US 12,189,769 B2
Cloud storage scanner
Mark Robert Burdett, Abingdon (GB); and Guy Alexander Davies, Abingdon (GB)
Assigned to Sophos Limited, Abingdon (GB)
Filed by Sophos Limited, Abingdon (GB)
Filed on Mar. 21, 2022, as Appl. No. 17/699,286.
Application 17/699,286 is a continuation of application No. 15/635,279, filed on Jun. 28, 2017, granted, now 11,281,775.
Claims priority of application No. 1611202 (GB), filed on Jun. 28, 2016.
Prior Publication US 2022/0207143 A1, Jun. 30, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/06 (2006.01); G06F 16/182 (2019.01); G06F 21/56 (2013.01); H04L 9/40 (2022.01)
CPC G06F 21/565 (2013.01) [G06F 16/183 (2019.01); G06F 21/567 (2013.01); H04L 63/1425 (2013.01); G06F 2221/034 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer program product comprising instructions stored in memory that configure one or more computing devices to perform a method comprising:
configuring a scanning service as one or more scanning applications executing on one or more virtual machines external to a cloud storage service, wherein the cloud storage service uses permissions that default to permitting access to files stored on the cloud storage service by applications running in a virtual private cloud that hosts the cloud storage service;
configuring the scanning service to receive notifications from the cloud storage service about storage activity;
configuring the scanning service with an account provided by the cloud storage service and associated with the scanning service, the account having privileges to change file permissions that control use, by one or more applications, of the files stored on the cloud storage service;
receiving, by the scanning service from the cloud storage service, a notification regarding storage activity related to a file;
after completion of the storage activity, retrieving the file from the cloud storage service with the scanning service;
scanning the file for malware;
determining based on the scanning that at least one portion of the file should not be distributed to the one or more applications because the at least one portion of the file contains malware; and
in response to determining, by the scanning service configured with the account provided by the cloud storage service that has privileges to change file permissions on the files and configured to receive the notifications about the storage activity on the cloud storage service, that the at least one portion of the file should not be distributed, accessing the file on the cloud storage service with the account and setting a file permission for the file on the cloud storage service to make the file unavailable to the one or more applications.