CPC G06F 16/215 (2019.01) [G06F 21/629 (2013.01)] | 20 Claims |
1. A method to perform application whitelisting for a computer system, comprising:
detecting, by a computer processor and in an application whitelisting database of the computer system, that a first agent entry and a second agent entry have a same machine name within the computer system;
recording, by the computer processor and in a duplicates repository separate from the application whitelisting database, the first agent entry and the second agent entry;
detecting, by the computer processor and in the duplicates repository separate from the application whitelisting database, that the first agent entry has a connected status;
recording, by the computer processor and in a connected duplicates repository separate from the application whitelisting database, the first agent entry based on the connected status;
determining, by the computer processor at least comparing the duplicates repository and the connected duplicates repository, that the second agent entry is a disconnected duplicate of the first agent entry;
deleting, by the computer processor and in response to said determining, the second agent entry from the application whitelisting database, and
increasing operation efficiency of the computer system by dynamically reducing, based at least on the computer processor deleting the second agent entry, a space of the application whitelisting database,
wherein a number of times that a human analyst needs to investigate the application whitelisting database is reduced based at least on the computer processor deleting the second agent entry.
|