| CPC G06F 21/554 (2013.01) [G06F 16/148 (2019.01); G06F 21/552 (2013.01); G06F 21/629 (2013.01); G06F 2221/034 (2013.01)] | 18 Claims |
|
1. A computer-implemented method for detecting a security status of a computer system, comprising:
in response to satisfaction of a predetermined trigger condition associated with an electronic application installed on a memory of the computer system, performing a security check process on the computer system, wherein the security check process includes:
in response to determining that an indicator application is not present on the memory, determining that the security status of the computer system is not currently compromised, wherein a currently compromised state refers to a security status in which one or more files that have restricted access in an uncompromised state are able to be accessed;
in response to determining that the computer system is not currently compromised, determining whether a device fingerprint of a user indicates that the user is permitted to access an indicator directory in the memory by performing a search process on the memory, subject to access permissions indicated by the device fingerprint of the user, to identify one or more indicator directory in the memory, wherein, the indicator directory is a type of directory that has an accessibility to the search process that is dependent on whether the computer system is formerly compromised; and
in response to determining that the device fingerprint of the user indicates that the user is permitted to access indicator directory on the memory despite the computer system not being currently compromised, determining that the security status of the computer system is formerly compromised, wherein a formerly compromised state refers to a security state in which restriction to the one or more files has been restored; and
in response to the security check process determining that the security status is formerly compromised, performing a security action.
|