NON-INVASIVE WHITELISTING
First Claim
1. A computing device comprising:
- a storage containing an executable object; and
one or more logic elements comprising a security engine operable for;
detecting that the executable object has attempted to perform an action;
intercepting the action;
assigning a reputation to the action; and
acting on the reputation.
10 Assignments
0 Petitions
Accused Products
Abstract
In an example, there is disclosed a security architecture for enhanced, non-invasive whitelisting of executable objects. When an executable object tries to perform an action, a security engine seamlessly intercepts the action and determines whether the action is whitelisted, blacklisted, or graylisted, assigning the action a corresponding security score. Whitelisted actions may be allowed, blacklisted actions may be disallowed, and graylisted actions may require additional verification from a user. Because the score is assigned to the combination of the executable object and the action, false positives may be avoided, such as those that may occur when an executable object is prefetched but has not yet tried to perform any useful work.
-
Citations
25 Claims
-
1. A computing device comprising:
-
a storage containing an executable object; and one or more logic elements comprising a security engine operable for; detecting that the executable object has attempted to perform an action; intercepting the action; assigning a reputation to the action; and acting on the reputation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. One or more computer-readable mediums having stored thereon executable instructions operable for instructing a processor for:
-
detecting that an executable object has attempted to perform an action; intercepting the action; assigning a reputation to the action; and acting on the reputation. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method comprising:
-
detecting that an executable object has attempted to perform an action; intercepting the action; assigning a reputation to the action; and acting on the reputation. - View Dependent Claims (25)
-
Specification