摘要:
The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要:
The present invention provides a system, method, and computer-readable medium for quarantining a file. Embodiments of the present invention are included in antivirus software that maintains a user interface. From the user interface, a user may issue a command to quarantine a file or the quarantine process may be initiated automatically by the antivirus software after malware is identified. When a file is marked for quarantine, aspects of the present invention encode file data with a function that is reversible. Then a set of metadata is identified that describes attributes of the file including any heightened security features that are used to limit access to the file. The metadata is moved to a quarantine folder, while the encoded file remains at the same location in the file system. As a result, the encoded file maintains the same file attributes as the original, non-quarantined file, including any heightened security features.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that selectively scans files stored on a computing device for malware is provided. One aspect of the present invention includes identifying files that need to be scanned for malware when a software update that includes a malware signature is received. More specifically, attributes of the new malware are identified by searching metadata associated with the malware. Then, the method searches a scan cache and determines whether each file with an entry in the scan cache is the type that may be infected by the malware. If a file is the type that may be infected by the malware, the file is scanned for malware when a scanning event such as an I/O request occurs. Conversely, if the file is not the type that may be infected by the malware, the file may be accessed without a scan being performed.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要:
In accordance with this invention, a system, method, and computer-readable medium that aggregates the knowledge base of a plurality of antivirus software applications are provided. User mode applications, such as antivirus software applications, gain access to file system operations through a common information model, which obviates the need for antivirus software vendors to create kernel mode filters. When file system operations are available to antivirus software applications, the present invention may cause each antivirus software application installed on a computing device to perform a scan to determine if the data is malware.
摘要:
In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware by using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.
摘要:
Message management and classification techniques are described. In one or more implementations, a message received from a sender for delivery via a user account is examined to extract one or more features of the message. A determination is then made as to whether the message corresponds to one or more categories based on the extracted features, the categories usable to enable features to be applied to the message in a user interface.