COMPUTER DEVICE AND METHOD FOR ISOLATING UNTRUSTED CONTENT

摘要

A computer system and method are provided to intercept a task from a primary user account 121 prior to execution of the task by the computer device 200, where the task relates to an untrusted content. A task isolation environment 350 is provisioned for executing the task, including programmatically creating a secondary user account 121b on the computer device. A local printer and/or a network printer which are connected to the primary user account 121 are discovered and automatically provisioned in the secondary user account 121b. Access to the or each printer 500 is controlled by an agent 300 on the computer device 200.

主权项

1. A method for isolating untrusted content on a computer device, the method comprising:
intercepting a task from a primary user account prior to execution of the task by the computer device, wherein the task relates to an untrusted content; provisioning a task isolation environment for executing the task, including (i) programmatically creating a secondary user account on the computer device, (ii) determining a printer which is available in the primary user account, and (iii) making the printer available in the secondary user account by populating printer-related user settings in the secondary user account; executing the task in the task isolation environment in relation to the untrusted content; intercepting, by an agent, a printer service request by the task in the secondary user account in relation to the printer; determining, by the agent, whether to allow or deny the printer service request by the task of the secondary user account in relation to the printer; and providing impersonated credentials of the primary user account by the agent when the printer service request is allowed and allowing the printer service request to proceed using the impersonated credentials.