TWI753829B - Company computer management control immediately system and method thereof - Google Patents

Company computer management control immediately system and method thereof Download PDF

Info

Publication number
TWI753829B
TWI753829B TW110118143A TW110118143A TWI753829B TW I753829 B TWI753829 B TW I753829B TW 110118143 A TW110118143 A TW 110118143A TW 110118143 A TW110118143 A TW 110118143A TW I753829 B TWI753829 B TW I753829B
Authority
TW
Taiwan
Prior art keywords
application
enterprise computer
control
module
management
Prior art date
Application number
TW110118143A
Other languages
Chinese (zh)
Other versions
TW202247015A (en
Inventor
朱明為
Original Assignee
彰化商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 彰化商業銀行股份有限公司 filed Critical 彰化商業銀行股份有限公司
Priority to TW110118143A priority Critical patent/TWI753829B/en
Application granted granted Critical
Publication of TWI753829B publication Critical patent/TWI753829B/en
Publication of TW202247015A publication Critical patent/TW202247015A/en

Links

Images

Abstract

A company computer management control immediately system and a method thereof are provided. Management control application is installed and executed in company computer. Processing response of antivirus application is obtained by management control application and update warning information and network warning information are generated by management control application respectively. Processing response of antivirus application, update warning information and network warning information are provided to management control server from management control application. Response value is generated according to processing response, update warning value is generated according to update warning information and network warning value is generated according to network warning information by management control server and risk assessed value is calculated according to response value, update warning value and network warning value. Comprehensive management control of company computer is achieved based on determined risk assessed value. Therefore, the improve efficiency of comprehensive management control of company computer may be achieved.

Description

企業電腦即時管控系統及其方法Enterprise computer real-time management and control system and method thereof

一種管控系統及其方法,尤其是指一種透過對風險評估值的判斷以實現企業電腦即時管控系統及其方法。A management and control system and a method thereof, in particular, a real-time management and control system and a method for realizing an enterprise computer by judging a risk assessment value.

現有對於企業電腦的管控,僅是被動透過在企業電腦中安裝防毒軟體以避免企業電腦因中毒而造成企業機密資料的外洩,現有方式雖然可以達到部分企業電腦的管控,但對於作業系統、應用程式以及防毒軟體…等若是未即時進行更新,則仍然會因為作業系統、應用程式以及防毒軟體…等未及時更新而產生的安全性漏洞造成企業機密資料的外洩,現有對於企業電腦的管控仍存在有缺失。The existing management and control of enterprise computers is only passively installed antivirus software in the enterprise computers to avoid the leakage of confidential information of the enterprise due to poisoning of the enterprise computers. Although the existing methods can achieve the management and control of some enterprise computers, the If programs and anti-virus software... are not updated immediately, the security loopholes caused by the operating system, application programs, and anti-virus software... There are missing.

綜上所述,可知先前技術中長期以來一直存在現有對於企業電腦透過防毒軟體進行管控仍存在安全性漏洞管控缺失的問題,因此有必要提出改進的技術手段,來解決此一問題。To sum up, it can be seen that there has been a long-standing problem in the prior art that the management and control of enterprise computers through antivirus software still has the problem of lack of security vulnerability management and control. Therefore, it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在現有對於企業電腦透過防毒軟體進行管控仍存在安全性漏洞管控缺失的問題,本發明遂揭露一種企業電腦即時管控系統及其方法,其中:In view of the existing problems in the prior art that the management and control of enterprise computers through antivirus software still has the problem of lack of security loophole control, the present invention discloses a real-time management and control system for enterprise computers and a method thereof, wherein:

本發明所揭露的企業電腦即時管控系統,其包含:企業電腦以及管控伺服器,管控伺服器,企業電腦安裝且執行管控應用程式以及防毒應用程式,管控應用程式更包含:響應接收模組、響應模組、網路警示資訊模組以及電腦傳送模組;管控伺服器更包含:伺服器接收模組、生成模組、風險評估模組以及警示資訊模組。The enterprise computer real-time management and control system disclosed in the present invention includes: an enterprise computer and a management and control server, a management and control server, a management and control application program and an anti-virus application program installed and executed on the enterprise computer, and the management and control application program further includes: a response receiving module, a response module, network warning information module and computer transmission module; the control server further includes: server receiving module, generating module, risk assessment module and warning information module.

管控應用程式的響應接收模組是用以自防毒應用程式接收防毒應用程式的處理響應;管控應用程式的響應模組是當管控應用程式或安裝於企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,生成更新警示訊息,當接收到統計訊息時,顯示統計訊息,當接收網路禁止指令時,禁止企業電腦的網路連線功能;管控應用程式的網路警示資訊模組是用以當企業電腦的防火牆阻擋大量連線行為時,生成網路警示訊息;及管控應用程式的電腦傳送模組是用以傳送處理響應、更新警示訊息或是網路警示訊息。The response receiving module of the management application is used to receive the processing response of the antivirus application from the antivirus application; the response module of the management application is to trigger the operating system when the management application or the application installed on the enterprise computer is executed. Or the online update of the executed application, when the update of the operating system or the executed application is not completed, an update warning message will be generated. Network connection function; the network warning information module of the control application is used to generate network warning messages when the firewall of the enterprise computer blocks a large number of connection activities; and the computer transmission module of the control application is used to transmit Process responses, update alerts, or network alerts.

管控伺服器的伺服器接收模組是用以自電腦傳送模組接收處理響應、更新警示訊息或是網路警示訊息;管控伺服器的生成模組是用以將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息;管控伺服器的風險評估模組是用以將響應值、更新警示值以及網路警示值累計為風險評估值;及管控伺服器的警示資訊模組是用以當風險評估值小於等於門檻值且統計訊息僅具有更新警示訊息時,將統計訊息傳送至響應模組,當風險評估值大於門檻值時,生成網路禁止指令,將網路禁止指令傳送至響應模組。The server receiving module of the control server is used to send the module from the computer to receive the processing response, update warning message or network warning message; the generating module of the management server is used to generate the response value corresponding to the processing response. The update alert message generates an update alert value, the network alert message generates a network alert value, and the processing response, update alert message and network alert message generate statistical information; the risk assessment module of the management server is used to convert the response value , the update warning value and the network warning value are accumulated to be the risk assessment value; and the warning information module of the control server is used to send the statistical information to the The response module, when the risk assessment value is greater than the threshold value, generates a network prohibition instruction, and transmits the network prohibition instruction to the response module.

本發明所揭露的企業電腦即時管控方法,其包含下列步驟:The enterprise computer real-time management and control method disclosed by the present invention comprises the following steps:

首先,企業電腦安裝且執行管控應用程式以及防毒應用程式;接著,管控應用程式自防毒應用程式接收防毒應用程式的處理響應;接著,當管控應用程式或安裝於企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,管控應用程式生成更新警示訊息;接著,當企業電腦的防火牆阻擋大量連線行為時,管控應用程式生成網路警示訊息;接著,管控應用程式傳送處理響應、更新警示訊息或是網路警示訊息至管控伺服器;接著,管控伺服器將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息;接著,管控伺服器將響應值、更新警示值以及網路警示值累計為風險評估值;接著,當風險評估值小於等於門檻值且統計訊息僅具有更新警示訊息時,管控伺服器將統計訊息傳送至管控應用程式並加以顯示;最後,當風險評估值大於門檻值時,管控伺服器生成網路禁止指令,並將網路禁止指令傳送至管控應用程式以禁止企業電腦的網路連線功能。First, the enterprise computer installs and executes the management application and the antivirus application; then, the management application receives the processing response of the antivirus application from the antivirus application; then, when the management application or the application installed on the enterprise computer is executed, Trigger the online update of the operating system or the executed application. When the update of the operating system or the executed application is not completed, the control application generates an update warning message; then, when the firewall of the enterprise computer blocks a large number of connection behaviors, the control application Generate a network warning message; then, the control application sends a processing response, an update warning message or a network warning message to the control server; then, the control server will process the response to generate a corresponding response value, and generate the update warning value from the update warning message , generate the network warning value from the network warning message, and generate the statistical information from the processing response, update warning message and network warning message; then, the control server accumulates the response value, the update warning value and the network warning value into a risk assessment Then, when the risk assessment value is less than or equal to the threshold value and the statistical information only has an update warning message, the control server sends the statistical information to the control application and displays it; finally, when the risk assessment value is greater than the threshold value, the control server The server generates a network ban command and transmits the network ban command to the control application to disable the network connection function of the enterprise computer.

本發明所揭露的系統及方法如上,與先前技術之間的差異在於企業電腦安裝且執行管控應用程式,管控應用程式取得防毒應用程式的處理響應以及分別生成更新警示訊息以及網路警示訊息,管控應用程式提供防毒應用程式的處理響應、生成更新警示訊息以及網路警示訊息至管控伺服器,管控伺服器將處理響應對應生成響應值、將更新警示訊息生成更新警示值以及將網路警示訊息生成網路警示值以累計為風險評估值,透過對風險評估值的判斷以實現企業電腦的管控全面性。The system and method disclosed in the present invention are as above, and the difference between the system and the prior art lies in that the enterprise computer installs and executes the management and control application, and the management and control application obtains the processing response of the anti-virus application, and generates an update warning message and a network warning message respectively. The application provides the antivirus application's processing response, generates update alert messages and network alert messages to the control server, and the control server processes the responses to generate response values, update alert messages to update alert values, and generate network alert messages. The network warning value is accumulated as the risk assessment value. Through the judgment of the risk assessment value, the comprehensive management and control of the enterprise computer can be realized.

透過上述的技術手段,本發明可以達成提高企業電腦管控全面性的技術功效。Through the above technical means, the present invention can achieve the technical effect of improving the comprehensiveness of enterprise computer management and control.

以下將配合圖式及實施例來詳細說明本發明的實施方式,藉此對本發明如何應用技術手段來解決技術問題並達成技術功效的實現過程能充分理解並據以實施。The embodiments of the present invention will be described in detail below with the drawings and examples, so as to fully understand and implement the implementation process of how the present invention applies technical means to solve technical problems and achieve technical effects.

以下首先要說明本發明所揭露的企業電腦即時管控系統,並請參考「第1圖」所示,「第1圖」繪示為本發明企業電腦即時管控系統的系統方塊圖。The following first describes the enterprise computer real-time management and control system disclosed in the present invention, and please refer to "Figure 1", which is a system block diagram of the enterprise computer real-time management and control system of the present invention.

本發明所揭露的企業電腦即時管控系統,其包含:企業電腦10以及管控伺服器20,管控伺服器20,企業電腦10安裝且執行管控應用程式11以及防毒應用程式12,管控應用程式11更包含:響應接收模組111、響應模組112、網路警示資訊模組113以及電腦傳送模組114;管控伺服器20更包含:伺服器接收模組21、生成模組22、風險評估模組23以及警示資訊模組24。The enterprise computer real-time management and control system disclosed in the present invention comprises: an enterprise computer 10 and a management and control server 20, the management and control server 20, the enterprise computer 10 installs and executes a management and control application 11 and an anti-virus application 12, and the management and control application 11 further includes : a response receiving module 111, a response module 112, a network warning information module 113 and a computer transmission module 114; the control server 20 further includes: a server receiving module 21, a generating module 22, and a risk assessment module 23 And the warning information module 24 .

企業電腦10與管控伺服器20是透過有線傳輸方式或是無線傳輸方式建立連線,有線傳輸方式例如是:電纜網路、光纖網路…等,無線傳輸方式例如是Wi-Fi、行動通訊網路(3G、4G、5G…等)…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The enterprise computer 10 and the control server 20 are connected through wired or wireless transmission. The wired transmission is, for example, a cable network, an optical fiber network, etc., and the wireless transmission is, for example, Wi-Fi, a mobile communication network, etc. (3G, 4G, 5G, etc.), etc., are only illustrative here, and are not intended to limit the scope of application of the present invention.

管控應用程式11的響應接收模組111是用以自防毒應用程式12接收防毒應用程式12的處理響應,防毒應用程式12是提供對企業電腦10防護,例如是:企業電腦10會對企業電腦10中的檔案進行病毒的掃描與解毒,以提供企業電腦10中檔案的保護;企業電腦10與外部裝置進行連線(例如:透過USB連線、透過藍牙連線…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇)時,防毒應用程式12阻擋外部裝置主動安裝惡意程式,並且對外部裝置所儲存的檔案進行病毒的掃瞄,確認外部裝置所儲存的檔案沒有病毒時,才讓企業電腦10正常使用外部裝置;企業電腦10於網路上進行檔案的下載時,防毒應用程式12會對該檔案進行病毒的掃瞄,確認該檔案沒有病毒時,才讓企業電腦10下載該檔案;企業電腦10透過瀏覽器瀏覽網頁時,防毒應用程式12會阻擋被瀏覽網頁主動安裝惡意程式;企業電腦10在執行電子郵件應用程式時,防毒應用程式12會對接收的電子郵件病毒的掃瞄,確認接收到的電子郵件沒有病毒時,才讓企業電腦10正常使用電子郵件;防毒應用程式12更具備端點偵測回應(Endpoint Detection and Response,EDR)透過判斷端點偵測回應是否異常以對企業電腦10提供防護…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The response receiving module 111 of the control application 11 is used for receiving the processing response of the anti-virus application 12 from the anti-virus application 12 , and the anti-virus application 12 provides protection for the enterprise computer 10 , for example, the enterprise computer 10 may respond to the enterprise computer 10 . Virus scanning and detoxification are performed on the files in the enterprise computer 10 to protect the files in the enterprise computer 10; the enterprise computer 10 is connected with external devices (for example, through a USB connection, through a Bluetooth connection, etc.) (not to limit the scope of application of the present invention), the antivirus application 12 prevents the external device from actively installing malicious programs, and scans the files stored in the external device for viruses to confirm that the files stored in the external device are free of viruses Only when the enterprise computer 10 normally uses the external device; when the enterprise computer 10 downloads a file on the Internet, the antivirus application 12 will scan the file for viruses, and only when it is confirmed that the file has no virus, will the enterprise computer 10 be allowed to Download the file; when the enterprise computer 10 browses the web through a browser, the antivirus application 12 will block the browsed webpage from actively installing malicious programs; when the enterprise computer 10 executes the email application, the antivirus application 12 will prevent the received email from virus The enterprise computer 10 can use the e-mail normally only when it is confirmed that the received e-mail is free of viruses; the anti-virus application 12 is further equipped with an Endpoint Detection and Response (EDR) by judging the endpoint detection response. Whether it is abnormal so as to provide protection for the enterprise computer 10, etc., are only illustrative here, and are not intended to limit the scope of application of the present invention.

防毒應用程式12會根據上述所提出的防護功能對應生成處理響應,具體而言,若防毒應用程式12對企業電腦10中的檔案進行病毒的掃描發現具有病毒,但防毒應用程式12無法對該病毒進行解毒時,防毒應用程式12即會生成處理響應為“中毒無法清除”;若防毒應用程式12對企業電腦10中的檔案進行病毒的掃描發現具有病毒,但防毒應用程式12對該病毒完成解毒後,短時間(例如:1分鐘、5分鐘、10分鐘…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇)再次中毒(不論是相同病毒或是不同病毒),防毒應用程式12即會生成處理響應為“持續中毒”;若防毒應用程式12阻擋外部裝置主動安裝惡意程式時,防毒應用程式12即會生成處理響應為“發現安裝惡意程式”;若防毒應用程式12阻擋外部裝置主動安裝惡意程式時,防毒應用程式12對網路上下載檔案的病毒掃描解果為發現病毒,防毒應用程式12即會生成處理響應為“發現下載檔案具有病毒”;防毒應用程式12判斷端點偵測回應為異常時,防毒應用程式12即會生成處理響應為“EDR事件”…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The anti-virus application 12 will correspondingly generate a processing response according to the above-mentioned protection function. Specifically, if the anti-virus application 12 scans the files in the enterprise computer 10 for viruses and finds that there is a virus, the anti-virus application 12 cannot detect the virus. When performing detoxification, the anti-virus application 12 will generate a processing response of "poisoning cannot be removed"; if the anti-virus application 12 scans the files in the enterprise computer 10 for viruses and finds that there is a virus, but the anti-virus application 12 has completed the detoxification of the virus After a short period of time (for example: 1 minute, 5 minutes, 10 minutes, etc., this is only an example, and does not limit the scope of application of the present invention) again poisoning (whether it is the same virus or a different virus), The anti-virus application 12 will generate a processing response of "persistent poisoning"; if the anti-virus application 12 blocks the external device from actively installing malicious programs, the anti-virus application 12 will generate a processing response of "found malicious programs installed"; 12 When the external device is blocked from actively installing malicious programs, the anti-virus application 12 scans the downloaded files on the Internet and finds a virus, and the anti-virus application 12 will generate a processing response of "found a virus in the downloaded file"; the anti-virus application 12 When judging that the endpoint detection response is abnormal, the antivirus application 12 will generate the processing response as "EDR event", etc., which is only for illustration, and does not limit the application scope of the present invention.

接著,管控應用程式11的響應模組112是當管控應用程式11或安裝於企業電腦10的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,管控應用程式11的響應模組112即會生成更新警示訊息。Next, the response module 112 of the management application 11 triggers the online update of the operating system or the executed application when the management application 11 or the application installed on the enterprise computer 10 is executed. When the update is not completed, the response module 112 of the management application 11 will generate an update warning message.

接著,管控應用程式11的網路警示資訊模組113是用以當企業電腦10的防火牆阻擋大量連線行為時,此時即表示企業電腦10受到外部網路的網路攻擊(例如:分散式阻斷服務攻擊(Distributed Denial of Service attack, DDoS attack)、駭客入侵…等),管控應用程式11的網路警示資訊模組113即會生成網路警示訊息。Next, the network warning information module 113 of the control application 11 is used when the firewall of the enterprise computer 10 blocks a large number of connection behaviors, which means that the enterprise computer 10 is attacked by an external network (eg, distributed Denial of service attack (Distributed Denial of Service attack, DDoS attack, hacker intrusion, etc.), the network warning information module 113 of the control application 11 will generate a network warning message.

在管控應用程式11的響應接收模組111自防毒應用程式12接收防毒應用程式12的處理響應,以及/或是管控應用程式11的響應模組112生成更新警示訊息,以及/或是管控應用程式11的網路警示資訊模組113生成網路警示訊息,管控應用程式11的電腦傳送模組114即可能會單獨傳送處理響應、更新警示訊息或是網路警示訊息至管控伺服器20的伺服器接收模組21,管控應用程式11的電腦傳送模組114也可能會同時傳送處理響應與更新警示訊息、更新警示訊息與網路警示訊息或是處理響應與網路警示訊息至管控伺服器20的伺服器接收模組21,管控應用程式11的電腦傳送模組114也可能會同時傳送處理響應、更新警示訊息與網路警示訊息至管控伺服器20的伺服器接收模組21。The response receiving module 111 of the management application 11 receives the processing response of the antivirus application 12 from the antivirus application 12, and/or the response module 112 of the management application 11 generates an update warning message, and/or the management application The network warning information module 113 of 11 generates a network warning message, and the computer transmission module 114 of the control application 11 may send a processing response, an update warning message or a network warning message to the server of the control server 20 individually. The receiving module 21, the computer sending module 114 of the management application 11 may also simultaneously send the processing response and the update warning message, the update warning message and the network warning message, or the processing response and the network warning message to the management server 20. The server receiving module 21 and the computer sending module 114 of the control application 11 may also simultaneously send the processing response, the update warning message and the network warning message to the server receiving module 21 of the control server 20 .

管控伺服器20的生成模組22即可依據接收到的處理響應、更新警示訊息、網路警示訊息、處理響應與更新警示訊息、更新警示訊息與網路警示訊息、處理響應與網路警示訊息或是處理響應、更新警示訊息與網路警示訊息對應將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息。The generation module 22 of the control server 20 can be based on the received processing response, update warning message, network warning message, processing response and update warning message, update warning message and network warning message, processing response and network warning message Or the processing response, the update warning message corresponds to the network warning message, the response value is correspondingly generated from the processing response, the update warning value is generated from the update warning message, the network warning value is generated from the network warning message, and the processing response and the update warning message are generated. And network alert messages generate statistics.

具體而言,若處理響應為“中毒無法清除”,管控伺服器20的生成模組22即可將處理響應為“中毒無法清除”對應生成響應值為“1”;若處理響應為“持續中毒”,管控伺服器20的生成模組22即可將處理響應為“持續中毒”對應生成響應值為“2”;處理響應為“EDR事件”,管控伺服器20的生成模組22即可將處理響應為“EDR事件”對應生成響應值為“3”;若更新警示訊息為“作業系統更新異常”,管控伺服器20的生成模組22即可將更新警示訊息為“作業系統更新異常”對應生成更新警示值為“1”;若網路警示訊息為“分散式阻斷服務攻擊”,管控伺服器20的生成模組22即可將網路警示訊息為“分散式阻斷服務攻擊”對應生成網路警示值為“2”,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。Specifically, if the processing response is “poisoning cannot be cleared”, the generation module 22 of the control server 20 can set the processing response as “poisoning cannot be cleared” corresponding to the generated response value of “1”; if the processing response is “continuous poisoning” ”, the generation module 22 of the control server 20 can set the processing response as “continuous poisoning” and the corresponding generation response value is “2”; the processing response is “EDR event”, the generation module 22 of the control server 20 can The processing response is "EDR event" and the corresponding generation response value is "3"; if the update warning message is "operation system update abnormality", the generation module 22 of the control server 20 can change the update warning message as "operation system update abnormality" The corresponding generation update alert value is "1"; if the network alert message is "distributed denial of service attack", the generation module 22 of the control server 20 can set the network alert message as "distributed denial of service attack" The value corresponding to the generated network alert is "2", which is only for illustration and does not limit the scope of application of the present invention.

在管控伺服器20的生成模組22將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息後,管控伺服器20的風險評估模組23即可將響應值、更新警示值以及網路警示值累計為風險評估值。The generation module 22 of the control server 20 will process the response correspondingly to generate the response value, generate the update alert value from the update alert message, generate the network alert value from the network alert message, and process the response, update alert message and network alert. After the statistical information is generated from the information, the risk assessment module 23 of the control server 20 can accumulate the response value, the update warning value and the network warning value into a risk assessment value.

接著,管控伺服器20的警示資訊模組24會當風險評估值小於等於門檻值且統計訊息僅具有更新警示訊息時,將統計訊息傳送至管控應用程式11的響應模組112,在管控應用程式11的響應模組112自管控伺服器20的警示資訊模組24接收到統計訊息時,即可對統計訊息進行顯示,藉以讓企業電腦10的操作者可以進行後續的處理。Next, the warning information module 24 of the management and control server 20 will send the statistical information to the response module 112 of the management and control application 11 when the risk assessment value is less than or equal to the threshold value and the statistical information only has an update warning When the response module 112 of 11 receives the statistical information from the warning information module 24 of the management server 20, it can display the statistical information, so that the operator of the enterprise computer 10 can perform subsequent processing.

管控伺服器20的警示資訊模組24會當風險評估值大於門檻值時,生成網路禁止指令,以將網路禁止指令傳送至管控應用程式11的響應模組112,在管控應用程式11的響應模組112自管控伺服器20的警示資訊模組24接收到網路禁止指令時,即會禁止企業電腦10的網路連線功能,並且將與企業電腦10對應的統計訊息傳送至管理者裝置30並加以顯示,藉以讓管理者裝置30的管理者可以進行後續的處理,例如:病毒的清除、網路進行重新設定、作業系統的重灌…等,在此僅為舉例說明之,並不以此侷限本發明的應用範疇。The warning information module 24 of the management and control server 20 generates a network prohibition command when the risk assessment value is greater than the threshold value, so as to transmit the network prohibition command to the response module 112 of the management and control application 11 . When the response module 112 receives a network prohibition command from the warning information module 24 of the management server 20, it prohibits the network connection function of the enterprise computer 10, and transmits statistical information corresponding to the enterprise computer 10 to the administrator The device 30 is displayed, so that the administrator of the administrator device 30 can perform subsequent processing, such as: virus removal, network resetting, operating system reloading, etc. This does not limit the scope of application of the present invention.

管控應用程式11更包含應用程式取得模組115以及管控伺服器20更包含比對資料庫25以及比對模組26,管控伺服器20的比對資料庫25中預先儲存有許可應用程式清單,許可應用程式清單中包含有多個被可許使用的應用程式名稱,管控應用程式11的應用程式取得模組115在取得安裝於企業電腦10的多個應用程式的應用程式名稱以生成安裝應用程式清單,安裝應用程式清單中包含有多個安裝於企業電腦10中的應用程式名稱,安裝應用程式清單可以自作業系統所提供的應用程式管理相關功能得到。The management application 11 further includes an application obtaining module 115 and the management server 20 further includes a comparison database 25 and a comparison module 26. The comparison database 25 of the management server 20 stores a list of permitted applications in advance. The list of permitted applications includes a plurality of application names that are permitted to be used. The application obtaining module 115 of the management application 11 obtains the application names of the plurality of applications installed on the enterprise computer 10 to generate an installation application The list of installed applications includes the names of a plurality of applications installed in the enterprise computer 10, and the list of installed applications can be obtained from the application management related functions provided by the operating system.

在管控應用程式11的應用程式取得模組115取得安裝於企業電腦10的多個應用程式的應用程式名稱以生成安裝應用程式清單後,管控應用程式11的電腦傳送模組114即可傳送安裝應用程式清單至管控伺服器20,管控伺服器20的伺服器接收模組21即可自管控應用程式11的電腦傳送模組114接收安裝應用程式清單。After the application acquisition module 115 of the management application 11 obtains the application names of the plurality of applications installed on the enterprise computer 10 to generate the installed application list, the computer transmission module 114 of the management application 11 can transmit the installation applications The program list is sent to the management server 20 , and the server receiving module 21 of the management server 20 can receive the installed application list from the computer transmission module 114 of the management application 11 .

在管控伺服器20的伺服器接收模組21自管控應用程式11的電腦傳送模組114接收安裝應用程式清單後,管控伺服器20的比對模組26在比對出安裝應用程式清單與許可應用程式清單中具有不相同的應用程式名稱時,管控伺服器20的生成模組22即可依據不相同的應用程式名稱生成對應的應用程式刪除指令。After the server receiving module 21 of the management server 20 receives the installed application list from the computer transmission module 114 of the management application 11, the comparison module 26 of the management server 20 compares the installed application list with the license When there are different application names in the application list, the generation module 22 of the control server 20 can generate corresponding application deletion instructions according to the different application names.

在管控伺服器20的生成模組22依據不相同的應用程式名稱生成對應的應用程式刪除指令後,管控伺服器20的警示資訊模組24即可傳送應用程式刪除指令至管控應用程式11的響應模組112,管控應用程式11的響應模組112即可依據應用程式刪除指令解除安裝對應的應用程式。After the generation module 22 of the management server 20 generates corresponding application deletion commands according to the different application names, the alert information module 24 of the management server 20 can send the application deletion command to the response of the management application 11 The module 112, the response module 112 of the control application 11 can uninstall the corresponding application according to the application deletion instruction.

值得注意的是,許可應用程式清單進一步可對應儲存企業電腦的媒體存取控制位址、企業電腦登入資訊以及應用程式名稱,當管控應用程式11的響應模組112執行應用程式的安裝時,藉由管控應用程式11的應用程式取得模組115以取得正在被安裝應用程式的應用程式名稱。It is worth noting that the list of approved applications can further correspond to the media access control address of the enterprise computer, the login information of the enterprise computer and the name of the application program. When the response module 112 of the control application program 11 executes the installation of the application program, The application acquisition module 115 of the management application 11 is used to acquire the application name of the application being installed.

在管控應用程式11的應用程式取得模組115取得正在被安裝應用程式的應用程式名稱後,管控應用程式11的電腦傳送模組114即可傳送正在被安裝應用程式的應用程式名稱、企業電腦的媒體存取控制位址(Media Access Control  Address,MAC Address)以及企業電腦登入資訊至管控伺服器20。After the application acquisition module 115 of the control application 11 obtains the application name of the application being installed, the computer transmission module 114 of the control application 11 can transmit the application name of the application being installed, the name of the application being installed, and the name of the enterprise computer. The Media Access Control Address (MAC Address) and the enterprise computer login information are sent to the control server 20 .

管控伺服器20的伺服器接收模組21即可自管控應用程式11的電腦傳送模組114接收正在被安裝應用程式的應用程式名稱、企業電腦的媒體存取控制位址以及企業電腦登入資訊。The server receiving module 21 of the management server 20 can receive the application name of the application being installed, the media access control address of the enterprise computer, and the enterprise computer login information from the computer transmission module 114 of the management application 11 .

接著,管控伺服器20的比對模組26比對企業電腦的媒體存取控制位址以及企業電腦登入資訊以取得許可應用程式清單中的應用程式名稱,再比對出正在被安裝應用程式的應用程式名稱與被比對出許可應用程式清單中的應用程式名稱不相同時,藉由管控伺服器20的生成模組22生成停止安裝指令。Next, the comparison module 26 of the management server 20 compares the media access control address of the enterprise computer and the login information of the enterprise computer to obtain the application name in the list of permitted applications, and then compares the name of the application being installed. When the application name is different from the application name in the compared list of permitted applications, the generation module 22 of the control server 20 generates a stop installation instruction.

在管控伺服器20的生成模組22生成停止安裝指令後,管控伺服器20的警示資訊模組24即可傳送停止安裝指令至管控應用程式11的響應模組112,管控應用程式11的響應模組112即可依據停止安裝指令終止應用程式的安裝程序。After the generation module 22 of the management server 20 generates the installation stop command, the warning information module 24 of the management server 20 can send the installation stop command to the response module 112 of the management application 11, and the response module of the management application 11 The group 112 can terminate the installation procedure of the application program according to the stop installation instruction.

接著,以下將說明本發明的運作方法,並請同時參考「第2A圖」以及「第2B圖」所示,「第2A圖」以及「第2B圖」繪示為本發明企業電腦即時管控方法的方法流程圖。Next, the operation method of the present invention will be described below, and please refer to "Fig. 2A" and "Fig. 2B" at the same time. "Fig. 2A" and "Fig. 2B" illustrate the real-time management and control method of enterprise computer of the present invention. method flow chart.

企業電腦安裝且執行管控應用程式以及防毒應用程式(步驟101);管控應用程式自防毒應用程式接收防毒應用程式的處理響應(步驟102);當管控應用程式或安裝於企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,管控應用程式生成更新警示訊息(步驟103);當企業電腦的防火牆阻擋大量連線行為時,管控應用程式生成網路警示訊息(步驟104);管控應用程式傳送處理響應、更新警示訊息或是網路警示訊息至管控伺服器(步驟105);管控伺服器將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息(步驟106);管控伺服器將響應值、更新警示值以及網路警示值累計為風險評估值(步驟107);當風險評估值小於等於門檻值且統計訊息僅具有更新警示訊息時,管控伺服器將統計訊息傳送至管控應用程式並加以顯示(步驟107);當風險評估值大於門檻值時,管控伺服器生成網路禁止指令,並將網路禁止指令傳送至管控應用程式以禁止企業電腦的網路連線功能(步驟108)。The enterprise computer installs and executes the management application and the antivirus application (step 101 ); the management application receives the processing response of the antivirus application from the antivirus application (step 102 ); when the management application or the application installed on the enterprise computer is executed When the update of the operating system or the executed application is triggered, when the update of the operating system or the executed application is not completed, the control application generates an update warning message (step 103); when the firewall of the enterprise computer blocks a large number of connection behaviors , the control application generates a network warning message (step 104 ); the control application transmits a processing response, an update warning message or a network warning message to the control server (step 105 ); the control server generates a response value corresponding to the processing response, Generate the update alert value from the update alert message, generate the network alert value from the network alert message, and generate statistical information from the processing response, the update alert message, and the network alert message (step 106 ); the control server generates the response value, update alert message The value and the network warning value are accumulated to be the risk assessment value (step 107 ); when the risk assessment value is less than or equal to the threshold value and the statistical information only has update warning information, the control server transmits the statistical information to the control application and displays it (step 107 ). 107); when the risk assessment value is greater than the threshold value, the control server generates a network prohibition command, and transmits the network prohibition command to the control application program to prohibit the network connection function of the enterprise computer (step 108).

請參考「第2C圖」所示,「第2C圖」繪示為本發明企業電腦即時管控方法的額外步驟方法流程圖,本發明企業電腦即時管控方法更包含下列步驟:Please refer to "Fig. 2C". "Fig. 2C" shows a flow chart of additional steps in the real-time enterprise computer management and control method of the present invention. The real-time enterprise computer management and control method of the present invention further includes the following steps:

管控應用程式取得安裝於企業電腦的多個應用程式的應用程式名稱以生成安裝應用程式清單(步驟201);管控應用程式傳送安裝應用程式清單至管控伺服器(步驟202);管控伺服器具有比對資料庫,比對資料庫儲存有許可應用程式清單(步驟203);管控伺服器比對出安裝應用程式清單與許可應用程式清單中具有不相同的應用程式名稱時,依據不相同的應用程式名稱生成對應的應用程式刪除指令(步驟204);管控伺服器傳送應用程式刪除指令至管控應用程式(步驟205);及管控應用程式依據應用程式刪除指令解除安裝對應的應用程式(步驟206)。The management application obtains the application names of multiple applications installed on the enterprise computer to generate a list of installed applications (step 201 ); the management application transmits the list of installed applications to the management server (step 202 ); the management server has a For the database, compare the database to store the list of permitted applications (step 203); when the control server compares the list of installed applications and the list of permitted applications to have different application names, it is based on the different application names. The corresponding application deletion instruction is generated by the name (step 204 ); the management server transmits the application deletion instruction to the management application (step 205 ); and the management application uninstalls the corresponding application according to the application deletion instruction (step 206 ).

請參考「第2D圖」所示,「第2D圖」繪示為本發明企業電腦即時管控方法的額外步驟方法流程圖,本發明企業電腦即時管控方法更包含下列步驟:Please refer to "Fig. 2D". "Fig. 2D" shows a flow chart of additional steps in the real-time management and control method of enterprise computers of the present invention. The real-time management and control method of enterprise computers of the present invention further includes the following steps:

企業電腦執行應用程式的安裝時,管控應用程式取得模組以取得正在被安裝應用程式的應用程式名稱(步驟301);管控應用程式傳送正在被安裝應用程式的應用程式名稱、企業電腦的媒體存取控制位址以及企業電腦登入資訊至管控伺服器(步驟302);管控伺服器具有比對資料庫,比對資料庫儲存有許可應用程式清單,許可應用程式清單對應儲存企業電腦的媒體存取控制位址、企業電腦登入資訊以及應用程式名稱(步驟303);管控伺服器比對企業電腦的媒體存取控制位址以及企業電腦登入資訊以取得許可應用程式清單中的應用程式名稱(步驟304);管控伺服器再比對出正在被安裝應用程式的應用程式名稱與被比對出許可應用程式清單中的應用程式名稱不相同時,生成停止安裝指令(步驟305);管控伺服器傳送停止安裝指令至管控應用程式(步驟306);及管控應用程式依據停止安裝指令終止應用程式的安裝程序(步驟307)。When the enterprise computer executes the installation of the application, the management application obtains the module to obtain the application name of the application being installed (step 301 ); the management application transmits the application name of the application being installed and the media storage of the enterprise computer. Get the control address and the enterprise computer login information to the control server (step 302 ); the control server has a comparison database, and the comparison database stores a list of permitted applications, and the list of permitted applications corresponds to the media access for storing the enterprise computer Control address, enterprise computer login information and application name (step 303 ); the management server compares the media access control address of the enterprise computer and enterprise computer login information to obtain the application name in the list of permitted applications (step 304 ) ); when the control server verifies that the name of the application being installed is not the same as the name of the application in the list of permitted applications to be compared, a stop installation instruction is generated (step 305 ); the transmission of the control server stops The installation instruction is sent to the management application (step 306 ); and the management application terminates the installation procedure of the application according to the stop installation instruction (step 307 ).

綜上所述,可知本發明與先前技術之間的差異在於企業電腦安裝且執行管控應用程式,管控應用程式取得防毒應用程式的處理響應以及分別生成更新警示訊息以及網路警示訊息,管控應用程式提供防毒應用程式的處理響應、生成更新警示訊息以及網路警示訊息至管控伺服器,管控伺服器將處理響應對應生成響應值、將更新警示訊息生成更新警示值以及將網路警示訊息生成網路警示值以累計為風險評估值,透過對風險評估值的判斷以實現企業電腦的管控全面性。From the above, it can be seen that the difference between the present invention and the prior art is that the enterprise computer installs and executes the control application program, the control application program obtains the processing response of the antivirus application, and generates update warning messages and network warning messages respectively, and controls the application program. Provide the antivirus application's processing response, generate update warning message and network warning message to the control server, the control server will process the response correspondingly to generate response value, update warning message to generate update warning value and network warning message to generate network The warning value is accumulated as the risk assessment value, and through the judgment of the risk assessment value, the comprehensive management and control of the enterprise computer can be realized.

藉由此一技術手段可以來解決先前技術所存在現有對於企業電腦透過防毒軟體進行管控仍存在安全性漏洞管控缺失的問題,進而達成提高企業電腦管控全面性的技術功效。This technical means can solve the existing problem of lack of security loophole control in the management and control of enterprise computers through antivirus software in the prior art, thereby achieving the technical effect of improving the comprehensiveness of enterprise computer management and control.

雖然本發明所揭露的實施方式如上,惟所述的內容並非用以直接限定本發明的專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露的精神和範圍的前提下,可以在實施的形式上及細節上作些許的更動。本發明的專利保護範圍,仍須以所附的申請專利範圍所界定者為準。Although the embodiments disclosed in the present invention are as above, the above-mentioned contents are not used to directly limit the scope of the patent protection of the present invention. Anyone with ordinary knowledge in the technical field to which the present invention pertains can make some changes in the form and details of the implementation without departing from the spirit and scope of the present invention. The scope of patent protection of the present invention shall still be defined by the scope of the appended patent application.

10:企業電腦 11:管控應用程式 111:響應接收模組 112:響應模組 113:網路警示資訊模組 114:電腦傳送模組 115:應用程式取得模組 12:防毒應用程式 20:管控伺服器 21:伺服器接收模組 22:生成模組 23:風險評估模組 24:警示資訊模組 25:比對資料庫 26:比對模組 步驟 101:企業電腦安裝且執行管控應用程式以及防毒應用程式 步驟 102:管控應用程式自防毒應用程式接收防毒應用程式的處理響應 步驟 103:當管控應用程式或安裝於企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,管控應用程式生成更新警示訊息 步驟 104:當企業電腦的防火牆阻擋大量連線行為時,管控應用程式生成網路警示訊息 步驟 105:管控應用程式傳送處理響應、更新警示訊息或是網路警示訊息至管控伺服器 步驟 106:管控伺服器將處理響應對應生成響應值,將更新警示訊息生成更新警示值,將網路警示訊息生成網路警示值,以及將處理響應、更新警示訊息以及網路警示訊息生成統計訊息 步驟 107:管控伺服器將響應值、更新警示值以及網路警示值累計為風險評估值 步驟 108:當風險評估值小於等於門檻值且統計訊息僅具有更新警示訊息時,管控伺服器將統計訊息傳送至管控應用程式並加以顯示 步驟 109:當風險評估值大於門檻值時,管控伺服器生成網路禁止指令,並將網路禁止指令傳送至管控應用程式以禁止企業電腦的網路連線功能 步驟 201:管控應用程式取得安裝於企業電腦的多個應用程式的應用程式名稱以生成安裝應用程式清單 步驟 202:管控應用程式傳送安裝應用程式清單至管控伺服器 步驟 203:管控伺服器具有比對資料庫,比對資料庫儲存有許可應用程式清單 步驟 204:管控伺服器比對出安裝應用程式清單與許可應用程式清單中具有不相同的應用程式名稱時,依據不相同的應用程式名稱生成對應的應用程式刪除指令 步驟 205: 管控伺服器傳送應用程式刪除指令至管控應用程式 步驟 206:管控應用程式依據應用程式刪除指令解除安裝對應的應用程式 步驟 301:企業電腦執行應用程式的安裝時,管控應用程式取得模組以取得正在被安裝應用程式的應用程式名稱 步驟 302:管控應用程式傳送正在被安裝應用程式的應用程式名稱、企業電腦的媒體存取控制位址以及企業電腦登入資訊至管控伺服器 步驟 303:管控伺服器具有比對資料庫,比對資料庫儲存有許可應用程式清單,許可應用程式清單對應儲存企業電腦的媒體存取控制位址、企業電腦登入資訊以及應用程式名稱 步驟 304:管控伺服器比對企業電腦的媒體存取控制位址以及企業電腦登入資訊以取得許可應用程式清單中的應用程式名稱 步驟 305:管控伺服器再比對出正在被安裝應用程式的應用程式名稱與被比對出許可應用程式清單中的應用程式名稱不相同時,生成停止安裝指令 步驟 306:管控伺服器傳送停止安裝指令至管控應用程式 步驟 307:管控應用程式依據停止安裝指令終止應用程式的安裝程序10: Business PCs 11: Control the application 111: Response receiving module 112: Responsive Mods 113: Network warning information module 114: Computer Transmission Module 115: The application gets the module 12: Antivirus apps 20: Control the server 21: Server receiving module 22: Generate Mods 23: Risk Assessment Module 24: Warning information module 25: Compare databases 26: Comparison module Step 101: Install and run the control application and antivirus application on the enterprise computer Step 102: The management application receives the processing response of the anti-virus application from the anti-virus application Step 103: When the control application or the application installed on the enterprise computer is executed, the online update of the operating system or the executed application is triggered. When the update of the operating system or the executed application is not completed, the control application generates an update alert message Step 104: When the firewall of the corporate computer blocks a large number of connections, the control application generates a network alert message Step 105: The control application sends the processing response, update warning message or network warning message to the control server Step 106: The control server generates a response value corresponding to the processing response, generates an update alert value from the update alert message, generates a network alert value from the network alert message, and generates a statistical message from the processing response, the update alert message and the network alert message Step 107: The control server accumulates the response value, the update warning value and the network warning value into a risk assessment value Step 108: When the risk assessment value is less than or equal to the threshold value and the statistical information only has an update warning message, the control server transmits the statistical information to the control application and displays it Step 109: When the risk assessment value is greater than the threshold value, the control server generates a network prohibition command, and transmits the network prohibition command to the control application to prohibit the network connection function of the enterprise computer Step 201: The management application obtains the application names of multiple applications installed on the enterprise computer to generate a list of installed applications Step 202: The management application transmits the list of installed applications to the management server Step 203: The control server has a comparison database, and the comparison database stores a list of permitted applications Step 204: When the control server compares the installed application list and the permitted application list with different application names, generates a corresponding application deletion instruction according to the different application names Step 205: The control server sends the application deletion command to the control application Step 206: The control application uninstalls the corresponding application according to the application deletion instruction Step 301: When the enterprise computer executes the installation of the application, the control application obtains the module to obtain the application name of the application being installed Step 302: The management application transmits the application name of the application being installed, the media access control address of the enterprise computer and the login information of the enterprise computer to the management server Step 303: The control server has a comparison database, the comparison database stores a list of permitted applications, and the list of permitted applications corresponds to the media access control address of the enterprise computer, the login information of the enterprise computer, and the name of the application program Step 304: The management server compares the media access control address of the enterprise computer with the enterprise computer login information to obtain the application name in the list of permitted applications Step 305: When the control server compares the application name of the application being installed and the name of the application in the list of permitted applications to be compared is not the same, generates a stop installation instruction Step 306: The management server sends a stop installation instruction to the management application Step 307: The control application terminates the installation procedure of the application according to the stop installation instruction

第1圖繪示為本發明企業電腦即時管控系統的系統方塊圖。 第2A圖以及第2B圖繪示為本發明企業電腦即時管控方法的方法流程圖。 第2C圖以及第2D圖繪示為本發明企業電腦即時管控方法的額外步驟方法流程圖。 FIG. 1 is a system block diagram of an enterprise computer real-time management and control system of the present invention. FIG. 2A and FIG. 2B are method flowcharts of the real-time management and control method of enterprise computer according to the present invention. FIG. 2C and FIG. 2D are flow charts showing additional steps of the real-time management and control method of enterprise computers according to the present invention.

10:企業電腦 10: Business PCs

11:管控應用程式 11: Control the application

111:響應接收模組 111: Response receiving module

112:響應模組 112: Responsive Mods

113:網路警示資訊模組 113: Network warning information module

114:電腦傳送模組 114: Computer Transmission Module

115:應用程式取得模組 115: The application gets the module

12:防毒應用程式 12: Antivirus apps

20:管控伺服器 20: Control the server

21:伺服器接收模組 21: Server receiving module

22:生成模組 22: Generate Mods

23:風險評估模組 23: Risk Assessment Module

24:警示資訊模組 24: Warning information module

25:比對資料庫 25: Compare databases

26:比對模組 26: Comparison module

Claims (10)

一種企業電腦即時管控系統,其包含: 一企業電腦,所述企業電腦安裝且執行一管控應用程式以及一防毒應用程式,所述管控應用程式更包含: 一響應接收模組,用以自所述防毒應用程式接收所述防毒應用程式的一處理響應; 一響應模組,當所述管控應用程式或安裝於所述企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,生成一更新警示訊息,當接收到一統計訊息時,顯示所述統計訊息,當接收一網路禁止指令時,禁止所述企業電腦的網路連線功能; 一網路警示資訊模組,用以當所述企業電腦的防火牆阻擋大量連線行為時,生成一網路警示訊息;及 一電腦傳送模組,用以傳送所述處理響應、所述更新警示訊息或是所述網路警示訊息;及 一管控伺服器,所述管控伺服器更包含: 一伺服器接收模組,用以自所述電腦傳送模組接收所述處理響應、所述更新警示訊息或是所述網路警示訊息; 一生成模組,用以將所述處理響應對應生成一響應值,將所述更新警示訊息生成一更新警示值,將所述網路警示訊息生成一網路警示值,以及將所述處理響應、所述更新警示訊息以及所述網路警示訊息生成一統計訊息; 一風險評估模組,用以將所述響應值、所述更新警示值以及所述網路警示值累計為所述風險評估值;及 一警示資訊模組,用以當所述風險評估值小於等於一門檻值且所述統計訊息僅具有所述更新警示訊息時,將所述統計訊息傳送至所述響應模組,當所述風險評估值大於所述門檻值時,生成所述網路禁止指令,將所述網路禁止指令傳送至所述響應模組。 An enterprise computer real-time management and control system, comprising: An enterprise computer, the enterprise computer installs and executes a control application and an antivirus application, and the control application further includes: a response receiving module for receiving a processing response of the anti-virus application from the anti-virus application; A response module, when the control application or the application installed on the enterprise computer is executed, triggers the online update of the operating system or the executed application, and when the operating system or the executed application is not updated, generating an update warning message, when receiving a statistical message, displaying the statistical message, and when receiving a network prohibition instruction, prohibiting the network connection function of the enterprise computer; a network warning information module for generating a network warning message when the firewall of the enterprise computer blocks a large number of connection activities; and a computer transmission module for transmitting the processing response, the update alert message or the network alert message; and A control server, the control server further includes: a server receiving module for receiving the processing response, the update warning message or the network warning message from the computer sending module; a generating module for generating a response value corresponding to the processing response, generating an update warning value from the update warning message, generating a network warning value from the network warning message, and generating a response value from the processing response , the update warning message and the network warning message generate a statistical message; a risk assessment module for accumulating the response value, the update warning value and the network warning value into the risk assessment value; and a warning information module for sending the statistical information to the response module when the risk assessment value is less than or equal to a threshold value and the statistical information only has the updated warning information, and when the risk When the evaluation value is greater than the threshold value, the network prohibition instruction is generated, and the network prohibition instruction is transmitted to the response module. 如請求項1所述的企業電腦即時管控系統,其中所述管控應用程式更包含一應用程式取得模組以取得安裝於所述企業電腦的多個應用程式的應用程式名稱以生成一安裝應用程式清單,透過所述電腦傳送模組傳送所述安裝應用程式清單至所述伺服器接收模組。The real-time management and control system of an enterprise computer according to claim 1, wherein the management and control application further comprises an application obtaining module to obtain the application names of a plurality of applications installed on the enterprise computer to generate an installation application The list of installed applications is sent to the server receiving module through the computer sending module. 如請求項2所述的企業電腦即時管控系統,其中所述管控伺服器更包含一比對資料庫以及一比對模組,所述比對資料庫儲存有一許可應用程式清單,當所述伺服器接收模組自所述電腦傳送模組接收所述安裝應用程式清單時,所述比對模組比對出所述安裝應用程式清單與所述許可應用程式清單中具有不相同的應用程式名稱,透過所述生成模組依據不相同的應用程式名稱生成對應的一應用程式刪除指令,所述警示資訊模組傳送所述應用程式刪除指令至所述響應模組,所述響應模組依據所述應用程式刪除指令解除安裝對應的應用程式。The enterprise computer real-time management and control system according to claim 2, wherein the management and control server further comprises a comparison database and a comparison module, and the comparison database stores a list of permitted applications. When the server receiving module receives the installed application list from the computer transmission module, the comparison module compares the installed application list and the permitted application list with different application names , the generation module generates a corresponding application deletion instruction according to different application names, the warning information module transmits the application deletion instruction to the response module, and the response module Uninstall the corresponding application using the above application removal instruction. 如請求項1所述的企業電腦即時管控系統,其中所述響應模組執行應用程式的安裝時,透過所述管控應用程式更包含的一應用程式取得模組以取得正在被安裝應用程式的應用程式名稱,透過所述電腦傳送模組傳送正在被安裝應用程式的應用程式名稱、所述企業電腦的媒體存取控制位址(Media Access Control  Address,MAC Address)以及一企業電腦登入資訊至所述伺服器接收模組。The enterprise computer real-time management and control system according to claim 1, wherein when the response module executes the installation of the application, it obtains the module through an application further included in the management application to obtain the application of the application being installed Program name, the name of the application program that is being installed, the Media Access Control Address (MAC Address) of the enterprise computer, and the login information of an enterprise computer are transmitted to the computer through the computer transmission module. The server receives the module. 如請求項4所述的企業電腦即時管控系統,其中所述管控伺服器更包含一比對資料庫以及一比對模組,所述比對資料庫儲存有一許可應用程式清單,所述許可應用程式清單對應儲存所述企業電腦的媒體存取控制位址、所述企業電腦登入資訊以及應用程式名稱,所述比對模組比對所述企業電腦的媒體存取控制位址以及所述企業電腦登入資訊以取得所述許可應用程式清單中的應用程式名稱,再比對出正在被安裝應用程式的應用程式名稱與被比對出所述許可應用程式清單中的應用程式名稱不相同時,所述生成模組生成一停止安裝指令,所述警示資訊模組傳送所述停止安裝指令至所述響應模組,所述響應模組依據所述停止安裝指令終止應用程式的安裝程序。The enterprise computer real-time management and control system according to claim 4, wherein the management and control server further comprises a comparison database and a comparison module, the comparison database stores a list of permitted applications, and the permitted applications The program list correspondingly stores the media access control address of the enterprise computer, the login information of the enterprise computer and the application program name, and the comparison module compares the media access control address of the enterprise computer and the enterprise computer. Computer login information to obtain the name of the application in the list of permitted applications, and then compare the application name of the application being installed and the name of the application in the list of permitted applications to be different, The generating module generates an installation stop instruction, the warning information module transmits the installation stop instruction to the response module, and the response module terminates the installation procedure of the application program according to the installation stop instruction. 如請求項1所述的企業電腦即時管控系統,其中所述警示資訊模組更包含當所述風險評估值大於所述門檻值時,將與所述企業電腦對應的所述統計訊息傳送至一管理者裝置並加以顯示。The real-time management and control system for an enterprise computer according to claim 1, wherein the warning information module further comprises, when the risk assessment value is greater than the threshold value, sending the statistical information corresponding to the enterprise computer to a The administrator installs and displays it. 一種企業電腦即時管控方法,其包含下列步驟: 一企業電腦安裝且執行一管控應用程式以及一防毒應用程式; 所述管控應用程式自所述防毒應用程式接收所述防毒應用程式的一處理響應; 當所述管控應用程式或安裝於所述企業電腦的應用程式被執行時,觸發作業系統或被執行應用程式的線上更新,當作業系統或被執行應用程式更新未完成時,所述管控應用程式生成一更新警示訊息; 當所述企業電腦的防火牆阻擋大量連線行為時,所述管控應用程式生成一網路警示訊息; 所述管控應用程式傳送所述處理響應、所述更新警示訊息或是所述網路警示訊息至一管控伺服器; 所述管控伺服器將所述處理響應對應生成一響應值,將所述更新警示訊息生成一更新警示值,將所述網路警示訊息生成一網路警示值,以及將所述處理響應、所述更新警示訊息以及所述網路警示訊息生成一統計訊息; 所述管控伺服器將所述響應值、所述更新警示值以及所述網路警示值累計為所述風險評估值; 當所述風險評估值小於等於一門檻值且所述統計訊息僅具有所述更新警示訊息時,所述管控伺服器將所述統計訊息傳送至所述管控應用程式並加以顯示;及 當所述風險評估值大於所述門檻值時,所述管控伺服器生成所述網路禁止指令,並將所述網路禁止指令傳送至所述管控應用程式以禁止所述企業電腦的網路連線功能。 A real-time management and control method for an enterprise computer, comprising the following steps: An enterprise computer installs and executes a control application and an antivirus application; the management application receives a processing response from the antivirus application from the antivirus application; When the control application or the application installed on the enterprise computer is executed, the online update of the operating system or the executed application is triggered. When the update of the operating system or the executed application is not completed, the control application generating an update alert message; When the firewall of the enterprise computer blocks a large number of connection activities, the control application generates a network warning message; the management application program transmits the processing response, the update warning message or the network warning message to a management server; The control server generates a response value corresponding to the processing response, generates an update warning value from the update warning message, generates a network warning value from the network warning message, and generates the processing response, all generating a statistical message from the update warning message and the network warning message; The control server accumulates the response value, the update warning value and the network warning value as the risk assessment value; When the risk assessment value is less than or equal to a threshold value and the statistical information only has the update warning message, the management and control server transmits the statistical information to the management and control application and displays it; and When the risk assessment value is greater than the threshold value, the control server generates the network prohibition command, and transmits the network prohibition command to the control application to prohibit the network of the enterprise computer Connection function. 如請求項7所述的企業電腦即時管控方法,其中企業電腦即時管控方法更包含下列步驟: 所述管控應用程式取得安裝於所述企業電腦的多個應用程式的應用程式名稱以生成一安裝應用程式清單; 所述管控應用程式傳送所述安裝應用程式清單至所述管控伺服器; 所述管控伺服器具有一比對資料庫,所述比對資料庫儲存有一許可應用程式清單; 所述管控伺服器比對出所述安裝應用程式清單與所述許可應用程式清單中具有不相同的應用程式名稱時,依據不相同的應用程式名稱生成對應的一應用程式刪除指令; 所述管控伺服器傳送所述應用程式刪除指令至所述管控應用程式;及 所述管控應用程式依據所述應用程式刪除指令解除安裝對應的應用程式。 The real-time management and control method for an enterprise computer according to claim 7, wherein the real-time management and control method for an enterprise computer further comprises the following steps: the management application obtains application names of a plurality of applications installed on the enterprise computer to generate a list of installed applications; the control application transmits the installed application list to the control server; The management server has a comparison database, and the comparison database stores a list of licensed applications; When the control server compares the installed application list and the permitted application list with different application names, generates a corresponding application deletion instruction according to the different application names; the control server transmits the application deletion instruction to the control application; and The control application uninstalls the corresponding application according to the application deletion instruction. 如請求項7所述的企業電腦即時管控方法,其中所述企業電腦即時管控方法更包含下列步驟: 所述企業電腦執行應用程式的安裝時,所述管控應用程式取得模組以取得正在被安裝應用程式的應用程式名稱; 所述管控應用程式傳送正在被安裝應用程式的應用程式名稱、所述企業電腦的媒體存取控制位址(Media Access Control  Address,MAC Address)以及一企業電腦登入資訊至所述管控伺服器; 所述管控伺服器具有一比對資料庫,所述比對資料庫儲存有一許可應用程式清單,所述許可應用程式清單對應儲存所述企業電腦的媒體存取控制位址、所述企業電腦登入資訊以及應用程式名稱; 所述管控伺服器比對所述企業電腦的媒體存取控制位址以及所述企業電腦登入資訊以取得所述許可應用程式清單中的應用程式名稱; 所述管控伺服器再比對出正在被安裝應用程式的應用程式名稱與被比對出所述許可應用程式清單中的應用程式名稱不相同時,生成一停止安裝指令; 所述管控伺服器傳送所述停止安裝指令至所述管控應用程式;及 所述管控應用程式依據所述停止安裝指令終止應用程式的安裝程序。 The real-time management and control method for an enterprise computer according to claim 7, wherein the real-time management and control method for an enterprise computer further comprises the following steps: When the enterprise computer executes the installation of the application, the management application obtains the module to obtain the application name of the application being installed; The management application transmits the application name of the application being installed, the Media Access Control Address (MAC Address) of the enterprise computer and the login information of an enterprise computer to the management server; The management and control server has a comparison database, the comparison database stores a list of permitted applications, and the list of permitted applications correspondingly stores the media access control address of the enterprise computer, the login of the enterprise computer information and the name of the application; the management server compares the media access control address of the enterprise computer with the login information of the enterprise computer to obtain the application name in the permitted application list; The control server then generates a stop installation instruction when the application name of the application being installed is compared with the application name in the list of permitted applications that is compared; the control server transmits the stop installation instruction to the control application; and The control application terminates the installation procedure of the application according to the installation stop instruction. 如請求項7所述的企業電腦即時管控方法,其中企業電腦即時管控方法更包含當所述風險評估值大於所述門檻值時,所述管控伺服器將與所述企業電腦對應的所述統計訊息傳送至一管理者裝置並加以顯示的步驟。The real-time management and control method for an enterprise computer according to claim 7, wherein the real-time management and control method for an enterprise computer further comprises that when the risk assessment value is greater than the threshold value, the management and control server records the statistics corresponding to the enterprise computer The steps in which messages are sent to an administrator device and displayed.
TW110118143A 2021-05-19 2021-05-19 Company computer management control immediately system and method thereof TWI753829B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110118143A TWI753829B (en) 2021-05-19 2021-05-19 Company computer management control immediately system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110118143A TWI753829B (en) 2021-05-19 2021-05-19 Company computer management control immediately system and method thereof

Publications (2)

Publication Number Publication Date
TWI753829B true TWI753829B (en) 2022-01-21
TW202247015A TW202247015A (en) 2022-12-01

Family

ID=80809075

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110118143A TWI753829B (en) 2021-05-19 2021-05-19 Company computer management control immediately system and method thereof

Country Status (1)

Country Link
TW (1) TWI753829B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101231682A (en) * 2007-01-26 2008-07-30 李贵林 Computer information safe method
TW201118642A (en) * 2009-11-24 2011-06-01 Videace Technology Co Computer system for rapid scanning or treatment of malicious software and method thereof
TWM597904U (en) * 2020-04-09 2020-07-01 臺灣土地銀行股份有限公司 Servo host configuration setting management system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101231682A (en) * 2007-01-26 2008-07-30 李贵林 Computer information safe method
TW201118642A (en) * 2009-11-24 2011-06-01 Videace Technology Co Computer system for rapid scanning or treatment of malicious software and method thereof
TWM597904U (en) * 2020-04-09 2020-07-01 臺灣土地銀行股份有限公司 Servo host configuration setting management system

Also Published As

Publication number Publication date
TW202247015A (en) 2022-12-01

Similar Documents

Publication Publication Date Title
US10979459B2 (en) Policy management
US9467465B2 (en) Systems and methods of risk based rules for application control
EP4027604A1 (en) Security vulnerability defense method and device
AU2019246773B2 (en) Systems and methods of risk based rules for application control
US7752668B2 (en) Network virus activity detecting system, method, and program, and storage medium storing said program
US7779468B1 (en) Intrusion detection and vulnerability assessment system, method and computer program product
EP2754081B1 (en) Dynamic cleaning for malware using cloud technology
US8060936B2 (en) Security status and information display system
US9015829B2 (en) Preventing and responding to disabling of malware protection software
US8607347B2 (en) Network stream scanning facility
US20050108557A1 (en) Systems and methods for detecting and preventing unauthorized access to networked devices
CA2899909A1 (en) Systems and methods for identifying and reporting application and file vulnerabilities
US20080256634A1 (en) Target data detection in a streaming environment
EP3536004B1 (en) Distributed firewall system
US20190109824A1 (en) Rule enforcement in a network
KR101657180B1 (en) System and method for process access control system
TWI753829B (en) Company computer management control immediately system and method thereof
KR20080073114A (en) System and method for update of security information
JP2014229127A (en) File monitoring cycle calculation device, file monitoring cycle calculation system, file monitoring cycle calculation method and file monitoring cycle calculation program
US11916858B1 (en) Method and system for outbound spam mitigation
US20230418933A1 (en) Systems and methods for folder and file sequestration
TWM618943U (en) Enterprise computer real-time management system
CN117278288A (en) Network attack protection method and device, electronic equipment and storage medium
CN114189360A (en) Situation-aware network vulnerability defense method, device and system
Kukielka Evaluating the Effectiveness of Context-Based Security for Mobile Devices