Security policy deployment and enforcement system for the detection and control of polymorphic and targeted malware
First Claim
Patent Images
1. A method for monitoring applications on user devices, the method comprising:
- monitoring applications requesting to open files using system dynamic-link libraries;
searching for hashes corresponding to the files requested by the applications in caches of the user devices;
upon locating hashes of the files requested by the applications, searching for security policies associated with the hashes;
upon locating the security policies associated with the hashes, enforcing restrictions of the security policies; and
upon failing to locate the hashes of the files requested by the applications;
scanning contents of the files;
calculating hashes for the files; and
updating the caches of the user devices by adding mappings for the hashes to the caches of the user devices and requesting trust scores and establishing security policies based on the trust scores for the files requested by the applications.
4 Assignments
0 Petitions
Accused Products
Abstract
The present system and method pertain to the detection of malicious software and processes such as malware. A cloud security policy system receives hashes and behavioral information about applications and/or processes executing on user devices. The cloud security policy system records this information and then evaluates the trustworthiness of the hashes based on the information received from the user devices to provide a security policy for the applications and/or processes. The security policy is sent from the cloud security policy system to user devices to be applied by the user devices.
-
Citations
7 Claims
-
1. A method for monitoring applications on user devices, the method comprising:
-
monitoring applications requesting to open files using system dynamic-link libraries; searching for hashes corresponding to the files requested by the applications in caches of the user devices; upon locating hashes of the files requested by the applications, searching for security policies associated with the hashes; upon locating the security policies associated with the hashes, enforcing restrictions of the security policies; and upon failing to locate the hashes of the files requested by the applications; scanning contents of the files; calculating hashes for the files; and updating the caches of the user devices by adding mappings for the hashes to the caches of the user devices and requesting trust scores and establishing security policies based on the trust scores for the files requested by the applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
Specification