Mitigation of malware
US-2015379264-A1 · Dec 31, 2015 · US
Protecting backup files from malware
US2019220597A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2019220597-A1 |
| Application number | US-201916374050-A |
| Country | US |
| Kind code | A1 |
| Filing date | Apr 3, 2019 |
| Priority date | Jan 19, 2017 |
| Publication date | Jul 18, 2019 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method for safeguarding a stored file from malware. In one embodiment, the method includes at least one computer processor receiving, to a storage system, a first file from a first computing device. The method further includes analyzing the received first file to determine whether the received first file is suspected of encryption by malware. The method further includes responding to determining that the received first file is suspected of encryption by malware, initiating one or more actions, including suspending replacement of an instance of the first file backed up to the storage system with the received first file. The method further includes storing the received first file to a portion of the storage system designated for file isolation.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method for safeguarding a stored file from malware, the method comprising: determining, by one or more computer processors, that a storage system supports version control of files backed up to the storage system and that the storage system supports user profiles for backing up files to the storage system, a user profile including: identities of two or more computing devices associated with the user; one or more methods, respectively associated with a computing device associated with the user, for notifying the user of a result of an analysis indicating that malware is suspected of affecting a file of the user; and a list of files that the user backs up to the storage system, the list of files further including: version control information corresponding to the files that the user backs up to the storage system; and an indication, corresponding to each file the user backs up to the storage system, identifying that the file is shared and respective identities corresponding to other computing devices that utilize the shared file; determining, by one or more computer processors, that a first user of the storage system has two computing devices based on information within the profile corresponding to the first user; in response to determining that the first user of the storage system has two computing devices, determining, by one or more computer processors, that a first computing device includes a first file that is not stored in the second computing device, wherein the second computing device is associated with a multi-factor identification scheme; receiving, by one or more computer processors, to the storage system, a version of a first file from the first computing device associated with the first user, wherein the first file is a file of the list of files of the user; and analyzing, by one or more computer processors, the received version of the first file to determine whether the received first file is suspected of encryption by malware, wherein analyzing the received version of the first file to determine whether the received version of the first file is suspected of encryption by malware further comprises: determining, by one or more computer processors, one or more attributes associated with the received version of the first file; comparing, by one or more computer processors, the one or more attributes of the received version of first file to one or more corresponding items related to the received version of the first file, wherein the items related to the received version of first file are selected from a group consisting of a structure of the received first file, a portion of content of the received version of the first file, one or more file attributes of other versions of the first file, a structure of another version of the first file, a portion of content of another version of the first file; and in response to the comparison of the one or more attributes associated with the received version of the first file and the one or more corresponding items related to the received version of the first file identifying one or more differences and determining, by one or more computer processors, that the received first file is suspected of encryption by malware; responsive to determining that the received version of the first file is suspected of encryption by malware, initiating, by one or more computer processors, actions, including: suspending replacement of another version of the first file backed up to the storage system with the received version of the first file; storing the received version of the first file to a portion of the storage system designated for file isolation; transmitting, to the first computing device and the second computing device associated with the first user, a notification to the first user indicating that the received version of the first file is suspected of encryption by malware, wherein the second computing device does not store the first file included in the first computing device; and determining whether the first file is shared based on information within the profile associated with the first user; in response to determining that the first file is shared, identifying, by one or more computer processors, respective identities for other computing devices that utilize a version of the shared first file, an identity of a second user respectively associated with one or more other computing devices that utilize the shared first file; transmitting, by one or more computer processors, another notification to the respective identities for other computing devices that utilize the shared first file and respective identities of second computing devices corresponding to the other users, wherein the other notification indicating that the received version of the first file is suspected of encryption by malware, and wherein the second computing devices corresponding to the other users lack the shared first file; and receiving, by one or more computer processors, from the second device of the first user, and based on the multi-factor identification scheme, a response indicating whether the shared first file is encrypted by malware.
Assignees
Inventors
Classifications
Test or assess a computer or a system · CPC title
- G06F21/565Primary
by checking file integrity · CPC title
eliminating virus, restoring damaged files · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2019220597A1 cover?
- A method for safeguarding a stored file from malware. In one embodiment, the method includes at least one computer processor receiving, to a storage system, a first file from a first computing device. The method further includes analyzing the received first file to determine whether the received first file is suspected of encryption by malware. The method further includes responding to determin…
- Who is the assignee on this patent?
- IBM
- What technology area does this patent fall under?
- Primary CPC classification G06F21/565. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jul 18 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).