| 发明名称 | Data loss prevention in the event of malware detection | ||
| 摘要 | A malware detection agent operating on a computing device detects one or more indicators of a potential data loss threat. Sensitive data is identified based on at least one of a logical location or a physical location of the sensitive data. One or more data loss prevention policies are enabled to protect the sensitive data until the potential data loss threat is resolved. | ||
| 申请公布号 | US9064130(B1) | 申请公布日期 | 2015.06.23 |
| 申请号 | US200912395498 | 申请日期 | 2009.02.27 |
| 申请人 | Symantec Corporation | 发明人 | Asheghian Daniel;Kane David |
| 分类号 | G06F11/00;G06F7/04;G06F21/62 | 主分类号 | G06F11/00 |
| 代理机构 | Lowenstein Sandler LLP | 代理人 | Lowenstein Sandler LLP |
| 主权项 | 1. A computer-implemented method comprising: detecting a potential data loss threat by a computing device comprising a data loss prevention system comprising a malware detection agent, wherein the malware detection agent uses at least one of heuristic based malware detection or signature based malware detection to detect a software component that poses the potential data loss threat; identifying at least one protected file system location comprising sensitive data, wherein the at least one protected file system location comprises at least one of a block or a sector; activating, by the computing device, one or more security agents to protect the sensitive data in the at least one protected file system location in response to detecting the potential data loss threat, wherein the one or more security agents, when activated, protect the sensitive data by impeding input/output (I/O) operations directed to the at least one protected file system location while permitting I/O operations directed to other file system locations based on performing operations comprising: determining whether an I/O operation is directed to the at least one protected file system location; andblocking the I/O operation responsive to determining that the I/O operation is directed to the at least one protected file system location; automatically determining whether the potential data loss threat is resolved; and disabling the one or more security agents in response to determining that the potential data loss threat is resolved and maintaining the one or more security agents as active in response to determining that the potential data loss threat is not resolved. | ||
| 地址 | Mountain View CA US | ||