patent Office557 DaysField of SearchUS Class CurrentCPC Class CodesG06F 21/552 involving long-term monitor...G06F 21/554 involving event detection a...G06F 21/56 Computer malware detection ...G06F 21/566 Dynamic detection, i.e. det...G06F 2221/034 Test or assess a computer o...G06F 2221/2101 Auditing as a secondary aspectH04L 63/1433 Vulnerability analysisH04L 63/1441 Countermeasures against mal...H04L 63/20 for managing network securi...
