Content tracking in a network security system
First Claim
Patent Images
1. A method for use in a system with a server and one or more associated host computers (hosts), the method comprising:
- maintaining on a server for a plurality of files a set of server meta-information including, for each unique file content signature, a signature of the contents of the file, a date the file or the signature is first reported to the server, and state data indicating whether and with what conditions certain file operations can be performed by hosts on the file;
maintaining on the hosts for a plurality of files a set of meta-information including, for each file the state data and the signature of the file contents;
detecting on the host possible changes to file content or name, and updating host and/or server meta-information; and
the server providing to the hosts changes in the server meta-information.
3 Assignments
0 Petitions
Accused Products
Abstract
A security system provides a defense from known and unknown viruses, worms, spyware, hackers, and unwanted or unknown software. The system can implement centralized policies that allow an administrator to approve, block, quarantine, or log file activities. The system maintains file meta-information in the hosts and in the server. A host detects file operations which can cause changes to file content or file name, and updates the host and/or server meta-information as a result. Changes in server meta-information are made available to hosts.
343 Citations
45 Claims
-
1. A method for use in a system with a server and one or more associated host computers (hosts), the method comprising:
-
maintaining on a server for a plurality of files a set of server meta-information including, for each unique file content signature, a signature of the contents of the file, a date the file or the signature is first reported to the server, and state data indicating whether and with what conditions certain file operations can be performed by hosts on the file;
maintaining on the hosts for a plurality of files a set of meta-information including, for each file the state data and the signature of the file contents;
detecting on the host possible changes to file content or name, and updating host and/or server meta-information; and
the server providing to the hosts changes in the server meta-information. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method for use in a system with a server and associated host computers (hosts), the method comprising:
-
maintaining on a server for a plurality of files a set of meta-information including, for each unique file content signature, a signature of the contents of the file, state data indicating whether and with what conditions certain file operations can be performed by hosts on the file, and a time when the file or the signature was first seen;
maintaining on the hosts for a plurality of files a set of meta-information including, for each file the state data, the signature of the file contents, the file pathname;
a host detecting possible changes to file content or name, and updating host and/or server meta-information; and
the server providing to the hosts changes in the server meta-information. - View Dependent Claims (30, 31, 32)
-
-
33. A method for use in a system with a server and associated host computers (hosts), the method comprising:
-
maintaining on a server for a plurality of files a set of meta-information including, for each unique file content signature, state data indicating whether and with what conditions certain operations associated with the file are banned, allowed, or not yet fully determined;
maintaining on the hosts for a plurality of files a set of meta-information including, for each file, the state data;
detecting on the host possible changes to file content or name, and updating host and/or server meta-information;
the server providing to the hosts changes in the server meta-information;
in response to there being no entry for the file in the server or state not yet fully determined, the server performing analyses of the file. - View Dependent Claims (34, 35, 36)
-
-
37. A system comprising:
-
a server;
a plurality of host computers (hosts) associated with the server;
the server having a server memory for maintaining a plurality of files a set of meta-information including, for each file, data regarding the name of the file, a signature of the contents of the file, and state data indicating whether and with what conditions certain operations associated with the file are banned, allowed, or not yet determined;
each of the hosts having a local memory for maintaining for a plurality of files a set of meta-information including, for each file, the state data and the signature;
detecting on the host possible changes to file content or name, and updating host and/or server meta-information;
the server causing changes in the server meta-information to be provided to the hosts. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45)
-
Specification