	US 11,997,139 B2
	Deceiving attackers accessing network data
Venu Vissamsetty, San Jose, CA (US); Anil Gupta, Bangalore (IN); and Harinath Vishwanath Ramchetty, Bangalore (IN)
Assigned to SENTINELONE, INC., Mountain View, CA (US)
Filed by Sentinelone, Inc., Mountain View, CA (US)
Filed on Mar. 13, 2023, as Appl. No. 18/183,022.
Application 18/183,022 is a continuation of application No. 16/849,813, filed on Apr. 15, 2020, granted, now 11,695,800.
Application 16/849,813 is a continuation in part of application No. 16/543,189, filed on Aug. 16, 2019, granted, now 11,616,812.
Application 16/543,189 is a continuation in part of application No. 15/383,522, filed on Dec. 19, 2016, granted, now 10,599,842, issued on Mar. 24, 2020.
Prior Publication US 2023/0283635 A1, Sep. 7, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 21/56 (2013.01); H04L 41/12 (2022.01); H04L 61/4505 (2022.01); H04L 61/5007 (2022.01); H04L 61/4523 (2022.01)

CPC H04L 63/1491 (2013.01) [G06F 21/566 (2013.01); H04L 41/12 (2013.01); H04L 61/4505 (2022.05); H04L 61/5007 (2022.05); H04L 61/4523 (2022.05)]

20 Claims

1. A method comprising:

configuring, by a computer system, a system call to refer to a detour function;

receiving, by the computer system, the system call to the detour function from a source to obtain information regarding a remote network resource;

determining, by the computer system via the detour function, that the source is not on a list of sanctioned applications; and

in response to determining that the source is not on the list of sanctioned applications, returning, by the computer system via the detour function, a response to the system call having the information regarding the remote network resource replaced with information regarding a decoy server.