Efficient white listing of user-modifiable files

    公开(公告)号:US10043008B2

    公开(公告)日:2018-08-07

    申请号:US10977484

    申请日:2004-10-29

    IPC分类号: G06F21/56

    CPC分类号: G06F21/56 G06F21/562

    摘要: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.

    Efficient white listing of user-modifiable files
    2.
    发明申请
    Efficient white listing of user-modifiable files 有权
    用户可修改文件的高效白名单

    公开(公告)号:US20060095971A1

    公开(公告)日:2006-05-04

    申请号:US10977484

    申请日:2004-10-29

    IPC分类号: H04N7/16

    CPC分类号: G06F21/56 G06F21/562

    摘要: A system and method for efficiently determining that a received file is not malware is presented. In operation, when a file is received at a computing device, an evaluation is made as to whether the file includes user-modifiable, or superficial, data areas, i.e., areas of the file that by their nature do not typically carry or embed malware. If the file includes superficial data areas, those superficial data areas are filtered out and a file signature is generated based on the remaining portions of the received file. The file can then be compared to a list of know malware to determine if the file is malware. Alternatively, the file can be compared to a list of known, trusted files to determine whether the file is trustworthy.

    摘要翻译: 呈现有效地确定所接收的文件不是恶意软件的系统和方法。 在操作中,当在计算设备处接收到文件时,评估文件是否包括用户可修改或表面的数据区域,即文件的区域,其性质通常不携带或嵌入恶意软件 。 如果文件包括表面数据区域,那些表面数据区域被过滤掉,并且基于接收到的文件的剩余部分生成文件签名。 然后,该文件可以与已知恶意软件的列表进行比较,以确定该文件是否是恶意软件。 或者,可以将文件与已知的可信文件的列表进行比较,以确定文件是否可信。