US2015186646A1PendingUtilityA1

System, method, and computer program product for dynamically adjusting a level of security applied to a system

Assignee: MCAFEE INCPriority: Apr 29, 2008Filed: Feb 5, 2015Published: Jul 2, 2015
Est. expiryApr 29, 2028(~1.8 yrs left)· nominal 20-yr term from priority
G06F 21/55H04L 63/1425H04L 63/1408G06F 2221/2113G06F 2221/034G06F 21/56G06F 21/577
51
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system, method, and computer program product are provided for dynamically adjusting a level of security applied to a system. In use, predetermined activity that is at least potentially associated with unwanted activity is identified on a system. Further, a level of security applied to the system is dynamically adjusted, in response to the identification of the predetermined activity.

Claims

exact text as granted — not AI-modified
1 . A machine readable medium on which are stored instructions comprising instructions that when executed by a programmable device, cause the programmable device to:
 monitor a programmable device at a first level of monitoring; and   reduce monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware.   
     
     
         2 . The machine readable medium of  claim 1 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
 increase monitoring from the second level of monitoring to the first level of monitoring responsive to an identification of the activity,   wherein the first level of monitoring and the second level of monitoring monitor different subsets of a memory local to the programmable device.   
     
     
         3 . The machine readable medium of  claim 1 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
 identify a suspect activity on the device that is predetermined to be associated with an increased vulnerability of the device to malware, the suspect activity identified utilizing the second level of monitoring;   adjust to a third level of monitoring of the device in response to the identification of the suspect activity, wherein the third level of monitoring of the device comprises monitoring for one or more additional types of accesses performed by the suspect activity;   determine an absence of the suspect activity on the device, wherein the absence is determined utilizing the third level of monitoring of the device; and   adjust to the second level of monitoring of the device in response to the determination of the absence of the suspect activity.   
     
     
         4 . The machine readable medium of  claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a process connecting to an external network. 
     
     
         5 . The machine readable medium of  claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a loading of an executable not contained in a whitelist. 
     
     
         6 . The machine readable medium of  claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify an attempt to access a website not contained in a whitelist. 
     
     
         7 . The machine readable medium of  claim 3 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a change of privileges by a process. 
     
     
         8 . The machine readable medium of  claim 3 , wherein the instructions that when executed cause the programmable device to utilize the second level of monitoring comprise instructions that when executed cause the programmable device to scan at least a portion of data associated with the suspect activity for the malware. 
     
     
         9 . The machine readable medium of  claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to monitor input and output operations of the device utilizing filter drivers. 
     
     
         10 . The machine readable medium of  claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to implement host environment callbacks functions. 
     
     
         11 . The machine readable medium of  claim 1 , wherein the first level of monitoring and the second level of monitoring comprise instructions that when executed cause the programmable device to redirect an interface invocation to a monitoring callback function utilizing a hook. 
     
     
         12 . The machine readable medium of  claim 1 , wherein the instructions that when executed cause the programmable device to reduce monitoring to the second level of monitoring comprise instructions that when executed cause the programmable device to reduce monitoring to the second level of monitoring based on a behavioral analysis of the activity and a history of collected events of a predetermined type. 
     
     
         13 . A method, comprising:
 determining, utilizing a first level of monitoring of a programmable device, an absence of an activity on the programmable device associated with an increased vulnerability of a programmable device to malware; and   adjusting dynamically to a second level of monitoring of the programmable device responsive to the determination,   wherein the second level of monitoring monitors fewer types of accesses performed by the activity than the first level of monitoring   monitoring a programmable device at a first level of monitoring; and   reducing monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware.   
     
     
         14 . The method of  claim 13 , further comprising:
 identifying a suspect activity on the programmable device that is predetermined to be associated with an increased vulnerability of the device to malware, the suspect activity identified utilizing the second level of monitoring;   adjusting to a third level of monitoring of the programmable device in response to the identification of the suspect activity, wherein the third level of monitoring of the programmable device comprises monitoring for one or more additional types of accesses performed by the suspect activity;   determining an absence of the suspect activity on the programmable device, wherein the absence is determined utilizing the third level of monitoring of the programmable device; and   adjusting to the second level of monitoring of the programmable device in response to the determination of the absence of the suspect activity.   
     
     
         15 . A programmable device, comprising:
 a memory; and   a processing device operatively communicatively coupled to the memory,   wherein instructions are stored in the memory, comprising instructions that when executed cause the processing device to:
 monitor a programmable device at a first level of monitoring; and 
 reduce monitoring to a second level of monitoring of the programmable device responsive to an absence of activity associated with an increased vulnerability of the programmable device to malware. 
   
     
     
         16 . The programmable device of  claim 15 , further comprising:
 a network connection communicatively coupled to the memory and configured to receive data from a network.   
     
     
         17 . The programmable device of  claim 15 , further comprising:
 a user interface adapter communicatively coupled to the memory and configured to receive input from a user.   
     
     
         18 . The programmable device of  claim 15 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
 increase monitoring from the second level of monitoring to the first level of monitoring responsive to an identification of the activity,   wherein the first level of monitoring and the second level of monitoring scan different subsets of the memory.   
     
     
         19 . The programmable device of  claim 15 , wherein the instructions further comprise instructions that when executed cause the programmable device to:
 identify a suspect activity on the programmable device that is predetermined to be associated with an increased vulnerability of the programmable to malware, the suspect activity identified utilizing the second level of monitoring;   adjust from the second level of monitoring to a third level of monitoring of the programmable device in response to the identification of the suspect activity, wherein the third level of monitoring of the device comprises monitoring for one or more additional types of accesses performed by the suspect activity;   determine an absence of the suspect activity on the programmable device, wherein the absence is determined utilizing the third level of monitoring of the device; and   adjust from the third level of monitoring to the second level of monitoring of the device in response to the determination of the absence of the suspect activity.   
     
     
         20 . The programmable device of  claim 19 , wherein the instructions that when executed cause the programmable device to identify the suspect activity comprise instructions that when executed cause the programmable device to identify a process connecting to an external network.

Join the waitlist — get patent alerts

Track US2015186646A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.