发明公开
EP2790122A2 System and method for correcting antivirus records to minimize false malware detections
有权
系统和方法修正杀毒条目减少恶意软件的错误检测
- 专利标题: System and method for correcting antivirus records to minimize false malware detections
- 专利标题(中): 系统和方法修正杀毒条目减少恶意软件的错误检测
-
申请号: EP14176048.8申请日: 2012-04-20
-
公开(公告)号: EP2790122A2公开(公告)日: 2014-10-15
- 发明人: Romanenko, Alexander A. , Lapushkin, Anton S. , Ishanov, Oleg A.
- 申请人: Kaspersky Lab, ZAO
- 申请人地址: 39A/3 Leningradskoe shosse Moscow 125212 RU
- 专利权人: Kaspersky Lab, ZAO
- 当前专利权人: Kaspersky Lab, ZAO
- 当前专利权人地址: 39A/3 Leningradskoe shosse Moscow 125212 RU
- 代理机构: Sloboshanin, Sergej
- 优先权: RU2011147542 20111124
- 主分类号: G06F21/56
- IPC分类号: G06F21/56 ; H04L29/06
摘要:
Disclosed is a computer-implemented method for malware detection. The method comprises analyzing by an antivirus application (310) a software object (200) for presence of malware; retrieving from an antivirus database (160) of the antivirus application (310) an antivirus record associated with the analyzed object (200), wherein the antivirus record identifies the object (200) as malicious and wherein the antivirus record is adapted to include a working status (210) and a test status (220) and checking for a correction for the retrieved antivirus record, wherein said correction includes a change in the status of the antivirus record. When a correction for the antivirus record is found, said correction is used for the retrieved antivirus record for further operation of the antivirus application (310) with the object (200). When the processing of the software object (200) using a corrected record with working status (210) indicates that the software object (200) is malicious, the user is at least notified about detected malware; and when the processing of the software object (200) using a corrected record with test status (220) indicates that the software object (200) is malicious, the user is at least not notified about detected malware.
公开/授权文献
信息查询