CN113779584A - Protection software installation method and system - Google Patents

Protection software installation method and system Download PDF

Info

Publication number
CN113779584A
CN113779584A CN202111344464.0A CN202111344464A CN113779584A CN 113779584 A CN113779584 A CN 113779584A CN 202111344464 A CN202111344464 A CN 202111344464A CN 113779584 A CN113779584 A CN 113779584A
Authority
CN
China
Prior art keywords
host
antivirus software
management center
software
security management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111344464.0A
Other languages
Chinese (zh)
Inventor
高晓萌
徐明娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Xinda Huanyu Security Network Technology Co ltd
Original Assignee
Beijing Xinda Huanyu Security Network Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Xinda Huanyu Security Network Technology Co ltd filed Critical Beijing Xinda Huanyu Security Network Technology Co ltd
Priority to CN202111344464.0A priority Critical patent/CN113779584A/en
Publication of CN113779584A publication Critical patent/CN113779584A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/568Computer malware detection or handling, e.g. anti-virus arrangements eliminating virus, restoring damaged files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/61Installation
    • G06F8/62Uninstallation

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Stored Programmes (AREA)

Abstract

The application provides a method and a system for installing protection software, and relates to the technical field of software installation. The method for installing the protection software comprises the steps that a security management center informs a host computer to close a shared port; the safety management center judges whether the host is provided with the antivirus software with the specified version, and if not, the safety management center controls the host to be provided with the antivirus software with the specified version; the host computer starts the protection function of the antivirus software with the specified version; the host calculates the check value of the local file and matches the check value in the credible file library issued by the security management center; the host computer carries out virus checking and killing on the local file of which the check value is not matched with the check value in the trusted file library through the antivirus software with the designated version; and after completing virus checking and killing of the local files of which the check values are not matched with the check values in the trusted file library, the security management center controls the host to install the protection software to be installed. The method and the system for installing the protection software can ensure the safety of the host in the process of installing the protection software.

Description

Protection software installation method and system
Technical Field
The present application relates to the field of software installation technologies, and in particular, to a method and a system for installing protection software.
Background
With the rapid development of networks, network attacks are also frequent, how to ensure the security of a host computer becomes a key problem of many enterprises, and host computer protection software is the first choice in order to ensure the safe operation of a host computer system and a service program. The host protection software can transform the existing operating system, so that the security requirements of enterprises are fundamentally met. The method can provide a security encapsulation mechanism for the application in the system environment to control all input/output information of the application and all accesses of the application to the resource through the operating system, and provides functional support on the operating system for determining a security policy of the application to access the resource by analyzing the input/output information of the application, thereby realizing high security protection of the equipment.
The existing host protection software is numerous, and the installation method is generally to directly install the software on the host or to push and install the software on each host by a uniform server. However, in the software installation process, there is no protection means for preventing the host from being attacked by the network, so that after the host protection software is installed, the security of the host cannot be effectively guaranteed.
Therefore, how to provide an effective solution to ensure the security of the host during the installation of the protection software has become a challenge in the prior art.
Disclosure of Invention
In a first aspect, an embodiment of the present application provides a protection software installation method, which is applied to a protection software installation system, where the protection software installation system includes a security management center and a host that communicates with the security management center through a private port, and the method includes:
the security management center informs the host computer to close the shared port;
the safety management center judges whether the host is provided with the antivirus software with the specified version, if not, the safety management center issues the antivirus software with the specified version to the host and controls the host to be provided with the antivirus software with the specified version;
the host starts the protection function of the antivirus software with the specified version;
the host calculates the check value of the local file and matches the check value in the credible file library issued by the security management center;
the host computer performs virus checking and killing on the local file of which the check value is not matched with the check value in the trusted file library through the antivirus software of the specified version;
after the virus of the local file with the verification value not matched with the verification value in the trusty file library is checked and killed, the security management center controls the host to install the protection software to be installed;
the safety management center controls the host computer to uninstall the installed antivirus software with the specified version.
In one possible design, the determining, by the security management center, whether the host has the antivirus software of the specified version installed, and if not, issuing the antivirus software of the specified version to the host and controlling the host to install the antivirus software of the specified version includes:
the security management center acquires version information of antivirus software installed on the host;
if the version information of the antivirus software installed on the host computer is null, issuing the antivirus software with the specified version to the host computer and controlling the host computer to install the antivirus software with the specified version;
if the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, after the host computer is controlled to uninstall the currently installed antivirus software, the antivirus software with the specified version is issued to the host computer and the host computer is controlled to install the antivirus software with the specified version.
In one possible design, after completing virus killing of the local file whose check value does not match the check value in the trusted file repository, the method further includes:
and recalculating the verification value of the file which is not checked and killed by the antivirus software in the local file of which the verification value is not matched with the verification value in the trusted file library by the host, and adding the verification value to the trusted file library.
In one possible design, after the host recalculates the check value of a file that is not killed by the antivirus software in the local file whose check value does not match the check value in the trusted file repository, and adds the check value to the trusted file repository, the method further includes:
and the host sends the added trusted file library to the security management center.
In one possible design, after the security management center controls the host to uninstall the installed antivirus software of the specified version, the method further includes:
and the safety management center controls the host to restart.
In a possible design, before the host calculates the check value of the local file and matches the check value with the check value in the trusted file library issued by the security management center, the method further includes:
and the security management center issues the trusted document library to the host.
In one possible design, after controlling the host to install a specified version of antivirus software, the method further includes:
and the safety management center controls the host to restart.
In a second aspect, an embodiment of the present application provides a protection software installation system, including a security management center and a host communicating with the security management center through a private port, where the security management center is configured to notify the host to close a shared port;
judging whether the host is provided with antivirus software of a specified version; and
when the host is not provided with the antivirus software with the specified version, issuing the antivirus software with the specified version to the host and controlling the host to install the antivirus software with the specified version;
the host is used for starting the protection function of the antivirus software with the specified version;
calculating the check value of the local file and matching the check value with the check value in the credible file library issued by the security management center; and
virus checking and killing are carried out on the local files of which the check values are not matched with the check values in the trusted file library through the antivirus software of the specified version;
the security management center is also used for controlling the host to install protection software to be installed after the host finishes checking and killing the local file viruses of which the check values are not matched with the check values in the trusted file library; and
controlling the host to uninstall the installed specified version of antivirus software.
In a possible design, when the security management center is configured to determine whether the host is installed with the specified version of antivirus software, the security management center is specifically configured to:
the security management center acquires version information of antivirus software installed on the host;
if the version information of the antivirus software installed on the host is null or not matched with the version information of the antivirus software of the specified version, judging that the antivirus software of the specified version is not installed on the host;
when the security management center is used for controlling the host to install the antivirus software with the specified version, the security management center is specifically used for:
if the version information of the antivirus software installed on the host computer is null, issuing the antivirus software with the specified version to the host computer and controlling the host computer to install the antivirus software with the specified version;
if the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, after the host computer is controlled to uninstall the currently installed antivirus software, the antivirus software with the specified version is issued to the host computer and the host computer is controlled to install the antivirus software with the specified version.
The above-mentioned at least one technical scheme that this application one or more embodiments adopted can reach following beneficial effect:
the security management center informs the host computer to close the shared port when the protection software is installed, and sends the antivirus software with the designated version to the host computer and controls the host computer to install the antivirus software with the designated version when the antivirus software with the designated version is not installed on the host computer, the host computer calculates the check value of the local file after the antivirus software with the designated version is installed and matches the check value in the credible file library sent by the security management center, the antivirus software with the designated version carries out virus checking and killing on the local file of which the check value is not matched with the check value in the credible file library, and the host computer is controlled to install the protection software to be installed after the checking and killing is finished. Therefore, the host sharing port is always in a closed state in the whole process, the antivirus software with the specified version carries out protection and virus checking and killing before the protection software is installed until the host finishes the installation of the protection software, so that the seamless connection between the antivirus software and the protection software is realized, and the safety of the host in the installation process of the protection software is protected to the maximum extent.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure and are incorporated in and constitute a part of this specification, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure without limiting the disclosure in any way. In the drawings:
fig. 1 is a flowchart of a method for installing protection software according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of a protection software installation system according to an embodiment of the present application.
Detailed Description
In order to ensure the safety of a host in the process of installing protection software, the embodiment of the application provides a method and a system for installing the protection software.
The protection software installation method provided by the embodiment of the application can be applied to a protection software installation system, and the protection software installation system comprises a security management center and a host which is communicated with the security management center through a private port.
As shown in fig. 1, which is a flowchart of a protection software installation method applied to a protection software installation system provided in an embodiment of the present application, the protection software installation method provided in the embodiment of the present application may include the following steps:
step S101, the security management center notifies the host computer to close the shared port.
In the embodiment of the application, an agent can be arranged on a host needing to install protection software, a private port is opened through the agent, and the security management center communicates with the host through the private port. When protection software needs to be installed on a host, a control instruction can be sent to the host through a security management center to instruct the host to close a shared port, the host closes the shared port after receiving the control instruction sent by the security management center, and at the moment, viruses, malicious software and the like cannot attack the host through the shared port because the shared port is in a closed state.
In one or more embodiments, since the host may need to be restarted many times during the installation process of the protection software, the security management center may further send a control signal to the host to control the restart of the host after notifying the host to close the shared port, so as to verify whether the host can be restarted normally, thereby ensuring that the subsequent installation process can be performed smoothly.
Step S102, the safety management center judges whether the host computer is provided with the antivirus software with the appointed version, if not, the safety management center issues the antivirus software with the appointed version to the host computer and controls the host computer to be provided with the antivirus software with the appointed version.
In the embodiment of the application, the safety management center pre-maintains the antivirus software of the specified versions of one or more manufacturers, and updates the versions of the antivirus software in real time. After the host is informed to close the shared port, the security management center can acquire version information of the antivirus software on the host through an agent arranged on the host and match the version information of the antivirus software with the specified version of the security management center, if the version information of the antivirus software installed on the host is empty, the security management center judges that the antivirus software is not installed at present, and at the moment, the security management center issues the antivirus software with the specified version to the host and controls the host to install the antivirus software with the specified version. If the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, the safety management center issues the antivirus software with the specified version to the host computer and controls the host computer to install the antivirus software with the specified version after the control host computer unloads the currently installed antivirus software.
It can be understood that if the host has installed the specified version of antivirus software, the specified version of antivirus software need not be issued to the host.
Step S103, the host starts the protection function of the antivirus software with the specified version.
The protection function of starting the antivirus software of the specified version may be that the security management center controls an instruction to the host computer to enable the host computer to start the protection function of the antivirus software of the specified version, or that the host computer automatically starts the protection function of the antivirus software of the specified version after completing the antivirus software of the specified version, which is not specifically limited in the embodiment of the present application.
It can be understood that if the host has installed the specified version of the antivirus software and the protection function is already started by the installed specified version of the antivirus software, the protection function of the specified version of the antivirus software does not need to be started again.
In one or more embodiments, after the host installs the antivirus software of the specified version, the host may be restarted before starting the protection function of the antivirus software of the specified version, and the restart may be controlled by the security management center or may be an automatic restart of the host.
And step S104, the host calculates the check value of the local file and matches the check value with the check value in the credible file library issued by the security management center.
In the embodiment of the application, the security management center records the check values of the trusted files in different systems in advance according to different systems, records the check values of the trusted files in the trusted file library, and issues the trusted file library to the host before.
The host computer can calculate the check value of the local file (the check value is a hash value), and matches the check value with the check value in the trusted file library issued by the security management center.
Step S105, the host computer performs virus checking and killing on the local file with the verification value not matched with the verification value in the trusty file library through the antivirus software with the specified version.
If the check value of the local file is matched with the check value in the trusted file library, the local file is a safe file, and virus checking and killing are not required to be performed through installed antivirus software of a specified version. If the check value of the local file is not matched with the check value in the trusted file library, the local file is indicated to have risk and possibly influence the security of the host, and at the moment, the host can perform virus checking and killing on the local file of which the check value is not matched with the check value in the trusted file library through the antivirus software of the specified version.
In one or more embodiments, the host may restart the trusted file library after performing virus killing on all local files whose check values do not match those in the trusted file library by using a specified version of antivirus software. The restarting of the host can be realized by that the safety management center issues a control instruction to control the restarting of the host, or the host is automatically restarted after the checking and killing are finished.
And step S106, after the virus of the local file of which the check value is not matched with the check value in the credible file library is checked and killed, the security management center controls the host to install the protection software to be installed.
Specifically, after completing virus killing of the local file whose check value does not match the check value in the trusted file library, the security management center may send the protection software to be installed to the host, so that the host installs the protection software to be installed.
In one or more embodiments, after completing virus killing of the local files whose check values do not match those in the trusted file repository, the host may recalculate the check values of the files whose check values do not match those in the trusted file repository, which are not killed by the antivirus software, from the local files whose check values do not match those in the trusted file repository, add the check values to the trusted file repository, and then send the added trusted file repository to the security management center, so as to update the trusted file repository at the security management center.
And step S107, the safety management center controls the host to uninstall the installed antivirus software with the specified version.
The protection software and the antivirus software are both security software, so after the host computer installs the protection software to be installed, the security management center can also control the host computer to uninstall the installed antivirus software with a specified version. In addition, after the security management center controls the host to uninstall the installed antivirus software with the specified version, the security management center can also control the host to restart or automatically restart.
To sum up, in the software installation method provided in the embodiment of the present application, the security management center notifies the host to close the shared port when the protection software is installed, and issues the antivirus software of the specified version to the host and controls the host to install the antivirus software of the specified version when the antivirus software of the specified version is not installed in the host, the host calculates the check value of the local file after installing the antivirus software of the specified version and matches the check value in the trusted file library issued by the security management center, performs virus checking and killing on the local file of which the check value is not matched with the check value in the trusted file library through the antivirus software of the specified version, and controls the host to install the protection software to be installed after the checking and killing is completed. Therefore, the host sharing port is always in a closed state in the whole process, the antivirus software with the specified version carries out protection and virus checking and killing before the protection software is installed until the host finishes the installation of the protection software, so that the seamless connection between the antivirus software and the protection software is realized, and the safety of the host in the installation process of the protection software is protected to the maximum extent. Meanwhile, after informing the host computer to close the shared port, the security management center can also send a control signal to the host computer to control the restart of the host computer, so as to verify whether the host computer can be normally restarted, and ensure that the subsequent installation process can be smoothly carried out. Secondly, before virus checking and killing is carried out through antivirus software of a specified version, the host calculates the check value of the local file and matches the check value with the check value in the credible file library issued by the security management center, so that the virus checking and killing time is saved under the condition of ensuring that no virus checking and killing is missed. In addition, after the virus of the local file with the verification value not matched with the verification value in the credible file library is completely checked and killed, the virus of the local file with the verification value not matched with the verification value in the credible file library can be checked and killed
Recalculating the verification value of the file which is not killed by the antivirus software in the local file of which the verification value is not matched with the verification value in the trusted file library, adding the verification value into the trusted file library, and then sending the added trusted file library to the security management center so as to update the trusted file library at the security management center, thereby realizing the automatic update of the trusted file library.
Referring to fig. 2, an embodiment of the present application provides a protection software installation system, where the protection software installation system includes a security management center and a host communicating with the security management center through a private port, and the security management center is configured to notify the host to close a shared port;
judging whether the host is provided with antivirus software of a specified version; and
when the host is not provided with the antivirus software with the specified version, issuing the antivirus software with the specified version to the host and controlling the host to install the antivirus software with the specified version;
the host is used for starting the protection function of the antivirus software with the specified version;
calculating the check value of the local file and matching the check value with the check value in the credible file library issued by the security management center; and
virus checking and killing are carried out on the local files of which the check values are not matched with the check values in the trusted file library through the antivirus software of the specified version;
the security management center is also used for controlling the host to install protection software to be installed after the host finishes checking and killing the local file viruses of which the check values are not matched with the check values in the trusted file library; and
controlling the host to uninstall the installed specified version of antivirus software.
In a possible design, when the security management center is configured to determine whether the host is installed with the specified version of antivirus software, the security management center is specifically configured to:
the security management center acquires version information of antivirus software installed on the host;
if the version information of the antivirus software installed on the host is null or not matched with the version information of the antivirus software of the specified version, judging that the antivirus software of the specified version is not installed on the host;
when the security management center is used for controlling the host to install the antivirus software with the specified version, the security management center is specifically used for:
if the version information of the antivirus software installed on the host computer is null, issuing the antivirus software with the specified version to the host computer and controlling the host computer to install the antivirus software with the specified version;
if the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, after the host computer is controlled to uninstall the currently installed antivirus software, the antivirus software with the specified version is issued to the host computer and the host computer is controlled to install the antivirus software with the specified version.
In a possible design, the host is further configured to recalculate the check value of a file that is not checked and killed by the antivirus software in the local file whose check value does not match the check value in the trusted file repository, and add the check value to the trusted file repository after completing virus checking and killing of the local file whose check value does not match the check value in the trusted file repository.
In a possible design, the host is further configured to, in the local file whose check value does not match the check value in the trusted file library, recalculate the check value of the file that is not killed by the antivirus software, add the check value to the trusted file library, and send the added trusted file library to the security management center.
In one possible design, the security management center is further configured to control the host to reboot after controlling the host to uninstall the installed antivirus software of the specified version.
In one possible design, the security management center is further configured to issue the trusted repository to the host.
In one possible design, the security management center is further configured to control the host to reboot after controlling the host to install the specified version of antivirus software.
To sum up, the software installation system provided in the embodiment of the present application may notify the host to close the shared port by the security management center when the protection software is installed, and issue the antivirus software of the specified version to the host and control the host to install the antivirus software of the specified version when the antivirus software of the specified version is not installed in the host, and at the same time, the host calculates the check value of the local file after installing the antivirus software of the specified version and matches the check value in the trusted file repository issued by the security management center, and performs virus checking and killing on the local file whose check value is not matched with the check value in the trusted file repository by the antivirus software of the specified version, and controls the host to install the protection software to be installed by the security management center after completing the virus checking and killing. Therefore, the host computer sharing port is always in a closed state, the antivirus software with the specified version is protected and virus-killed before the protection software is installed until the host computer completes the installation of the protection software, so that the seamless connection between the antivirus software and the protection software is realized, and the safety of the host computer in the installation process of the protection software is protected to the maximum extent. Meanwhile, after informing the host computer to close the shared port, the security management center can also send a control signal to the host computer to control the restart of the host computer, so as to verify whether the host computer can be normally restarted, and ensure that the subsequent installation process can be smoothly carried out. Secondly, before virus checking and killing is carried out through antivirus software of a specified version, the host calculates the check value of the local file and matches the check value with the check value in the credible file library issued by the security management center, so that the virus checking and killing time is saved under the condition of ensuring that no virus checking and killing is missed. In addition, after the virus of the local files of which the check values are not matched with those in the trusted file library is completely checked and killed, the host can recalculate the check values of the files which are not checked and killed by the antivirus software in the local files of which the check values are not matched with those in the trusted file library, add the check values to the trusted file library, and then send the added trusted file library to the security management center so as to update the trusted file library at the security management center, thereby realizing the automatic update of the trusted file library.
In short, the above description is only a preferred embodiment of this document, and is not intended to limit the scope of protection of this document. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this document shall be included in the protection scope of this document.
All the embodiments in this document are described in a progressive manner, and the same and similar parts among the embodiments can be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (9)

1. A protection software installation method is applied to a protection software installation system, the protection software installation system comprises a security management center and a host which communicates with the security management center through a private port, and the protection software installation method is characterized by comprising the following steps:
the security management center informs the host computer to close the shared port;
the safety management center judges whether the host is provided with the antivirus software with the specified version, if not, the safety management center issues the antivirus software with the specified version to the host and controls the host to be provided with the antivirus software with the specified version;
the host starts the protection function of the antivirus software with the specified version;
the host calculates the check value of the local file and matches the check value in the credible file library issued by the security management center;
the host computer performs virus checking and killing on the local file of which the check value is not matched with the check value in the trusted file library through the antivirus software of the specified version;
after the virus of the local file with the verification value not matched with the verification value in the trusty file library is checked and killed, the security management center controls the host to install the protection software to be installed;
the safety management center controls the host computer to uninstall the installed antivirus software with the specified version.
2. The method of claim 1, wherein the security management center determines whether the host computer has a specific version of antivirus software installed thereon, and if not, the security management center issues the specific version of antivirus software to the host computer and controls the host computer to install the specific version of antivirus software, including:
the security management center acquires version information of antivirus software installed on the host;
if the version information of the antivirus software installed on the host computer is null, issuing the antivirus software with the specified version to the host computer and controlling the host computer to install the antivirus software with the specified version;
if the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, after the host computer is controlled to uninstall the currently installed antivirus software, the antivirus software with the specified version is issued to the host computer and the host computer is controlled to install the antivirus software with the specified version.
3. The method of claim 1, wherein after completing the virus killing of the local files whose check values do not match the check values in the trusted file repository, the method further comprises:
and recalculating the verification value of the file which is not checked and killed by the antivirus software in the local file of which the verification value is not matched with the verification value in the trusted file library by the host, and adding the verification value to the trusted file library.
4. The method of claim 3, wherein after the host recalculates the check value of a file that has not been killed by the antivirus software in the local file whose check value does not match the check value in the trusted file repository, and adds the check value to the trusted file repository, the method further comprises:
and the host sends the added trusted file library to the security management center.
5. The method of claim 1, wherein after the security management center controls the host to uninstall the installed antivirus software of the specified version, the method further comprises:
and the safety management center controls the host to restart.
6. The method of claim 1, wherein before the host computer calculates the check value of the local file and matches the check value in the trusted file repository issued by the security management center, the method further comprises:
and the security management center issues the trusted document library to the host.
7. The method of claim 1, wherein after controlling the host to install a specified version of antivirus software, the method further comprises:
and the safety management center controls the host to restart.
8. A protection software installation system is characterized by comprising a security management center and a host which communicates with the security management center through a private port, wherein the security management center is used for informing the host to close a shared port;
judging whether the host is provided with antivirus software of a specified version; and
when the host is not provided with the antivirus software with the specified version, issuing the antivirus software with the specified version to the host and controlling the host to install the antivirus software with the specified version;
the host is used for starting the protection function of the antivirus software with the specified version;
calculating the check value of the local file and matching the check value with the check value in the credible file library issued by the security management center; and
virus checking and killing are carried out on the local files of which the check values are not matched with the check values in the trusted file library through the antivirus software of the specified version;
the security management center is also used for controlling the host to install protection software to be installed after the host finishes checking and killing the local file viruses of which the check values are not matched with the check values in the trusted file library; and
controlling the host to uninstall the installed specified version of antivirus software.
9. The protection software installation system according to claim 8, wherein the security management center, when being configured to determine whether the host computer is installed with the antivirus software of the specified version, is specifically configured to:
the security management center acquires version information of antivirus software installed on the host;
if the version information of the antivirus software installed on the host is null or not matched with the version information of the antivirus software of the specified version, judging that the antivirus software of the specified version is not installed on the host;
when the security management center is used for controlling the host to install the antivirus software with the specified version, the security management center is specifically used for:
if the version information of the antivirus software installed on the host computer is null, issuing the antivirus software with the specified version to the host computer and controlling the host computer to install the antivirus software with the specified version;
if the version information of the antivirus software installed on the host computer is not matched with the version information of the antivirus software with the specified version, after the host computer is controlled to uninstall the currently installed antivirus software, the antivirus software with the specified version is issued to the host computer and the host computer is controlled to install the antivirus software with the specified version.
CN202111344464.0A 2021-11-15 2021-11-15 Protection software installation method and system Pending CN113779584A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111344464.0A CN113779584A (en) 2021-11-15 2021-11-15 Protection software installation method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111344464.0A CN113779584A (en) 2021-11-15 2021-11-15 Protection software installation method and system

Publications (1)

Publication Number Publication Date
CN113779584A true CN113779584A (en) 2021-12-10

Family

ID=78957094

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111344464.0A Pending CN113779584A (en) 2021-11-15 2021-11-15 Protection software installation method and system

Country Status (1)

Country Link
CN (1) CN113779584A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238145A (en) * 2010-04-27 2011-11-09 北京启明星辰信息技术股份有限公司 Method and device for preventing network attack
US20130139265A1 (en) * 2011-11-24 2013-05-30 Kaspersky Lab Zao System and method for correcting antivirus records to minimize false malware detections
CN105975860A (en) * 2016-04-26 2016-09-28 北京金山安全软件有限公司 Trust file management method, device and equipment
WO2017028612A1 (en) * 2015-08-18 2017-02-23 中兴通讯股份有限公司 Antivirus method and device for virtual machine
CN109829303A (en) * 2018-12-28 2019-05-31 北京奇安信科技有限公司 A kind of Intranet cloud checking and killing method, console and client based on system file
CN111027066A (en) * 2019-10-30 2020-04-17 北京安天网络安全技术有限公司 Method and system for implementing virus killing software client light proxy under KVM platform
CN111177706A (en) * 2019-12-25 2020-05-19 北京珞安科技有限责任公司 Process white list updating method based on trusted software library
CN111191232A (en) * 2019-06-28 2020-05-22 腾讯科技(深圳)有限公司 Method, device and storage medium for virus searching and killing

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102238145A (en) * 2010-04-27 2011-11-09 北京启明星辰信息技术股份有限公司 Method and device for preventing network attack
US20130139265A1 (en) * 2011-11-24 2013-05-30 Kaspersky Lab Zao System and method for correcting antivirus records to minimize false malware detections
WO2017028612A1 (en) * 2015-08-18 2017-02-23 中兴通讯股份有限公司 Antivirus method and device for virtual machine
CN105975860A (en) * 2016-04-26 2016-09-28 北京金山安全软件有限公司 Trust file management method, device and equipment
CN109829303A (en) * 2018-12-28 2019-05-31 北京奇安信科技有限公司 A kind of Intranet cloud checking and killing method, console and client based on system file
CN111191232A (en) * 2019-06-28 2020-05-22 腾讯科技(深圳)有限公司 Method, device and storage medium for virus searching and killing
CN111027066A (en) * 2019-10-30 2020-04-17 北京安天网络安全技术有限公司 Method and system for implementing virus killing software client light proxy under KVM platform
CN111177706A (en) * 2019-12-25 2020-05-19 北京珞安科技有限责任公司 Process white list updating method based on trusted software library

Similar Documents

Publication Publication Date Title
RU2568295C2 (en) System and method for temporary protection of operating system of hardware and software from vulnerable applications
US10228929B2 (en) Method and apparatus for modifying a computer program in a trusted manner
EP2696282B1 (en) System and method for updating authorized software
US7475427B2 (en) Apparatus, methods and computer programs for identifying or managing vulnerabilities within a data processing network
US7913290B2 (en) Device management apparatus, device, and device management method
WO2019037522A1 (en) Bug fixing method, bug fixing device and server
WO2007036089A1 (en) A computer system and a security enhancing method thereof
CN105183504A (en) Software server based process white-list updating method
WO2006049475A1 (en) Apparatus and system for preventing virus
CN107395395B (en) Processing method and device of safety protection system
CN104573435A (en) Method for terminal authority management and terminal
US20150033004A1 (en) Processing Device
CN111914249A (en) Program white list generation method, program updating method and device
CN110874231A (en) Method, device and storage medium for updating terminal version
EP2754079B1 (en) Malware risk scanner
CN113779584A (en) Protection software installation method and system
US20120174206A1 (en) Secure computing environment
US9348849B1 (en) Backup client zero-management
JP2022501733A (en) Data management methods and devices and servers
CN111083089A (en) Safety ferry system and method
CN111917736B (en) Network security management method, computing device and readable storage medium
TWI730415B (en) Detection system, detection method, and an update verification method performed by using the detection method
CN114329444A (en) System safety improving method and device
US11880273B2 (en) Method for installing a program code packet onto a device, device, and motor vehicle
CN111930394A (en) Software package management and operation method and device for industrial control system, industrial control system and computer readable medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20211210

RJ01 Rejection of invention patent application after publication