At present, the number of possible software applications used on computing devices, including personal computers, is growing tremendously. Among the many applications is a group of malicious programs that are able to inflict harm on the computer or its user, such as network worms, keyloggers, and computer viruses.
The problem of protecting a group of computers is especially serious for the administrators of computer networks, where a large number of applications is installed on each computer of the network, some of which might be harmful. To solve this problem, one of the common approaches is to use application control systems, where the network administrator has access to the applications executed on the computers in the network using a set of centralized control modules and a group of clients deployed on the computers that can execute commands received from the centralized control module. With such a system, the network administrator is able to create rules that allow or prohibit execution of applications on the computers of the network, and also check the access of these applications to the resources of the computers in the network.
However, the aforementioned approach has one drawback. Analysis by the client of each file being launched on the computer in the network unduly burdens computing resources, such as the processor or hard disk, of the computers in the network. To solve this problem, an approach is needed which singles out from the group of files on a computer only those files that must be analyzed by the network administrator to determine whether to allow or prohibit their execution.