CN111027029A - Method for judging whether file is installation package or not and limiting opening - Google Patents
Method for judging whether file is installation package or not and limiting opening Download PDFInfo
- Publication number
- CN111027029A CN111027029A CN201910998322.2A CN201910998322A CN111027029A CN 111027029 A CN111027029 A CN 111027029A CN 201910998322 A CN201910998322 A CN 201910998322A CN 111027029 A CN111027029 A CN 111027029A
- Authority
- CN
- China
- Prior art keywords
- file
- installation package
- judging
- package
- installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000009434 installation Methods 0.000 title claims abstract description 83
- 238000000034 method Methods 0.000 title claims abstract description 23
- 230000006835 compression Effects 0.000 claims description 8
- 238000007906 compression Methods 0.000 claims description 8
- 241001420287 Strobilanthes maculata Species 0.000 claims description 6
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method for judging whether a file is an installation package and limiting opening, which comprises the following steps: s1, intercepting and transmitting a file path through an external component when the file is clicked to be opened; s2, judging a file name suffix; s3, judging the size of the file; s4, judging installation fields; s5, judging the size of the compressed mark by combining the file; and S6, transmitting the returned limiting or releasing result to an external component to limit or release the file. The method can accurately judge whether the file package is the installation package, and the efficiency is higher and more accurate by adopting a gradual judgment mode, so that the installation of illegal software on the terminal is ensured, and the safety of a terminal system is improved.
Description
Technical Field
The invention relates to the technical field of installation package limitation, in particular to a method for judging whether a file is an installation package and limiting opening.
Background
An installation package (Install pack), i.e., a software installation package, is a collection of files that can be decompressed by itself, including all files for a software installation. When the installation package (executable file) is operated, all files of the software can be released to a hard disk, and the work of modifying a registry, modifying system settings, creating shortcuts and the like is completed. Most of the installation package files are in an exe or msi format.
In order to prevent a user from privately installing third-party software on a terminal, the opening and operation of an installation package are limited, an installation package limiting strategy in the prior art is to add an absolute path of the installation package in a database, search the absolute path in the database when an installation package file is opened, and limit the opening of the installation package file if the absolute path exists, wherein the installation package limiting strategy has the following defects:
(1) if the absolute path of the installation package changes, it cannot be restricted.
(2) If the installation package file name is changed, the limitation cannot be performed.
(3) If other files are changed into the file names of the installation packages and placed under the path, the limitation is caused, and the actual requirement is not met.
In view of the above, the present inventors have studied the determination and restriction policy of an installation package, and propose a method for determining whether a file is an installation package and restricting opening.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method for judging whether a file is an installation package and limiting the opening of the file, so that a terminal user is prevented from installing some third-party software privately, the effect of protecting a terminal is achieved, the existing method for judging the installation package is improved, and the judgment of the installation package is more accurate.
In order to achieve the purpose, the invention adopts the technical scheme that:
a method for judging whether a file is an installation package and limiting opening comprises the following steps:
s1, intercepting and transmitting a file path through an external component when the file is clicked to be opened;
s2, file name suffix judgment: if the suffix of the file name of the installation package is Msi, judging the installation package, returning a limiting result, and if the suffix of the file name of the installation package is exe, continuing to judge the installation package;
s3, judging the file size: comparing the real size of the file package with the original size, if the file package is consistent with the original size, judging that the file package is not an installation package and returning a release result, and if the file package is not consistent with the original size, continuing to judge the installation package;
s4, installation field judgment: reading the name, the original name, the file description and the network name of a file product, judging whether 'setup', 'install' and 'install' fields exist, if the fields exist and the file name does not contain Uninstall, judging that the file is an installation package and returning a limiting result, and if not, continuing to judge the installation package;
s5, judging the size of the compressed mark by combining the file: reading the hexadecimal codes of the file byte by byte, judging whether the file contains rar, 7Z, zip and cab compression identifiers, if the compression identifiers exist and the total size of the file exceeds a first set value by 10MB or the total size minus the original size is larger than a second set value by 1MB, judging that the file is an installation package and returning a limiting result, otherwise, returning a release result;
and S6, transmitting the returned limiting or releasing result to an external component to limit or release the file.
Further, in step S1, intercepting and transferring the file path by the external component specifically includes: when the file is opened and the application program is run, message interception is carried out through the hook component, and the file path of the application program is used as a parameter and is transmitted to the software installation limiting module of the console.
Further, before the file name suffix judgment, the method further comprises the following steps: and acquiring the MD5 value, the digital signature and the file name of the file obtained by the file path, comparing the acquired value with the special limit and the special release rule of the software installation limit module of the console, directly returning a limit result if the acquired value is the special limit, returning a release result if the acquired value is the special release, and continuously judging the installation package if the acquired value is not the result of the comparison.
Further, the first set value is 10MB, and the second set value is 1 MB.
Further, in step S6, the user is prompted by a pop-up box during the restriction, and if the restriction is not performed according to actual needs, the user may report the restriction to the console for release.
Further, the console is a green shield console.
After the technical scheme is adopted, compared with the prior art, the invention has the following advantages:
1) the method comprises the following steps of carrying out suffix judgment on file names, comparing and judging file sizes, then judging whether fields such as 'installation' exist in file product names, original names, file descriptions and network names, and finally judging whether the file package is an installation package by combining compression identification and sizes, wherein the efficiency is higher and more accurate by adopting a step-by-step judgment mode;
2) the terminal and the console are matched with each other to limit the files or file installation packages of the terminal, so that illegal software installation on the terminal is avoided, and the security of a terminal system is improved.
Drawings
FIG. 1 is a flow chart of a method of determining an installation package and restricting opening of the present invention.
Detailed Description
In order to make the technical problems, technical solutions and advantageous effects of the present invention more clear and obvious, the present invention is further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The invention relates to a 'console' which is a green shield console, namely 'Tianrui green shield', also known as green shield information security management software, and is enterprise intranet security management software, wherein the enterprise intranet security management software effectively combines transparent encryption of files in a local area network and effective management of an intranet, has powerful functions, can meet the requirements of different types of enterprise users on information security, mainly comprises a file encryption module, an intranet security module, an extranet module, a U disk authentication module, a printing control module, a software installation limiting module, can be opened or released aiming at specific files by setting special limits and special release rules, and particularly, the software installation limiting module of the green shield console can select departments or terminals to issue strategies, has three basic modes, disables all software, allows the installation of the specified software, the specified software installation is prohibited. In addition, the device also has special restriction and special release functions for preventing misjudgment. The strategies are issued to the terminal, and the terminal judges whether the strategy is limited or released according to the strategies and the files. Software information can be added through manual addition, an installation package path and a file are selected, and a console acquires the file information, reports the addition and reports the file information reported by a terminal.
As shown in FIG. 1, the method for determining whether a file is an installation package and restricting opening disclosed by the invention comprises the following steps:
s1, when opening the file by clicking, intercepting and transmitting the file path through the external component, wherein the steps specifically include: when a file is opened and an application program is operated, message interception is carried out through a hook component, and a file path of the application program is used as a parameter and is transmitted to a software installation limiting module of a console;
s2, file name suffix judgment: if the suffix of the file name of the installation package is Msi, judging the installation package, returning a limiting result, and if the suffix of the file name of the installation package is exe, continuing to judge the installation package;
s3, judging the file size: comparing the real size of the file package with the original size, if the file package is consistent with the original size, judging that the file package is not an installation package and returning a release result, and if the file package is not consistent with the original size, continuing to judge the installation package; the exe file package is internally composed of an exe file and other files, if the exe file package is a common application program, only the exe file exists, if the exe file package is an installation package, a plurality of compression packages or other files can follow the exe file in the exe file package, the real size of the file package is the sum of the size of the exe file and the size of the other files which follow the exe file, and the original size is the size of the exe file;
s4, installation field judgment: reading the name, the original name, the file description and the network name of a file product, judging whether 'setup', 'install' and 'install' fields exist, if the fields exist and the file name does not contain Uninstall, judging that the file is an installation package and returning a limiting result, and if not, continuing to judge the installation package;
s5, judging the size of the compressed mark by combining the file: reading the hexadecimal codes of the file byte by byte, judging whether the file contains rar, 7Z, zip and cab compression identifiers, if the compression identifiers exist and the total size of the file exceeds a first set value by 10MB or the total size minus the original size is larger than a second set value by 1MB, judging that the file is an installation package and returning a limiting result, otherwise, returning a release result; the first set value 10MB and the second set value 1MB are preset default threshold values, most of installation packages can be limited through testing, and both the first set value 10MB and the second set value 1MB can be adjusted in size in a console;
and S6, transmitting the returned limiting or releasing result to an external component (hook component) to limit or release the file, prompting through a popup frame when limiting is performed, and reporting to a console for releasing if the limiting is not performed according to actual needs.
The judgment sequence of the installation package judgment method is that the file name suffix, the file size, the installation field and the compressed identification are combined with the file size judgment, a necessary condition priority principle is adopted, the condition of the installation package is achieved, the result is returned, the condition that other conditions are judged later cannot be achieved, and the judgment efficiency is higher and more accurate.
The method can judge most installation packages, in order to adapt to more requirements and avoid misjudgment or release a certain installation package so as to enable the terminal to be installed, and before the judgment of the suffix of the file name, the method also comprises the following steps of: and obtaining the MD5 value, the digital signature and the file name of the file according to the file path, comparing the MD5 value, the digital signature and the file name with the special limit and the special release rule of a software installation limiting module of the console, directly returning a limiting result if the MD5 value, the digital signature and the file name are compared with the special limit and the special release rule of the software installation limiting module of the console, returning a release result if the MD5 value and the digital signature are the special limit, and continuing to judge. This step does not need to take into account the path or file name change in which the file resides. The MD5 value is a unique value formed by an algorithmic parsing of the file. The special restriction and special release are a console function matched with an installation package restriction function, installation package files and application program files are various, all restrictions cannot be guaranteed, some installation packages may not meet restriction rules, some application programs may meet the restriction rules, and at the moment, misjudgment can be generated. Special restrictions and special releases are ways of correcting when a false positive occurs. The md5 value, digital signature and product name of the file are recorded in a special restriction or special release list, which can be obtained by a console or reported by a terminal. When the installation package is limited, the installation package is compared with the values in the table of the console special limit and the special release row, and if the installation package and the console special limit are matched, the limitation or the release is directly carried out.
While the above description shows and describes the preferred embodiments of the present invention, it is to be understood that the invention is not limited to the forms disclosed herein, but is not to be construed as excluding other embodiments and is capable of use in various other combinations, modifications, and environments and is capable of changes within the scope of the inventive concept as expressed herein, commensurate with the above teachings, or the skill or knowledge of the relevant art. And that modifications and variations may be effected by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (6)
1. A method for judging whether a file is an installation package and limiting opening is characterized by comprising the following steps:
s1, intercepting and transmitting a file path through an external component when the file is clicked to be opened;
s2, file name suffix judgment: if the suffix of the file name of the installation package is Msi, judging the installation package, returning a limiting result, and if the suffix of the file name of the installation package is exe, continuing to judge the installation package;
s3, judging the file size: comparing the real size of the file package with the original size, if the file package is consistent with the original size, judging that the file package is not an installation package and returning a release result, and if the file package is not consistent with the original size, continuing to judge the installation package;
s4, installation field judgment: reading the name, the original name, the file description and the network name of a file product, judging whether 'setup', 'install' and 'install' fields exist, if the fields exist and the file name does not contain Uninstall, judging that the file is an installation package and returning a limiting result, and if not, continuing to judge the installation package;
s5, judging the size of the compressed mark by combining the file: reading the hexadecimal codes of the file byte by byte, judging whether the file contains rar, 7Z, zip and cab compression identifiers, if the compression identifiers exist and the total size of the file exceeds a first set value or the total size minus the original size of the file is larger than a second set value, judging that the file is an installation package and returning a limiting result, otherwise, returning a releasing result;
and S6, transmitting the returned limiting or releasing result to an external component to limit or release the file.
2. The method according to claim 1, wherein the step of intercepting and importing the file path via the external component in step S1 specifically includes: when the file is opened and the application program is run, message interception is carried out through the hook component, and the file path of the application program is used as a parameter and is transmitted to the software installation limiting module of the console.
3. The method of claim 1, wherein determining whether the file is an installation package and restricting opening comprises: before the file name suffix judgment, the method further comprises the following steps of: and acquiring the MD5 value, the digital signature and the file name of the file obtained by the file path, comparing the acquired value with the special limit and the special release rule of the software installation limit module of the console, directly returning a limit result if the acquired value is the special limit, returning a release result if the acquired value is the special release, and continuously judging the installation package if the acquired value is not the result of the comparison.
4. The method of claim 1, wherein determining whether the file is an installation package and restricting opening comprises: the first set value is 10MB, and the second set value is 1 MB.
5. The method of claim 1, wherein determining whether the file is an installation package and restricting opening comprises: in step S6, the user is prompted by a pop-up box during restriction, and if the restriction is not performed according to actual needs, the user can report the restriction to the console for release.
6. The method of claim 1, wherein determining whether the file is an installation package and restricting opening comprises: the console is a green shield console.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910998322.2A CN111027029B (en) | 2019-10-21 | 2019-10-21 | Method for judging whether file is installation package or not and limiting opening |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910998322.2A CN111027029B (en) | 2019-10-21 | 2019-10-21 | Method for judging whether file is installation package or not and limiting opening |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111027029A true CN111027029A (en) | 2020-04-17 |
| CN111027029B CN111027029B (en) | 2022-02-08 |
Family
ID=70205432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910998322.2A Active CN111027029B (en) | 2019-10-21 | 2019-10-21 | Method for judging whether file is installation package or not and limiting opening |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111027029B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112486510A (en) * | 2020-11-04 | 2021-03-12 | 深圳市金百锐通信科技有限公司 | Method and device for software installation, terminal equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102736939A (en) * | 2012-06-25 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Software installation method, device and system |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| CN106778270A (en) * | 2016-12-12 | 2017-05-31 | Tcl集团股份有限公司 | The detection method and system of a kind of malicious application |
| US20170364501A1 (en) * | 2012-12-25 | 2017-12-21 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for word detection in application program |
| CN109002696A (en) * | 2018-06-29 | 2018-12-14 | 北京奇虎科技有限公司 | It establishes the method for installation kit identification model, identify the method and device of installation kit |
| CN109992955A (en) * | 2019-04-11 | 2019-07-09 | 深圳前海微众银行股份有限公司 | Detection hold-up interception method, device, system, equipment and the medium of illegal installation kit |
-
2019
- 2019-10-21 CN CN201910998322.2A patent/CN111027029B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102736939A (en) * | 2012-06-25 | 2012-10-17 | 腾讯科技(深圳)有限公司 | Software installation method, device and system |
| US20170364501A1 (en) * | 2012-12-25 | 2017-12-21 | Tencent Technology (Shenzhen) Company Limited | Method and apparatus for word detection in application program |
| CN103646215A (en) * | 2013-12-23 | 2014-03-19 | 北京奇虎科技有限公司 | Application installation control method, related system and related device |
| CN106778270A (en) * | 2016-12-12 | 2017-05-31 | Tcl集团股份有限公司 | The detection method and system of a kind of malicious application |
| CN109002696A (en) * | 2018-06-29 | 2018-12-14 | 北京奇虎科技有限公司 | It establishes the method for installation kit identification model, identify the method and device of installation kit |
| CN109992955A (en) * | 2019-04-11 | 2019-07-09 | 深圳前海微众银行股份有限公司 | Detection hold-up interception method, device, system, equipment and the medium of illegal installation kit |
Non-Patent Citations (3)
| Title |
|---|
| IEEE: "《IEEE Standard Definitions for Power Switchgear》", 《 IEEE STD C37.100-1992》 * |
| PERRY_XIAO: "《如何判断msi安装包程序是否安装及安装路径》", 《HTTPS://BLOG.CSDN.NET/PERRY_XIAO/ARTICLE/DETAILS/8026354》 * |
| 张悦等: "《Android平台下级联防御网模型的设计》", 《计算机工程与设计》 * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112486510A (en) * | 2020-11-04 | 2021-03-12 | 深圳市金百锐通信科技有限公司 | Method and device for software installation, terminal equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111027029B (en) | 2022-02-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103279706B (en) | Intercept the method and apparatus installing Android application program in the terminal | |
| US8566949B2 (en) | Software component, software component management method, and software component management system | |
| CA2797880C (en) | Method and apparatus for implementing real-time protection | |
| WO2006135905A2 (en) | Apparatus and methods for managing firmware verification on a wireless device | |
| CN103646209A (en) | Cloud-security-based bundled software blocking method and device | |
| WO2020019482A1 (en) | Function hook detection method, function hook detection device, and computer-readable medium | |
| US20190109824A1 (en) | Rule enforcement in a network | |
| CN111190603B (en) | Private data detection method and device and computer readable storage medium | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN111027029B (en) | Method for judging whether file is installation package or not and limiting opening | |
| CN110135151B (en) | Trusted computing implementation system and method based on matching of LSM and system call interception | |
| CN109815702B (en) | Software behavior safety detection method, device and equipment | |
| CN103593616A (en) | System and method for preventing and controlling USB flash disk viruses in enterprise information network | |
| CN109784051B (en) | Information security protection method, device and equipment | |
| CN102750476A (en) | Method and system for identifying file security | |
| CN100390753C (en) | Terminal control apparatus having a fragility detection unit | |
| CN114938466B (en) | Internet television application monitoring system and method | |
| KR101614809B1 (en) | Practice control system of endpoint application program and method for control the same | |
| CN110677483B (en) | Information processing system and trusted security management system | |
| CN109960928B (en) | Method and system for processing suspicious file | |
| CN116340929A (en) | Method and device for controlling software installation, storage medium and computer equipment | |
| CN113518055A (en) | Data security protection processing method and device, storage medium and terminal | |
| CN116756092B (en) | System download file marking method, device, computer equipment and storage medium | |
| WO2005103909A1 (en) | Security maintenance method, data accumulation device, security maintenance server, and recording medium containing the program | |
| CN116756737B (en) | Interface abnormal behavior analysis method and device, computer equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |