×

Detection and remediation of potentially malicious files

  • US 10,009,370 B1
  • Filed: 03/01/2016
  • Issued: 06/26/2018
  • Est. Priority Date: 03/01/2016
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • obtaining a potentially malicious file;

    decoding the file to identify one or more code streams;

    processing each of the identified code streams to determine the presence of respective ones of a set of indicators of compromise;

    determining whether the file is malicious based at least in part on the presence of one or more of the indicators of compromise in the code streams; and

    modifying access by a given client device to the file responsive to determining that the file is malicious;

    wherein the set of indicators of compromise are arranged in a hierarchy from one or more relatively benign indicators of compromise to one or more relatively malicious indicators of compromise;

    wherein processing each of the identified code streams to determine the presence of respective ones of the set of indicators of compromise comprises checking for the presence of respective ones of the set of indicators in an order determined based at least in part on the hierarchy; and

    wherein the method is performed by at least one processing device comprising a processor coupled to a memory.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×