Distributed malicious software protection in file sharing environments
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-011/00
G06F-012/14
G06F-007/04
G06F-017/30
출원번호
US-0638034
(2006-12-13)
등록번호
US-8756683
(2014-06-17)
발명자
/ 주소
Manion, Todd
Kim, Ryan
Singhal, Sandeep K.
Suriyanarayanan, Guhan
출원인 / 주소
Microsoft Corporation
대리인 / 주소
Ross, Jim
인용정보
피인용 횟수 :
2인용 특허 :
8
초록▼
Automatic file replication and scanning for malware in a sharing environment is based on detection of file system changes. Only one client of the multi-client environment needs to include malware protection software for all clients to benefit. A file replication service for each client monitors a sh
Automatic file replication and scanning for malware in a sharing environment is based on detection of file system changes. Only one client of the multi-client environment needs to include malware protection software for all clients to benefit. A file replication service for each client monitors a shared directory, and synchronizes files across clients at the file system driver level. When a new file appears in the shared directory of a client system, through this driver, the new file automatically gets replicated. A malware protection component operates by monitoring the directory for new or modified files. File replication causes automatic malware scanning on the client that has protection. When the file has been cleaned and re-written to the directory, the replication service senses that the file has changed and replicates the cleaned file to the other clients. Thus, the replication behavior produces a multiparty file scanning and cleansing protection scheme.
대표청구항▼
1. A computer-implemented data management system, comprising: a replication component configured to automatically replicate a file from a first client to a second client of a multi-client sharing environment;a protection component of one of the first or second clients configured to automatically sca
1. A computer-implemented data management system, comprising: a replication component configured to automatically replicate a file from a first client to a second client of a multi-client sharing environment;a protection component of one of the first or second clients configured to automatically scan the file for malicious software based on the file being new or changed at a storage driver level, wherein the protection component automatically cleans the file of the malicious software prior to replication to the second client; anda processor configured to execute computer-executable instructions associated with at least one of the replication component or protection component. 2. The system of claim 1, wherein the storage driver level is associated with at least one of a mass storage device or a volatile memory subsystem of one of the first or second clients. 3. The system of claim 1, wherein the file is replicated to the second client after the protection component automatically scans the file for the malicious software. 4. The system of claim 1, wherein the file sharing space is presented as part of a user interface (UI) for sharing files each of the clients. 5. The system of claim 1, wherein the multi-client environment includes a file sharing space for sharing files. 6. The system of claim 5, wherein clients of the multi-client environment include the file sharing space, and introduction of the file into a file sharing space of the first client initiates replication of the file to the second client, where the protection component of the second client automatically scans the file for the malicious software after replication to the second client, and replicates the scanned file back to the other clients. 7. The system of claim 5, wherein clients of the multi-client environment include the file sharing space, and introduction of the file into a file sharing space of the first client automatically initiates replication of the file to the second client, where the protection component of the first client automatically scans the file for the malicious software prior to replication to the second client. 8. The system of claim 1, wherein the multi-client environment is one of a peer-to-peer (P2P) topology, server-to-server configuration, or client/server configuration. 9. The system of claim 1, wherein the protection component automatically scans the file in response to the replication component initiating replication of the file. 10. A computer-implemented method of managing data, comprising acts of: detecting a new or changed document of a client at a device driver layer in a shared environment;initiating replication of the new or changed document to one or more other clients of the shared environment;automatically scanning the new or changed document for malicious software in response to a replication action;replicating the new or changed document to the one or more other clients after the act of automatically scanning; andutilizing a processor to execute instructions stored in memory to perform at least one of the acts of detecting, initiating, scanning, or replicating. 11. The method of claim 10, wherein the new or changed document is an update of a previous document of the shared environment. 12. The method of claim 10, wherein the act of automatically scanning occurs at a driver level of the client. 13. The method of claim 10, wherein the malicious software is a virus associated with the new or changed document. 14. The method of claim 10, wherein the act of replicating the new or changed document to the one or more other clients occurs after the act of automatically scanning such that the act of automatically scanning is performed at the client. 15. The method of claim 10, wherein the act of replicating the new or changed document to the one or more other clients occurs before the act of automatically scanning such that the act of automatically scanning is performed at the one or more of the other clients. 16. The method of claim 10, wherein the device driver layer is associated with a persisted storage subsystem. 17. The method of claim 10, further comprising creating and maintaining a hash table for tracking document activity in a sharing directory. 18. A computer-implemented data management system, comprising: at least one computer configured to:detect an infected file in a first sharing directory of a first sharing client at a device driver layer;replicate the infected file to a second sharing directory of a second sharing client;detect presence of the infected file in the second sharing directory of a second sharing client;automatically clean the infected file for malicious software at the second client, the infected file cleaned into a cleansed file; andreplicate the cleansed file to the first sharing directory of the first client. 19. The system of claim 18, further comprising at least one computer configured to update a hash table according to changes to the infected file. 20. The system of claim 18, further comprising at least one computer configured to replicate with the device driver layer.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (8)
Hernacki, Brian; Bennett, Jeremy, Detecting network evasion and misinformation.
Dawson, Jr.,Frank Robertson; Huang,Yen Min; Miller,Brent A.; Singhal,Sandeep K., Method and system for protecting pervasive devices and servers from exchanging viruses.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.