| 发明名称 | System and method for local protection against malicious software | ||
| 摘要 | A method in one example implementation includes intercepting a network access attempt on a computing device and determining a software program file associated with the network access attempt. The method also includes evaluating a first criterion to determine whether the network access attempt is permitted and blocking the network access attempt if it is not permitted. The first criterion includes a trust status of the software program file. In specific embodiments, the trust status is defined as trusted if the software program file is included in a whitelist of trustworthy program files and untrusted if the software program file is not included in a whitelist. In more specific embodiments, the method includes blocking the network access attempt if the software program file has an untrusted status. In further embodiments, an event is logged if the software program file associated with the network access attempt has an untrusted status. | ||
| 申请公布号 | US8925101(B2) | 申请公布日期 | 2014.12.30 |
| 申请号 | US201012844892 | 申请日期 | 2010.07.28 |
| 申请人 | McAfee, Inc. | 发明人 | Bhargava Rishi;Reese, Jr. David P. |
| 分类号 | G06F11/30;G06F12/14;G06F17/30;G06F21/60;G06F21/55;H04L29/06;G06F21/56;G06F21/54 | 主分类号 | G06F11/30 |
| 代理机构 | Patent Capital Group | 代理人 | Patent Capital Group |
| 主权项 | 1. A method comprising: intercepting, on a computing device, one or more packets of an outbound network access attempt initiated by a process executing on the computing device, wherein the packets include a requested destination address in a network; determining the process mapped to the packets; querying a process traffic mapping element of the computing device to determine each software program file of a plurality of software program files mapped to the process in the process traffic mapping element, wherein at least one software program file of the plurality of software program files is an executable file and at least one other software program file of the plurality of software program files is a library module loaded by the process; determining a trust status of each software program file of the plurality of software program files; determining whether the network access attempt is permitted based on at least a first criterion, wherein the first criterion includes the trust status of each software program file of the plurality of software program files; and blocking the network access attempt on the computing device if the network access attempt is not permitted. | ||
| 地址 | Santa Clara CA US | ||