Sandboxing protection for endpoints

Assignee

• Fortinet, Inc. · US

Inventors

• Yannick Dubuc · Coquitlam, CA
• Hai Liu · Tangxia, CN
• Heng Du · Shenyang, CN
• Yugang Du · Coquitlam, CA
• Jonathan Karl Seanor · Nottingham, GB
• Weining Wu · Burnaby, CA
• GangGang Zhang · Coquitlam, CA
• Ronald Foo · Vancouver, CA

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/145
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Methods and systems for integrating a sandboxing service and distributed threat intelligence within an endpoint security application are provided. According to one embodiment, The method includes file system or operating system activity relating to a file accessible to an endpoint system is monitored by an endpoint security application running on the endpoint system. The endpoint security application determines whether the file has been previously analyzed for a threat status. When a result of the determining is negative, then the endpoint security application requests the threat status by submitting the file to a remote threat analysis engine with a request to perform a threat analysis on the file. Based on the determined threat status, the endpoint security application selectively allows or disallows performance of the file system or operating system activity.