Real time lockdown
US8959642B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 23, 2013 |
| Grant date | Feb 17, 2015 |
| Priority date | — |
| Expiry date | May 23, 2033 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F21/60
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A system and method that trusts software executables existent on a machine prior to activation for different types of accesses e.g. execution, network, and registry. The system detects new executables added to the machine as well as previously existent executables that have been modified, moved, renamed or deleted. In certain embodiments, the system will tag the file with a flag as modified or newly added. Once tagged, the system intercepts particular types of file accesses for execution, network or registry. The system determines if the file performing the access is flagged and may apply one or more policies based on the requested access. In certain embodiments, the system intercepts I/O operations by file systems or file system volumes and flags metadata associated with the file. For example, the NT File System and its extended attributes and alternate streams may be utilized to implement the system.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.