Determining file risk based on security reputation of associated objects

摘要

The creations of objects by files that have not been previously identified as malware are tracked. The security reputations of specific created objects are determined. Based on the determined security reputations of specific created objects, the security risks concerning the specific files that created the objects are determined. Responsive to whether a determined security risk concerning a specific creating file meets a given threshold, it is determined whether the specific creating file comprises malware. Responsive to determining that a specific creating file comprises malware, the creating file is blocked from performing the activity associated with the creation of the associated object. Responsive to determining that a creating file comprises malware, the creating file can be disabled, and an alert concerning the creating file can be transmitted to a central security server.