Browse Prior Art Database

Controlled Execution of Potentially Malicious Applications

IP.com Disclosure Number: IPCOM000244915D
Publication Date: 2016-Jan-29
Document File: 7 page(s) / 594K

Publishing Venue

The IP.com Prior Art Database

Related People

Jie Ping: INVENTOR [+2]

Abstract

This publication describes a solution to provide a user with a report of a potentially risky application, and further, if the user still wants to execute the application locally, this solution will give user a chance to revert all changes introduced by the application and allow a software security provider to collect more detailed security information about the application.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 7

Controlled Execution of Potentially Malicious Applications

Jie Ping

    Yu Xin Liu Symantec Corporation

Abstract

This publication describes a solution to provide a user with a report of a potentially risky application, and further, if the user still wants to execute the application locally, this solution will give user a chance to revert all changes introduced by the application and allow a software security provider to collect more detailed security information about the application.

Copyright © 2016 Symantec Corporation. All rights reserved.

1


Page 02 of 7

Copyright © 2016 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. For a full list of Symantec trademarks, please visit http://www.symantec.com/about/profile/policies/trademarks/currentlist.jsp

Any Symantec products described in this document are distributed under licenses restricting their use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

Symantec Corporation 350 Ellis Street Mountain View, CA 94043 United States

http://www.symantec.com

2

Copyright © 2016 Symantec Corporation. All rights reserved.


Page 03 of 7

Controlled Execution of Potentially Malicious Applications

Problem Statement

Software security solutions typically only show a user the name of a risky application without more detailed information or payload. In addition, if certain applications are allowed to execute at all before detection, the changes introduced by the application often cannot all be erased.

Solution Description

Figure 1 depicts a flow diagram of a complete work flow of the method.

Figure 1

As illustrated in this figure, when user executes a risky application, the solution will query an execution report of the detected application from a cloud database. The report may include such things as

Copyright © 2016 Symantec Corporation. All rights reserved.

3


Page 04 of 7

whether th...