首页>
外国专利>
METHOD AND APPARATUS FOR COMBINING A FIREWALL AND A FORENSICS AGENT TO DETECT AND PREVENT MALICIOUS SOFTWARE ACTIVITY
METHOD AND APPARATUS FOR COMBINING A FIREWALL AND A FORENSICS AGENT TO DETECT AND PREVENT MALICIOUS SOFTWARE ACTIVITY
展开▼
机译:用于组合防火墙和取证剂以检测和防止恶意软件活动的方法和装置
展开▼
页面导航
摘要
著录项
相似文献
摘要
Methods and systems for detecting and preventing malicious software activity are presented. In one embodiment, a method is presented that includes monitoring network communications on a network. The method may also include detect a suspect network communication associated with a suspect network activity and, in response, determine an originating machine based on the suspect network activity. The method may further suspend network communications for the originating machine. A forensics software agent may then be selected based on the suspect network activity. Then, the forensics software agent may be deployed on the originating machine. After deployment, the forensics software agent may fetch computer forensics data from the originating machine. Once the computer forensics data is fetched, a response action may be selected and executed based on said computer forensics data.
展开▼