Automatic file encryption
US-2018107834-A1 · Apr 19, 2018 · US
Protecting backup files from malware
US2018203997A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2018203997-A1 |
| Application number | US-201715409692-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jan 19, 2017 |
| Priority date | Jan 19, 2017 |
| Publication date | Jul 19, 2018 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for safeguarding a stored file from malware. In one embodiment, the method includes at least one computer processor receiving, to a storage system, a first file from a first computing device. The method further includes analyzing the received first file to determine whether the received first file is suspected of encryption by malware. The method further includes responding to determining that the received first file is suspected of encryption by malware, initiating one or more actions, including suspending replacement of an instance of the first file backed up to the storage system with the received first file. The method further includes storing the received first file to a portion of the storage system designated for file isolation.
First claim
Opening claim text (preview).
What is claimed is: 1 - 8 . (canceled) 9 . A computer program product for safeguarding a stored file from malware, the computer program product comprising: one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions readable/executable by one or more computer processors and further comprising: program instructions to receive, to a storage system, a first file from a first computing device; program instructions to analyze the received first file to determine whether the received first file is suspected of encryption by malware; program instructions to respond to determining that the received first file is suspected of encryption by malware by initiating one or more actions, including suspending replacement of an instance of the first file backed up to the storage system with the received first file; and program instructions to store the received first file to a portion of the storage system designated for file isolation. 10 . The computer program product of claim 9 , further comprising: program instructions to respond to determining that the received first file is suspected of encryption by malware by transmitting a notification to at least a first user associated with the received first file, wherein the notification includes a result of analysis of the received first file; and program instructions to receive a response from the first user associated with the received first file, indicating whether the analysis of the received first file is a false-positive result for encryption by malware. 11 . The computer program product of claim 9 , wherein the program instructions to analyze the received first file to determine whether the received first file is suspected of encryption by malware further comprise: program instructions to determine one or more attributes associated with the received first file; program instructions to compare the one or more attributes of the received first file to one or more corresponding items related to the received first file, wherein the items related to the received first file are selected from the group consisting of a structure of the received first file, a portion of content of the received first file, one or more file attributes of other versions of the first file, a structure of another version of the first file, and a portion of content of another version of the first file; and program instructions to respond to the comparison of the one or more attributes associated with the received first file and the one or more corresponding items related to the received first file identifying one or more differences by indicating that the received first file is suspected of encryption by malware. 12 . The computer program product of claim 9 , further comprising: program instructions to determine that the storage system supports version control of files backed up to the storage system; and program instructions to respond to determining that the storage system supports version control of files backed up to the storage system by suspending file rotation of versions of the first file backed up to the storage system. 13 . The computer program product of claim 10 , further comprising: program instructions to respond to receiving the response from the first user that indicates that the analysis of the received first file is not a false-positive result by identifying a user profile of the user of the received first file; program instructions to determine a listing of files backed up to the storage system corresponding to the first user and the first computing device, including the received first file; and program instructions to suspend rotation of files of the determined listing of files backed up to the storage system. 14 . The computer program product of claim 10 , further comprising: program instructions to respond to receiving the response from the first user that indicates that the analysis of the received first is a false-positive result by identifying a user profile of the first user of the received first file; program instructions to determine a listing of files backed up to the storage system corresponding to the first user and the first computing device, including the received first file; program instructions to resume rotation of files of the determined listing of files backed up to the storage system; and program instructions to store the received first file to the storage system based, at least in part, on a rotations of files and the user profile of the first user, wherein the received first files is removed from file isolation in response to determining that a false-positive result is confirmed. 15 . A computer system for safeguarding a stored file from malware, the computer system comprising: one or more computer processors; one or more computer readable storage media; program instructions stored on the computer readable storage media for reading/execution by at least one of the one or more computer processors, the program instructions further comprising: program instructions to receive, to a storage system, a first file from a first computing device; program instructions to analyze the received first file to determine whether the received first file is suspected of encryption by malware; program instructions to respond to determining that the received first file is suspected of encryption by malware by initiating one or more actions, including suspending replacement of an instance of the first file backed up to the storage system with the received first file; and program instructions to store the received first file to a portion of the storage system designated for file isolation. 16 . The computer system of claim 15 , further comprising: program instruction to respond to determining that the received first file is suspected of encryption by malware by transmitting a notification to at least a first user associated with the received first file, wherein the notification includes a result of analysis of the received first file; and program instructions to receive a response from the first user associated with the received first file, indicating whether the analysis of the received first file is a false-positive result for encryption by malware. 17 . The computer system of claim 16 , further comprising: program instructions to respond to receiving the response from the first user that indicates that the analysis of the received first file is not a false-positive result by identifying a user profile of the user of the received first file; program instructions to determine a listing of files backed up to the storage system corresponding to the first user and the first computing device, including the received first file; and program instructions to suspend rotation of files of the determined listing of files backed up to the storage system. 18 . The computer system of claim 16 , further comprising: program instructions to respond to receiving the response from the first user that indicates that the analysis of the received first is a false-positive result by identifying a user profile of the first user of the received first file; program instructions to determine a listing of files backed up to the storage system corresponding to the first user and the first computing device, including the received first file; program instructions to resume rotation of files of the determined listing of files backed up to the storage system; and program instructions to store the received first file to the storage system based, at least in part, on a rotations of files and the user profile of the first user, wherein the received fi
Assignees
Inventors
Classifications
eliminating virus, restoring damaged files · CPC title
- G06F21/565Primary
by checking file integrity · CPC title
Test or assess a computer or a system · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2018203997A1 cover?
- A method for safeguarding a stored file from malware. In one embodiment, the method includes at least one computer processor receiving, to a storage system, a first file from a first computing device. The method further includes analyzing the received first file to determine whether the received first file is suspected of encryption by malware. The method further includes responding to determin…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/565. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jul 19 2018 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).