Browse Prior Art Database

Antivirus Scrubbing on Demand Disclosure Number: IPCOM000015902D
Original Publication Date: 2002-Jun-11
Included in the Prior Art Database: 2003-Jun-21

Publishing Venue



In a large corporate IT environment, the opportunity for an individual user to introduce a virus into the corporate campus network is large as all individuals typically have access to the internet. In order to prevent this from happening, IT organizations require their users to use an antivirus program to monitor their clients to block or disable any virus brought into the system and report its presence. The antivirus program is typically preconfigured to check a pre-specified server for updates containing information on how to identify and repair any damage for newly evolved or mutated viruses. In an emergency, the IT organization would have to send out a letter (email) manually to force a site wide update. The site wide update requires the end user to perform an action, so no coverage is ever 100%. This invention puts in place the infrastructure in a PC client that would allow an automatic and instantaneous update to their antivirus defense thereby ensuring all clients are upgraded in a timely fashion. In order to support an on-demand virus update model, if an emergency situation arises, the clients and the network interface cards (NIC) must be enhanced. The NIC cards must be modified to support a new magic packet command, similar to the Wake on LAN (WOL) magic packet. This is required to wake up a client for a virus update, if a system is powered off or cause an interrupt in a client if a client is currently powered on in order to inform the OS of the pending request to suspend current operations immediately and receive and execute an antivirus client program. In a preferred embodiment, an option is to modify the client to add a visible indicator such as a LED to the system cover to indicate that an emergency virus update is underway and to inform the user not to try to use the system until complete. The indicator would be helpful if the monitor is not powered on and if the system was powered up from an off state by the magic packet. Otherwise, the antivirus update would confuse a user attempting to power up a system they believe is powered off. If there is no LED then the system BIOS will display a descriptive screen indicating a virus update in progress. When a system is powered off when the magic packet is received, the BIOS at power up will check to see if it was turned on by a virus update event. If so, it will run the virus update program then return to the powered off state. It can check for the cause of the event at power up by reading a field that is set by the enhanced WOL system of the present invention. The virus update program can be located in a system partition such as the industry standard PARTIES partition. An alternate embodiment is for POST to pass a message to the OS to invoke the virus update program located on the file system. If the system is already active, the OS will suspend all applications, display a descriptive screen and run the antivirus client received. It is envisioned that in certain environment that the antivirus client will be preloaded and the OS will be directed to execute it via a parameter in the new antivirus magic packet. The OS should disable entry from both the keyboard and pointing device during the antivirus scrubbing period. If the client wakes up from being powered off it will disable the keyboard and pointing device unless they are attached via USB ports in which case the OS will be required to block input from those devices. Once the antivirus client finishes the update, the system may be returned to the condition it was found in at the start of the emergency procedure. 1