Systems and methods for threat detection using a software program update profile
US-9800590-B1 · Oct 24, 2017 · US
Systems and methods for managing application updates
US10318272B1 · US · B1
| Field | Value |
|---|---|
| Publication number | US-10318272-B1 |
| Application number | US-201715474067-A |
| Country | US |
| Kind code | B1 |
| Filing date | Mar 30, 2017 |
| Priority date | Mar 30, 2017 |
| Publication date | Jun 11, 2019 |
| Grant date | Jun 11, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed computer-implemented method for managing application updates may include (i) recording network activity of a target application, (ii) recording an identifying attribute of the target application that is associated with a current version of the target application, (iii) determining, based on recording the identifying attribute, that the target application has attempted to update from a previous version of the target application to the current version of the target application, (iv) locating a portion of network activity that reveals how to manually update an instance of the previous version of the target application, and (v) perform, in response to locating the portion of network activity that reveals how to manually update the instance of the previous version of the target application, a security action to protect a user from a candidate security threat. Various other methods, systems, and computer-readable media are also disclosed.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method for managing application updates, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising: recording network activity of a target application; recording an identifying attribute of the target application that is associated with a current version of the target application; determining, based on recording the identifying attribute that is associated with the current version, that the target application has attempted to update from a previous version of the target application to the current version of the target application; locating, within the recorded network activity, and in response to determining that the target application has attempted to update from the previous version of the target application to the current version, a portion of network activity that reveals how to manually update an instance of the previous version of the target application; and performing, in response to locating the portion of network activity that reveals how to manually update the instance of the previous version of the target application, a security action to protect a user from a candidate security threat, wherein: the portion of the network activity reveals a uniform resource locator where a download for updating the target application is available; and the uniform resource locator dynamically changes between versions of the target application and the portion of network activity reveals how to dynamically generate the uniform resource locator for the current version of the target application. 2. The computer-implemented method of claim 1 , further comprising updating, after performing the security action, the instance of the previous version of the target application based on the portion of network activity that reveals how to manually update the instance rather than automatically updating the instance of the previous version of the target application through an auto-update function of the instance of the previous version of the target application. 3. The computer-implemented method of claim 1 , wherein the uniform resource locator dynamically changes between versions of the target application based on a file version of the current version of the target application. 4. The computer-implemented method of claim 1 , wherein the uniform resource locator dynamically changes between versions of the target application based on a date of releasing the target application. 5. The computer-implemented method of claim 1 , wherein the uniform resource locator dynamically changes between versions of the target application based on both: a file version of the current version of the target application; and a date of releasing the target application. 6. The computer-implemented method of claim 1 , wherein the identifying attribute that is associated with the current version comprises a file version number. 7. The computer-implemented method of claim 1 , wherein the identifying attribute that is associated with the current version comprises a hash of the current version of the target application. 8. The computer-implemented method of claim 1 , wherein determining that the target application has attempted to update from the previous version of the target application to the current version of the target application comprises determining that the identifying attribute has changed from a previous version of the identifying attribute. 9. The computer-implemented method of claim 1 , wherein locating, within the recorded network activity, the portion of network activity comprises matching the network activity, within a span of time, to the recording of the identifying attribute. 10. The computer-implemented method of claim 1 , wherein the security action comprises disabling an auto-update function of the instance of the previous version of the target application. 11. A system for managing application updates, the system comprising: a recording module, stored in memory, that: records network activity of a target application; and records an identifying attribute of the target application that is associated with a current version of the target application; a determination module, stored in memory, that determines, based on recording the identifying attribute that is associated with the current version, that the target application has attempted to update from a previous version of the target application to the current version of the target application; a location module, stored in memory, that locates, within the recorded network activity, and in response to determining that the target application has attempted to update from the previous version of the target application to the current version, a portion of network activity that reveals how to manually update an instance of the previous version of the target application; a performance module, stored in memory, that performs, in response to locating the portion of network activity that reveals how to manually update the instance of the previous version of the target application, a security action to protect a user from a candidate security threat; and at least one physical processor configured to execute the recording module, the determination module, the location module, and the performance module, wherein: the portion of the network activity reveals a uniform resource locator where a download for updating the target application is available; and the uniform resource locator dynamically changes between versions of the target application and the portion of network activity reveals how to dynamically generate the uniform resource locator for the current version of the target application. 12. The system of claim 11 , wherein the performance module is further configured to update, after performing the security action, the instance of the previous version of the target application based on the portion of network activity that reveals how to manually update the instance rather than automatically updating the instance of the previous version of the target application through an auto-update function of the instance of the previous version of the target application. 13. The system of claim 11 , wherein the uniform resource locator dynamically changes between versions of the target application based on a file version of the current version of the target application. 14. The system of claim 11 , wherein the uniform resource locator dynamically changes between versions of the target application based on a date of releasing the target application. 15. The system of claim 11 , wherein the uniform resource locator dynamically changes between versions of the target application based on both: a file version of the current version of the target application; and a date of releasing the target application. 16. The system of claim 11 , wherein the identifying attribute that is associated with the current version comprises a file version number. 17. The system of claim 11 , wherein the identifying attribute that is associated with the current version comprises a hash of the current version of the target application. 18. The system of claim 11 , wherein the determination module is configured to determine that the target application has attempted to update from the previous version of the target application to the current version of the target application at least in part by determining that the identifying attribute has changed from a previous version of the identifying attribute. 19. The system of claim 11 , where
Assignees
Inventors
Classifications
specially adapted for file transfer, e.g. file transfer protocol [FTP] · CPC title
- G06F8/65Primary
Updates (security arrangements therefor G06F21/57) · CPC title
Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities · CPC title
involving the movement of software or configuration parameters (network booting or remote initial program loading [RIPL] G06F9/4416) · CPC title
Electricity · mapped topic
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10318272B1 cover?
- The disclosed computer-implemented method for managing application updates may include (i) recording network activity of a target application, (ii) recording an identifying attribute of the target application that is associated with a current version of the target application, (iii) determining, based on recording the identifying attribute, that the target application has attempted to update fr…
- Who is the assignee on this patent?
- Symantec Corp
- What technology area does this patent fall under?
- Primary CPC classification G06F8/65. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Jun 11 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).