CA2573143A1 - Automatic regeneration of computer files description - Google Patents

Automatic regeneration of computer files description Download PDF

Info

Publication number
CA2573143A1
CA2573143A1 CA002573143A CA2573143A CA2573143A1 CA 2573143 A1 CA2573143 A1 CA 2573143A1 CA 002573143 A CA002573143 A CA 002573143A CA 2573143 A CA2573143 A CA 2573143A CA 2573143 A1 CA2573143 A1 CA 2573143A1
Authority
CA
Canada
Prior art keywords
computer
file
monitored
files
modified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
CA002573143A
Other languages
French (fr)
Inventor
Luke Koestler
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Seventh Knight Inc
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of CA2573143A1 publication Critical patent/CA2573143A1/en
Abandoned legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Abstract

A method for regenerating computer files on a computer system having a computer with an operating system, the method includes receiving an input from a user to specify monitored files, detecting modification of at least one of the monitored files, and replacing the at least one modified monitored file with a backup copy of the at least one modified monitored file.

Description

AUTOMATIC REGENERATION OF COMPUTER FILES
DESCRIPTION
Related Applications [001] This non-provisional application is related to and claims priority of Provisional Application No. 60/485,160 filed on July 8, 2003, in the name of Luke KOESTLER, and titled AUTOMATIC REGENERATION OF COMPUTER
FILES, the contents of which are fully incorporated herein by reference.

Technical Field [002] This invention relates to the field of automatic regeneration of computer files.

Background [003] Computers, and especially network-connected computers, are present in almost every phase of today's society. Also present, unfortunately, are many types of technological attacks on such computers. Such attacks may come in the form of viruses, worms, Trojan horses, adware, spyware, and others. Although forms of protection, such as anti-virus software using a signature-based techniques, are currently available, there remain many types of threats that are not detected by currently available solutions, even if such solutions are updated on a daily basis. Accordingly, it is desirable to provide methods and apparatus offering increased security to computers and computer systems from known and unknown technological threats.

SUMMARY
[004] Consistent with the invention, systems and methods are provided for regenerating computer files on a computer system having a computer with an operating system. The method includes receiving an input from a user to specify monitored files, automatically detecting modification of at least one of the monitored files, and automatically replacing the at least one modified monitored file with a backup copy of the at least one modified monitored file.
[005] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS
[006] The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate several embodiments of the invention and together with the description, serve to explain the principles of the invention.
[007] Figure 1 shows a diagram depicting an exemplary computer system in which systems and methods consistent with the principles of the present may be implemented;
[008] Figure 2 shows a flowchart depicting the steps performed by an automatic file regenerator consistent with the principles of the present invention;
[009] Figure 3 shows a flowchart depicting the steps performed by an automatic file regenerator also consistent with the principles of the present invention; and [010] Figure 4 is a detailed diagram of the automatic file regenerator shown in Figure 1.

DETAILED DESCRIPTION
[011] Reference will now be made in detail to the embodiments consistent with the invention, examples of which are illustrated in the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or like parts.
[012] Consistent with the invention, an automatic file regenerator works in unison with a process authenticator to provide layers of security to protect computer systems. Unlike conventional anti-virus software that must refer to a database of known threats, the process authenticator reverses this process by building a database of known good code, that is, software and scripts approved by the system administrators. A suitable process authenticator is described further in U.S. Patent Application No. 10/252,110, filed September 24, 2002, the contents of which are incorporated by reference herein in their entirety. Any code that has not been approved by an administrator, such as a virus that the anti-virus software could not yet detect, is not allowed to execute on the server or the local computer system. No software is allowed to execute unless specifically approved.
[013] Consistent with the invention, an automatic file regenerator, which provides automatic file regeneration capabilities, is described herein.
The automatic file regenerator maintains data integrity of files and data stored in computers. For example, the automatic file generator can ensure data integrity for enterprise servers running critical services that must be available around-the-clock. The automatic file regenerator replaces modified or corrupt data with a fresh copy of the user-approved original. When, for example, an intruder modifies or deletes data from the computer, the automatic file regenerator replaces the data with a fresh copy of the original. In essence, the automatic file regenerator allows a computer to heal itself automatically, time and time again.
[014] Systems and methods consistent with the present invention may be implemented by computers organized in a conventional distributed processing system architecture. Figure 1 is a block diagram illustrating a computer system 100 in which an embodiment consistent with the invention may be implemented. Computer system 100 includes a computer 101 having a bus 102 or other communication mechanism for communicating information, and a processor 104 coupled with bus 102 for processing information.
Computer 101 also includes a main memory, such as random access memory (RAM) 106 or other dynamic storage device, coupled to bus 102 for storing information and instructions to be executed by processor 104. RAM 106 also may be used for storing temporary variables or other intermediate information during execution of instructions to be executed by processor 104. During operation, some or all portions of an operating system 105 are loaded into RAM 106. Computer 101 further includes a read only memory (ROM) 108 or other static storage device coupled to bus 102 for storing static information and instructions for processor 104. A storage device 110, such as a magnetic disk or optical disk, is provided and coupled to bus 102 for storing information and instructions. A file system 111 including a plurality of root directories may be stored in storage device 110.
[015] Computer 101 may be coupled via bus 102 to a display 112, such as a cathode ray tube (CRT), for displaying information to a computer user. An input device 114, including alphanumeric and other keys, is coupled to bus 102 for communicating information and command selections to processor 104. Another type of user input device is cursor control 116, such as a mouse, a trackball or cursor direction keys for communicating direction information and command selections to processor 104 and for controlling cursor movement on display 112. This input device typically has two degrees of freedom in two axes, a first axis (e.g., x) and a second axis (e.g., y), which allow the device to specify positions in a plane.
[016] System 100 may further include an input drive device 117, such as a CD reader, for reading high-capacity computer-readable media, such as CD-ROMs and CDRs.
[017] The invention is related to the use of computer system 100 for monitoring and regenerating files on a computer system or network.
According to one implementation, systems and methods consistent with the present invention collect system information and store it in a central database in response to processor 104 executing one or more sequences of one or more instructions contained in RAM 106. Such instructions may be read into RAM 106 from a computer-readable medium via an input device such as storage device 110. Execution of the sequences of instructions contained in main memory 106 causes processor 104 to perform the process steps described herein. In an alternative implementation, hard-wired circuitry may be used in place of or in combination with software instructions to implement the invention. Thus, implementations consistent with the principles of the present invention are not limited to any specific combination of hardware circuitry and software.
[018] The term "computer-readable medium" as used herein refers to any media that participates in providing instructions to processor 104 for execution. Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media. Non-volatile media includes, for example, optical or magnetic disks, such as storage device 110. Volatile media includes dynamic memory, such as main memory 106. Transmission media includes coaxial cables, copper wire and fiber optics, including the wires that comprise bus 102. Transmission media can also take the form of acoustic or light waves, such as those generated during radio-wave and infra-red data communications.
[019] Common forms of computer-readable media include, for example, a floppy disk, a flexible disk, hard disk, magnetic tape, or any other magnetic medium, a CD-ROM, any other optical medium, punch cards, paper tape, any other physical medium with patterns of holes, a RAM, PROM, and EPROM, a FLASH-EPROM, any other memory chip or cartridge, a carrier wave as described hereinafter, or any other medium from which a computer can read.
[020] Various forms of computer-readable media may be involved in carrying one or more sequences of one or more instructions to processor 104 for execution. For example, the instructions may initially be carried on the magnetic disk of a remote computer. The remote computer can load the instructions into its dynamic memory and send the instructions over a telephone line using a modem. A modem local to computer system 100 can receive the data on the telephone line and use an infra-red transmitter to convert the data to an infra-red signal. An infra-red detector coupled to bus 102 can receive the data carried in the infra-red signal and place the data on bus 102. Bus 102 carries the data to main memory 106, from which processor 104 retrieves and executes the instructions. The instructions received by main memory 106 may optionally be stored on storage device 110 either before or after execution by processor 104.
[021] Computer 101 also includes a communication interface 118 coupled to bus 102. Communication interface 118 provides a two-way data communication coupling to a network link 120 that is connected to local network 122. For example, communication interface 118 may be an integrated services digital network (ISDN) card or a modem to provide a data communication connection to a corresponding type of telephone line. As another example, communication interface 118 may be a local area network (LAN) card to provide a data communication connection to a compatible LAN.
Wireless links may also be implemented. In any such implementation, communication interface 118 sends and receives electrical, electromagnetic or optical signals that carry digital data streams representing various types of information.
[022] Network link 120 typically provides data communication through one or more networks to other data devices. For example, network link 120 may provide a connection through local network 122 to host computer 124 and/or to data equipment operated by Internet Service Provider (ISP) 126.
ISP 126, in turn, provides data communication services through the Internet 128. Local network 122 and Internet 128 both use electric, electromagnetic or optical signals that carry digital data streams. The signals through the various networks and the signals on network link 120 and through communication interface 118, which carry the digital data to and from computer system 100, are exemplary forms of carrier waves transporting the information.
[023] Computer system 100 can send messages and receive data, including program code, through the network(s), network link 120 and communication interface 118. In the Internet example, a server 130 might transmit a requested code for an application program through Internet 128, ISP 126, local network 122 and communication interface 118. Consistent with the present invention, one such downloaded application in the form of an automatic file regenerator 107 automatically regenerates files on a computer system. The structure of automatic file regenerator 107 is shown in more detail in Figure 4 and will be described below. The received code may be loaded in RAM 106 and executed by processor 104 as it is received.
Alternatively, or in addition, it may be stored in storage device 110, or other non-volatile storage for later execution. In this manner, computer system 100 may obtain application code in the form of a carrier wave.
[024] Although computer system 100 is shown in FIG. 1 as being connectable to one server 130, those skilled in the art will recognize that computer system 100 may establish connections to multiple servers on Internet 128. Such servers may include an HTML-based Internet application, which may provide information to computer system 100 upon request in a manner consistent with the present invention.
[025] FIG. 2 and 3 show flowcharts depicting exemplary methods for automatic regeneration of computer files performed by automatic file regenerator 107 (shown in Figure 4) on computer system 100 consistent with the principles of the present invention. A first method (Figure 2) begins by prompting or requesting input from a user, for example, a system administrator, to indicate or specify files and directories for the automatic file regenerator to monitor, step 200. Monitored files may be any type of file, such as but not limited to documents, programs, web pages, and scripts.

Monitored files are files that have been specified by the user as read-only files, files that do not change, or system files. In one embodiment, monitored files are stored in one or more root directories. The method may verify that the user has provided a backup copy of the monitored files, step 205. If a computer running the automatic file regenerator detects that a monitored file has been modified, renamed, or deleted, then the monitored file is replaced with the backup copy of the original, usually within seconds. In some instances the modified monitored file is replaced when the computer is restarted.
[026] In one configuration, a service initiator 402 (Figure 4) initiates an instance of automatic file regeneration service for each root directory specified by the user, step 210. The automatic file regeneration service may be a low-level system service. The service activates a file comparator 404 to detect any modification of the monitored files by comparing attributes such as file size, file name, and binary file composition of the monitored files against the backup copy of the monitored files, step 220. The automatic file regeneration service cycles through and compares all monitored files with the respective backup copy once every cycle. The length of a cycle is set or turned off using a registry value where, for example, 0 = off, 1 = 1 minute, 2 = 2 minutes, etc.

If the service detects modification of any of the monitored files, step 230, it replaces the modified monitored files with a backup copy of the original, step 240.
[027] Once the automatic file regeneration service replaces modified monitored files with a backup copy of the original, the service records an entry in a registry 103 of operating system 105, step 250. Each service record may indicate the name of the replaced files, time when the service detected the modification, time when the service replaced the modified files, and other information.
[028] The process between steps 220-250 is repeated until the user stops the automatic file regenerator, turns off the computer, or otherwise indicates a desire to terminate the process.
[029] A second method consistent with the invention is shown in Figure 3. The method first prompts or requests input from a user, for example, a system administrator, to indicate or specify files and directories for the automatic file regenerator to monitor, step 300. The method may verify that the user has provided a backup copy of the monitored files, step 305.

The method then registers the automatic file regeneration service as a file-system object, step 310. A message requestor 408 requests a copy of any file change messages sent by the operating system 105 for any directories and sub-directories within the root directory specified by the user for the instance of the file regeneration service, step 320. For example, the system may audit information from monitored file systems or directories using the processes and method described in U.S. Patent Application No. 10/216,917, filed August 13, 2002, entitled "Auditing Computer System Components in a Network," the contents of which are incorporated by reference herein in their entirety. If the service receives a message of modification of any of the monitored files, step 330, it replaces the modified monitored files with a backup copy of the original, step 340.
[030] Once the automatic file regeneration service replaces modified monitored files with a backup copy of the original, the service records an entry in the registry of operating system 105, step 350. Each service record may indicate the name of the replaced files, time when the service detected the modification, time when the service replaced the modified files, and other information.
[031] The process between steps 320-350 is repeated until the user stops the automatic file regenerator, turn off the computer, or otherwise indicates a desire to terminate the process.
[032] The automatic file regenerator cannot replace files that are marked as "in use" or locked by the operating system 105 or another program.
However, in most cases these files are replaced as soon as the operating system 105 or the other program releases the lock or revokes the "in use"
status of the modified files. It is important to note that the system or the local system account must possess full rights to the monitored files and read-only rights to the backup copy of the monitored files. Preferably, the automatic file regenerator uses read-only media, such as a CD-ROM or CDR, to store backup copies of the monitored files. Alternatively, the automatic file regenerator may store the backup copy on another server 124 or 130, on device 110, or on any computer-readable medium.
[033] Both methods of detecting file modification require no user interaction, and only replace files that have been modified or removed. The methods use no resources of computer 101 unless the automatic file regenerator is actively restoring a file or directory. One of ordinary skill in the art will recognize that the configurations described above are embodiments of the present invention, and other configurations may be practiced in a manner consistent with the principles of the present invention, [034] Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.

Claims (48)

1. A method for regenerating computer files on a computer system including a computer with an operating system, comprising:

receiving an input from a user to specify monitored files;
detecting modification of at least one of the monitored files; and replacing the at least one modified monitored file with a backup copy of the at least one modified monitored file.
2. The method of claim 1, comprising:

initiating an instance of automatic file regeneration service, after receiving user input.
3. The method of claim 2, wherein the detecting further comprises:
comparing the monitored files with a respective backup copy of the monitored files.
4. The method of claim 3, wherein the comparing comprises:
comparing the monitored files with a respective backup copy of the monitored files by comparing the attributes of the monitored files and their respective backup copy.
5. The method of claim 4, comprising:

storing an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
6. The method of claim 4, wherein the monitored files are stored in at least one root directory specified by the user.
7. The method of claim 6, wherein the initiating comprises:

initiating an instance of automatic file regeneration service for the at least one root directory.
8. The method of claim 7, comprising:

storing an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
9. The method of claim 8, wherein the replacing comprises replacing on a real-time basis.
10. The method of claim 8, wherein the replacing is performed when the computer is restarted.
11. The method of claim 1, comprising:

registering automatic file regeneration service as a file-system object of the operating system, after receiving user input.
12. The method of claim 11, wherein detecting further comprises:
requesting a copy of any file change messages sent by the operating system.
13. The method of claim 12, wherein the operating system comprises a registry and the method comprises:

storing an indication in the registry that the automatic file regeneration service has replaced at least one modified monitored file.
14. The method of claim 13, wherein the monitored files are stored in root directories specified by the user.
15. The method of claim 14, wherein the replacing comprises replacing on a real-time basis.
16. The method of claim 14, wherein the replacing is performed when the computer is restarted.
17. A system for regenerating computer files on a computer system including a computer with an operating system, comprising:

an input receiving unit operable to receive an input from a user to specify monitored files; and a file regenerator operable to detect modification of at least one of the monitored files and replace the at least one modified monitored file with a backup copy of the at least one modified monitored file.
18. The system of claim 17, comprising:

a service initiator operable to initiate an instance of automatic file regeneration service.
19. The system of claim 18, wherein the file monitor further comprises:
a file comparator operable to compare the monitored files with a respective backup copy of the monitored files.
20. The system of claim 19, wherein the file regenerator further compares the monitored files with a respective backup copy of the monitored files by comparing the attributes of the monitored files and their respective backup copy.
21. The system of claim 20, comprising:

a computer registry operable to store an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
22. The system of claim 20, wherein the monitored files are stored in at least one root directory specified by the user.
23. The system of claim 22, wherein the service initiator further initiates an instance of automatic file regeneration service for the at least one root directory.
24. The system of claim 23, comprising:

a computer registry operable to store an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
25. The system of claim 24, wherein the automatic file regeneration service replaces the at least one modified monitored file on a real-time basis.
26. The system of claim 24, wherein the automatic file regeneration service replaces the at least one modified monitored file when the computer is restarted.
27. The system of claim 17, comprising:

a service register operable to register automatic file regenerating service as a file-system object of the operating system.
28. The system of claim 27, wherein the step of detecting further comprises: a message requestor operable to request a copy of any file change messages sent by the operating system.
29. The system of claim 28, further comprising:

a computer registry operable to store an indication in the registry that the automatic file regeneration service has replaced at least one modified monitored file.
30. The system of claim 29, wherein the file regenerator replaces the at least one modified monitored files on a real-time basis.
31. The system of claim 29, wherein the file regenerator replaces the at least one modified monitored files when the computer is restarted.
32. A computer-readable medium containing instructions for performing a process for regenerating computer files on a computer system including a computer with an operating system, the process comprising:

receiving an input from a user to specify monitored files;
detecting modification of at least one of the monitored files; and replacing the at least one modified monitored file with a backup copy of the at least one modified monitored file.
33. The computer-readable medium of claim 32, comprising:
initiating an instance of automatic file regeneration service, after receiving user input.
34. The computer-readable medium of claim 33, wherein the step of detecting further comprises:

comparing the monitored files with a respective backup copy of the monitored files.
35. The computer-readable medium of claim 38, wherein the step of comparing comprises:

comparing the monitored files with a respective backup copy of the monitored files by comparing the attributes of the monitored files and their respective backup copy.
36. The computer-readable medium of claim 35, comprising:

storing an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
37. The computer-readable medium of claim 35, wherein the monitored files are stored in at least one root directory specified by the user.
38. The computer-readable medium of claim 37, wherein the step of initiating comprises:

initiating an instance of automatic file regeneration service for the at least one root directory.
39. The computer-readable medium of claim 38, comprising:

storing an indication in a computer operating system registry when the automatic file regeneration service replaces the at least one modified monitored file.
40. The computer-readable medium of claim 39, wherein the replacing comprises replacing on a real-time basis.
41. The computer-readable medium of claim 39, wherein the replacing is performed when the computer is restarted.
42. The computer-readable medium of claim 32, comprising:

registering automatic file regeneration service as a file-system object of the operating system, after receiving user input.
43. The computer-readable medium of claim 42, wherein the step of detecting further comprises:

requesting a copy of any file change messages sent by the operating system.
44. The computer-readable medium of claim 43, comprising:

storing an indication in the registry that the automatic file regeneration service has replaced at least one modified monitored file.
45. The computer-readable medium of claim 44, wherein the monitored files are stored in root directories specified by the user.
46. The computer-readable medium of claim 45, wherein the replacing comprises replacing on a real-time basis.
47. The computer-readable medium of claim 45, wherein the replacing is performed when the computer is restarted.
48. An apparatus for regenerating computer files on a computer system including a computer with an operating system, comprising:

means for receiving an input from a user to specify monitored files, wherein the monitored files are stored in at least one root directory specified by the user;

means for initiating an instance of automatic file regeneration service, after receiving user input;

means for detecting modification of at least one of the monitored files by comparing the monitored files with a respective backup copy of the monitored files; and means for replacing the at least one modified monitored file with a backup copy of the at least one modified monitored file.
CA002573143A 2003-07-08 2004-07-08 Automatic regeneration of computer files description Abandoned CA2573143A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US48516003P 2003-07-08 2003-07-08
US60/485,160 2003-07-08
PCT/US2004/021945 WO2005008457A1 (en) 2003-07-08 2004-07-08 Automatic regeneration of computer files description

Publications (1)

Publication Number Publication Date
CA2573143A1 true CA2573143A1 (en) 2005-01-27

Family

ID=34079096

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002573143A Abandoned CA2573143A1 (en) 2003-07-08 2004-07-08 Automatic regeneration of computer files description

Country Status (4)

Country Link
US (1) US7685174B2 (en)
EP (1) EP1652033A1 (en)
CA (1) CA2573143A1 (en)
WO (1) WO2005008457A1 (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7389333B2 (en) * 2003-07-02 2008-06-17 Fujitsu Limited Provisioning a network element using custom defaults
US8261246B1 (en) * 2004-09-07 2012-09-04 Apple Inc. Method and system for dynamically populating groups in a developer environment
GB2427048A (en) 2005-06-09 2006-12-13 Avecho Group Ltd Detection of unwanted code or data in electronic mail
US7986480B2 (en) * 2005-11-03 2011-07-26 Hitachi Global Storage Technologies Netherlands B.V. Micro-journaling of data on a storage device
US7937758B2 (en) * 2006-01-25 2011-05-03 Symantec Corporation File origin determination
US9329973B2 (en) 2006-03-22 2016-05-03 British Telecommunications Public Limited Company Method and apparatus for automated testing software
US20070234337A1 (en) * 2006-03-31 2007-10-04 Prowess Consulting, Llc System and method for sanitizing a computer program
US9547485B2 (en) 2006-03-31 2017-01-17 Prowess Consulting, Llc System and method for deploying a virtual machine
US9729513B2 (en) 2007-11-08 2017-08-08 Glasswall (Ip) Limited Using multiple layers of policy management to manage risk
GB2444514A (en) 2006-12-04 2008-06-11 Glasswall Electronic file re-generation
US20090193026A1 (en) * 2008-01-25 2009-07-30 Sony Ericsson Mobile Communications Ab Integrated database replay protection
EP2136581A1 (en) * 2008-06-16 2009-12-23 Koninklijke KPN N.V. Protecting a mobile device against a denial of service attack
GB2469308B (en) * 2009-04-08 2014-02-19 F Secure Oyj Disinfecting a file system
US20100332549A1 (en) * 2009-06-26 2010-12-30 Microsoft Corporation Recipes for rebuilding files
US9098520B2 (en) * 2012-04-03 2015-08-04 Baloota Applications Ltd. Apparatus and methods for restoring data objects
JP5952220B2 (en) * 2013-05-23 2016-07-13 日本電信電話株式会社 File monitoring cycle calculation device, file monitoring cycle calculation system, file monitoring cycle calculation method, and file monitoring cycle calculation program
JP5952219B2 (en) * 2013-05-23 2016-07-13 日本電信電話株式会社 File monitoring cycle control device, file monitoring cycle control system, file monitoring cycle control method, and file monitoring cycle control program
GB2518880A (en) 2013-10-04 2015-04-08 Glasswall Ip Ltd Anti-Malware mobile content data management apparatus and method
US9330264B1 (en) 2014-11-26 2016-05-03 Glasswall (Ip) Limited Statistical analytic method for the determination of the risk posed by file based content

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5408642A (en) * 1991-05-24 1995-04-18 Symantec Corporation Method for recovery of a computer program infected by a computer virus
US5193180A (en) * 1991-06-21 1993-03-09 Pure Software Inc. System for modifying relocatable object code files to monitor accesses to dynamically allocated memory
US5978565A (en) * 1993-07-20 1999-11-02 Vinca Corporation Method for rapid recovery from a network file server failure including method for operating co-standby servers
US5745669A (en) * 1993-10-21 1998-04-28 Ast Research, Inc. System and method for recovering PC configurations
US5771354A (en) * 1993-11-04 1998-06-23 Crawford; Christopher M. Internet online backup system provides remote storage for customers using IDs and passwords which were interactively established when signing up for backup services
US5638509A (en) * 1994-06-10 1997-06-10 Exabyte Corporation Data storage and protection system
US5845293A (en) * 1994-08-08 1998-12-01 Microsoft Corporation Method and system of associating, synchronizing and reconciling computer files in an operating system
US5799147A (en) * 1994-10-19 1998-08-25 Shannon; John P. Computer recovery backup method
US6366930B1 (en) * 1996-04-12 2002-04-02 Computer Associates Think, Inc. Intelligent data inventory & asset management systems method and apparatus
US5857205A (en) * 1996-08-12 1999-01-05 Roth; Michael Method for determining if data item characteristics in periodically updated and replaced files have unexpectedly changed
US5797016A (en) * 1996-10-29 1998-08-18 Cheyenne Software Inc. Regeneration agent for back-up software
US6035264A (en) * 1996-11-26 2000-03-07 Global Maintech, Inc. Electronic control system and method for externally controlling process in a computer system with a script language
JPH11134234A (en) * 1997-08-26 1999-05-21 Reliatec Ltd Backup list method, its controller and recording medium which records backup restoration program and which computer can read
US6785786B1 (en) * 1997-08-29 2004-08-31 Hewlett Packard Development Company, L.P. Data backup and recovery systems
US6363498B1 (en) * 1997-11-20 2002-03-26 Lucent Technologies, Inc. Method and apparatus to automatically back up switching system files
AU3304699A (en) * 1998-02-20 1999-09-06 Storm Systems Llc File system performance enhancement
US6026414A (en) * 1998-03-05 2000-02-15 International Business Machines Corporation System including a proxy client to backup files in a distributed computing environment
US6275942B1 (en) * 1998-05-20 2001-08-14 Network Associates, Inc. System, method and computer program product for automatic response to computer system misuse using active response modules
US6604236B1 (en) * 1998-06-30 2003-08-05 Iora, Ltd. System and method for generating file updates for files stored on read-only media
US6195695B1 (en) * 1998-10-27 2001-02-27 International Business Machines Corporation Data processing system and method for recovering from system crashes
US6212512B1 (en) * 1999-01-06 2001-04-03 Hewlett-Packard Company Integration of a database into file management software for protecting, tracking and retrieving data
US6374401B1 (en) * 1999-03-29 2002-04-16 International Business Machines Corporation System, method, and program for updating registry objects with a cross-platform installation program
US6931440B1 (en) * 1999-04-21 2005-08-16 Emc Corporation Method and apparatus for dynamically determining whether access to a resource connected to a computer has changed and determining how to access the resource with a new identifier
US6687749B1 (en) * 1999-06-30 2004-02-03 Microsoft Corporation Methods and systems for reporting and resolving support incidents
US6460055B1 (en) * 1999-12-16 2002-10-01 Livevault Corporation Systems and methods for backing up data files
US6971018B1 (en) * 2000-04-28 2005-11-29 Microsoft Corporation File protection service for a computer system
US6560719B1 (en) * 2000-05-17 2003-05-06 Unisys Corporation Method for recovery of original registry key file data
US6675177B1 (en) * 2000-06-21 2004-01-06 Teradactyl, Llc Method and system for backing up digital data
WO2002015082A1 (en) * 2000-08-10 2002-02-21 Miralink Corporation Data/presence insurance tools and techniques
US20020023226A1 (en) * 2000-08-21 2002-02-21 Kabushiki Kaisha Network Doc Falsification preventing apparatus, falsification preventing method and recording medium therefor
US8831995B2 (en) * 2000-11-06 2014-09-09 Numecent Holdings, Inc. Optimized server for streamed applications
US6931558B1 (en) * 2000-11-29 2005-08-16 Veritas Operating Corporation Computer restoration systems and methods
US6839721B2 (en) * 2001-01-12 2005-01-04 Hewlett-Packard Development Company, L.P. Integration of a database into file management software for protecting, tracking, and retrieving data
US6985915B2 (en) * 2001-02-28 2006-01-10 Kiran Somalwar Application independent write monitoring method for fast backup and synchronization of files
US6847983B2 (en) * 2001-02-28 2005-01-25 Kiran Somalwar Application independent write monitoring method for fast backup and synchronization of open files
GB0121497D0 (en) 2001-09-05 2001-10-24 Cryptic Software Ltd Network security
US7356736B2 (en) * 2001-09-25 2008-04-08 Norman Asa Simulated computer system for monitoring of software performance
US20030140253A1 (en) * 2001-11-16 2003-07-24 Mark Crosbie Method of and apparatus for detecting creation of set user identification (setuid) files, and computer program for enabling such detection
US20030115458A1 (en) * 2001-12-19 2003-06-19 Dongho Song Invisable file technology for recovering or protecting a computer file system
US7143113B2 (en) * 2001-12-21 2006-11-28 Cybersoft, Inc. Apparatus, methods and articles of manufacture for securing and maintaining computer systems and storage media
US7085852B2 (en) * 2002-03-01 2006-08-01 Sun Microsystems, Inc. Deterministic immutable access elimination for efficient distributed state saves
US6898600B2 (en) * 2002-05-16 2005-05-24 International Business Machines Corporation Method, system, and program for managing database operations
JP2004046435A (en) * 2002-07-10 2004-02-12 Hitachi Ltd Backup method and storage controller used for the same
US20040039868A1 (en) * 2002-08-20 2004-02-26 Lush Jeffrey L. Facilitating restoration of a system configuration of a data processing system
US20040107199A1 (en) * 2002-08-22 2004-06-03 Mdt Inc. Computer application backup method and system
US7051053B2 (en) * 2002-09-30 2006-05-23 Dinesh Sinha Method of lazily replicating files and monitoring log in backup file system
US6882271B2 (en) * 2002-11-12 2005-04-19 Koninklijke Philips Electronics N.V. Automated medical imaging system repair diagnostics
WO2004073332A1 (en) * 2003-02-11 2004-08-26 Unisys Corporation Method and apparatus for updating a control file
US7437763B2 (en) * 2003-06-05 2008-10-14 Microsoft Corporation In-context security advisor in a computing environment
US7216169B2 (en) * 2003-07-01 2007-05-08 Microsoft Corporation Method and system for administering personal computer health by registering multiple service providers and enforcing mutual exclusion rules

Also Published As

Publication number Publication date
EP1652033A1 (en) 2006-05-03
WO2005008457A1 (en) 2005-01-27
US7685174B2 (en) 2010-03-23
US20050120063A1 (en) 2005-06-02

Similar Documents

Publication Publication Date Title
US7685174B2 (en) Automatic regeneration of computer files
US11113156B2 (en) Automated ransomware identification and recovery
AU2002239889B2 (en) Computer security and management system
US7188368B2 (en) Method and apparatus for repairing damage to a computer system using a system rollback mechanism
US9639697B2 (en) Method and apparatus for retroactively detecting malicious or otherwise undesirable software
US9418227B2 (en) Detecting malicious software
KR101159316B1 (en) Method and system for single reactivation of software product licenses
JP4676744B2 (en) Security-related programming interface
US20070078990A1 (en) System for identifying the presence of Peer-to-Peer network software applications
AU2002239889A1 (en) Computer security and management system
WO2017074624A1 (en) Methods and apparatus for mobile computing device security in testing facilities
WO2006110826A2 (en) System and method for detecting peer-to-peer network software
US7024694B1 (en) Method and apparatus for content-based instrusion detection using an agile kernel-based auditor
US7624439B2 (en) Authenticating resource requests in a computer system
WO2006137657A1 (en) Method for intercepting malicious code in computer system and system therefor
CN105528543A (en) Remote antivirus method, client, console and system
US7774847B2 (en) Tracking computer infections
CN100353277C (en) Implementing method for controlling computer virus through proxy technique
US20220150241A1 (en) Permissions for backup-related operations
JP3851263B2 (en) Preventing recurrence of multiple system outages
US20220083646A1 (en) Context Based Authorized External Device Copy Detection
WO2011074824A2 (en) System and method for updating signature database and apparatus for updating database of a client terminal
CN116506222B (en) Safety protection system
US20040088575A1 (en) Secure remote network access system and method
Ii TECHNICAL EVALUATION AND LEGAL OPINION OF WARDEN: A NETWORK FORENSICS TOOL

Legal Events

Date Code Title Description
FZDE Discontinued
FZDE Discontinued

Effective date: 20090708