CPC G06F 21/53 (2013.01) [G06F 21/14 (2013.01); G06F 21/552 (2013.01); G06F 21/56 (2013.01)] | 27 Claims |
1. A system, comprising:
a processor configured to:
receive, by an operating system executing on a device, a request to launch an application;
determine that a stored copy of the application should be automatically executed within an application-level sandbox provided by a third party host application each time it is launched, until a triggering event takes place;
execute the stored copy of the application in the application-level sandbox provided by the third party host application, wherein the third party host application provides a framework layer that provides hooking functionality for monitoring system calls made by the application; and
determine that the triggering event has taken place and take an appropriate action, wherein the triggering event comprises receiving a notification from an external entity, and wherein the action comprises one of the following:
in the event the notification indicates that the application is benign, in response to receiving a subsequent request to launch the application, execute the stored copy of the application outside of the application-level sandbox, or
in the event the notification indicates that the application is malicious, prevent execution of the application; and
a memory coupled to the processor and configured to provide the processor with instructions.
|