Behavioral-based control of access to encrypted content by a process

Assignee

• Sophos Limited · GB

Inventors

• Kenneth D. Ray · Seattle, US
• Andrew J. Thomas · Woodstock, GB
• Anthony John Merry · Kessel-Lo, BE
• Harald Schütz · Linz, AT
• Andreas Berger · Therwil, CH
• John Edward Tyrone Shaw · Felton, GB

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2107
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Securing an endpoint against exposure to unsafe content includes encrypting files to prevent unauthorized access, and monitoring an exposure state of a process to potentially unsafe content by applying behavioral rules to determine whether the exposure state is either exposed or secure, where (1) the process is initially identified as secure, (2) the process is identified as exposed when the process opens a network connection to a URL that is not internal to an enterprise network of the endpoint and that has a poor reputation, (3) the process is identified as exposed when it opens a file identified as exposed, and (4) the process is identified as exposed when another exposed process opens a handle to the process. Access to the files may be restricted when the process is exposed by controlling access through a file system filter that conditionally decrypts files for the process according to its exposure state.