Aggregating the knowledge base of computer systems to proactively protect a computer from malware
First Claim
1. A computer-implemented method of collecting local machine events and aggregating the knowledge base of anti-malware services and other event detection systems to proactively protect a computer from malware, the method comprising:
- (a) using the anti-malware services and other event detection systems to observe suspicious events that are potentially indicative of malware;
(b) determining whether the suspicious events satisfy a predetermined threshold; and
(c) if the suspicious events satisfy the predetermined threshold, applying a restrictive security policy to the computer.
2 Assignments
0 Petitions
Accused Products
Abstract
In accordance with the present invention, a system, method, and computer-readable medium for aggregating the knowledge base of a plurality of security services or other event collection systems to protect a computer from malware is provided. One aspect of the present invention is a method that proactively protects a computer from malware. More specifically, the method comprises: using anti-malware services or other event collection systems to observe suspicious events that are potentially indicative of malware; determining if the suspicious events satisfy a predetermined threshold; and if the suspicious events satisfy the predetermined threshold, implementing a restrictive security policy designed to prevent the spread of malware.
130 Citations
20 Claims
-
1. A computer-implemented method of collecting local machine events and aggregating the knowledge base of anti-malware services and other event detection systems to proactively protect a computer from malware, the method comprising:
-
(a) using the anti-malware services and other event detection systems to observe suspicious events that are potentially indicative of malware;
(b) determining whether the suspicious events satisfy a predetermined threshold; and
(c) if the suspicious events satisfy the predetermined threshold, applying a restrictive security policy to the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A software system that proactively protects a computer from malware, the software system comprising:
(a) an aggregation routine for determining whether an entity associated with the computer is malware, wherein the aggregation routine includes;
(i) a data collector component operative to collect data that identifies suspicious events potentially indicative of malware;
(ii) a data analyzer module that analyzes data collected by the data collector component to determine whether a threshold was satisfied; and
(iii) a policy implementer operative to implement a restrictive security policy when the data analyzer component module determines that the threshold was satisfied; and
- View Dependent Claims (14, 15, 16, 17, 18)
-
19. A computer-readable medium bearing computer-executable instructions that, when executed on a computer that includes an anti-malware service, causes the computer to:
-
(a) use the anti-malware service to observe suspicious events that are potentially indicative of malware;
(b) receive data from the anti-malware service that describes the suspicious events;
(c) determine whether the suspicious events observed are indicative of malware; and
(c) if the suspicious events are indicative of a malware, implement a restrictive security policy that restricts an entity associated with suspicious events from performing actions on the computer. - View Dependent Claims (20)
-
Specification