首页> 外国专利> Discovering malicious input files and performing automatic and distributed remediation

Discovering malicious input files and performing automatic and distributed remediation

机译：发现恶意输入文件并执行自动和分布式修复

页面导航

摘要
著录项
相似文献

摘要

The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.

机译：本主题公开针对通过允许输入文件被打开以及通过监视与打开文件相对应的可能指示恶意软件的一个或多个行为来检测输入文件中的恶意软件或可能的恶意软件。当观察到不正确的行为时，只有某些可执行文件和/或由此打开的文件类型可以受到监视，并且各种收集的事件数据用于反恶意软件目的。示例行为包括将文件写入存储，网络流量的产生，进程的注入，脚本的运行和/或写入系统注册表数据。遥测数据和/或文件样本可以发送到反恶意软件服务，并且可以执行恶意软件修复。数据（例如，所收集的事件）可以被分发到其他节点以用于反恶意软件检测，例如，以阻止类似文件的执行。

著录项

公开/公告号US9436826B2

专利类型
公开/公告日2016-09-06

原文格式PDF
申请/专利权人 VISHAL KAPOOR;JONATHAN MARK KELLER;AJITH KUMAR;ADRIAN M. MARINESCU;MARC E. SEINFELD;ANIL FRANCIS THOMAS;MICHAEL SEAN JARRETT;JOSEPH J. JOHNSON;JOSEPH L. FAULHABER;
展开▼

申请/专利号US201113161950
发明设计人 VISHAL KAPOOR;JOSEPH J. JOHNSON;MICHAEL SEAN JARRETT;JONATHAN MARK KELLER;MARC E. SEINFELD;ADRIAN M. MARINESCU;AJITH KUMAR;ANIL FRANCIS THOMAS;JOSEPH L. FAULHABER;
展开▼

申请日2011-06-16
分类号G06F21/56;G06F21/52;G06F21/55;H04L29/06;
国家 US
入库时间 2022-08-21 14:28:45

相似文献

专利
外文文献
中文文献