NETWORK SERVICE FOR THE DETECTION, ANALYSIS AND QUARANTINE OF MALICIOUS AND UNWANTED FILES
First Claim
1. A system for detecting, analyzing and quarantining unwanted files in a network environment, comprising:
- a network service that analyzes and detects unwanted files, the network service is accessible to computing devices in the network environment and embodied as computer executable instruction on a computer readable medium, wherein the network service includes;
a request dispatcher configured to receive a candidate file for inspection from a given computing device in the network environment and distribute the candidate file to one or more of a plurality of detection engines;
said plurality of detection engines operating in parallel to receive and analyze the candidate file in accordance with a detection algorithm and output a report regarding the candidate file; and
a result aggregator configured to receive reports from one or more of the detection engines regarding the candidate file and aggregates the reports in accordance with an aggregation algorithm.
1 Assignment
0 Petitions
Accused Products
Abstract
A system is provided for detecting, analyzing and quarantining unwanted files in a network environment. A host agent residing on a computing device in the network environment detects a new file introduced to the computing device and sends the new file to a network service for analysis. The network service is accessible to computing devices in the network environment. An architecture for the network service may include: a request dispatcher configured to receive a candidate file for inspection from a given computing device in the network environment and distribute the candidate file to one or more of a plurality of detection engines, where the detection engines operate in parallel to analyze the candidate file and output a report regarding the candidate file; and a result aggregator configured to receive reports from each of the detection engines regarding the candidate file and aggregates the reports in accordance with an aggregation algorithm.
-
Citations
23 Claims
-
1. A system for detecting, analyzing and quarantining unwanted files in a network environment, comprising:
a network service that analyzes and detects unwanted files, the network service is accessible to computing devices in the network environment and embodied as computer executable instruction on a computer readable medium, wherein the network service includes; a request dispatcher configured to receive a candidate file for inspection from a given computing device in the network environment and distribute the candidate file to one or more of a plurality of detection engines; said plurality of detection engines operating in parallel to receive and analyze the candidate file in accordance with a detection algorithm and output a report regarding the candidate file; and a result aggregator configured to receive reports from one or more of the detection engines regarding the candidate file and aggregates the reports in accordance with an aggregation algorithm. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
11. A system for detecting, analyzing and quarantining unwanted files in a computing environment, comprising:
-
a detection engine that receives candidate files for inspection and analyzes the candidate files to identify unwanted files, the detection engine embodied as computer executable instructions in a computer readable medium; a file history data store operable to store an indicia of for the candidate files analyzed by the detection engine; and a retrospective detector embodied as computer executable instructions in a computer readable medium, the retrospective detector configured to receive an indicia of an unwanted file and search the file history data store for candidate files that match the unwanted file. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system for detecting, analyzing and quarantining unwanted files in a network environment, comprising:
-
a network service accessible to computing devices in the network environment and embodied as computer executable instructions on a computer readable medium, wherein the network service receives candidate files for inspection from computing devices in the network environment and analyzes the candidate files to identify unwanted files; a file history data store associated with the network service and operable to store an indicia for the candidate files analyzed by the network service along with an indicia of the computing device from which the candidate files were received; and a retrospective detector associated with the network service and configured, upon detection of an unwanted file, to search the file history data store for candidate files that match the unwanted file. - View Dependent Claims (19, 20, 21, 22, 23)
-
Specification