Systems and methods for controlling an application launch based on a security policy
First Claim
1. A computer-implemented method for controlling an application launch based on a security policy, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:
- loading, by the computing device, an application launcher into a security sandbox;
monitoring, by the computing device, one or more functions associated with launching an application from the application launcher;
determining, by the computing device, that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device;
querying, by the computing device, a policy manager comprising a security policy to determine whether the application is potentially harmful; and
performing, by the computing device, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox upon determining that the application is potentially harmful.
6 Assignments
0 Petitions
Accused Products
Abstract
The disclosed computer-implemented method for controlling an application launch based on a security policy may include (1) loading an application launcher into a sandbox, (2) monitoring one or more functions associated with launching an application from the application launcher, (3) determining that the functions associated with launching the application have been invoked by the application launcher, (4) querying a policy manager comprising a security policy to determine whether the application is potentially harmful, and (5) performing, based on the security policy, a security action preventing the application launcher from launching the application from the sandbox upon determining that the application is potentially harmful. Various other methods, systems, and computer-readable media are also disclosed.
6 Citations
20 Claims
-
1. A computer-implemented method for controlling an application launch based on a security policy, at least a portion of the method being performed by a computing device comprising at least one hardware processor, the method comprising:
-
loading, by the computing device, an application launcher into a security sandbox; monitoring, by the computing device, one or more functions associated with launching an application from the application launcher; determining, by the computing device, that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device; querying, by the computing device, a policy manager comprising a security policy to determine whether the application is potentially harmful; and performing, by the computing device, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox upon determining that the application is potentially harmful. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for controlling an application launch based on a security policy, the system comprising:
-
a loading module, stored in memory, that loads an application launcher into a security sandbox on a computing device; a monitoring module, stored in the memory, that monitors one or more functions associated with launching an application from the application launcher; a determining module, stored in the memory, that determines the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device; a query module, stored in the memory, that queries a policy manager comprising a security policy to determine whether the application is potentially harmful; a security module, stored in the memory, that performs, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox on the computing device upon determining that the application is potentially harmful; and at least one physical hardware processor that executes the loading module, the monitoring module, the determining module, the query module, and the security module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one hardware processor of a computing device, cause the computing device to:
-
load an application launcher into a security sandbox on the computing device; monitor one or more functions associated with launching an application from the application launcher; determine that the functions associated with launching the application have been invoked by the application launcher, wherein the determination comprises determining, using previously injected software hooks, that an initiation function for running the application has been invoked by the application launcher, wherein the injected software hooks are included in the security sandbox and located at a location of a start of the one or more functions to monitor how an original application launcher executing within the security sandbox attempts to access a resource provided in an operating system environment of the computing device; query a policy manager comprising a security policy to determine whether the application is potentially harmful; and perform, based on the security policy, a security action preventing the application launcher from launching the application from the security sandbox on the computing device upon determining that the application is potentially harmful. - View Dependent Claims (20)
-
Specification