Whitelist and Blacklist Identification Data
First Claim
1. A computer-readable medium having computer-executable instructions, which when executed perform actions, comprising:
- starting a scan of files included on a storage device;
creating a data structure that indicates at least one directory included on the storage device;
sending the data structure to a first server and an indication of a last successful communication with the first server;
receiving information for files that have been added to the at least one directory after the last successful communication with the first server; and
using the information to determine whether one or more of the files are designated as good or malware.
2 Assignments
0 Petitions
Accused Products
Abstract
Aspects of the subject matter described herein relate to identifying good files and malware based on whitelists and blacklists. In aspects, a node starts a scan of files on a data store. In conjunction with starting the scan, the node creates a data structure that indicates the directories on the data store. The node sends the data structure to a whitelist server and a blacklist server and an indication of a last successful time of communication. The whitelist and blacklist servers respond to the node with information about any new files that have been added to the directories since the last successful communication. The node may subsequently use the information to identify known good files and malware.
-
Citations
20 Claims
-
1. A computer-readable medium having computer-executable instructions, which when executed perform actions, comprising:
-
starting a scan of files included on a storage device; creating a data structure that indicates at least one directory included on the storage device; sending the data structure to a first server and an indication of a last successful communication with the first server; receiving information for files that have been added to the at least one directory after the last successful communication with the first server; and using the information to determine whether one or more of the files are designated as good or malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method implemented at least in part by a computer, the method comprising:
-
receiving a directory structure that indicates a least one directory included on a storage device; receiving an indication of a last successful communication regarding the at least one directory; and providing information about at least one new file in the at least one directory, the information indicating that the at least one new file is good or malware, the at least one new file being added since the last successful communication regarding the at least one directory. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. In a computing environment, an apparatus, comprising:
-
a communications mechanism operable to send a request for information about a directory and receive a response thereto, the information indicating whether a file in the directory is designated as good or malware, the request including a data structure that includes the directory; a directory structure builder operable to generate the data structure; a list component operable to send the request to the communications mechanism, to receive the response from the communications mechanism, and to update a database based on the response; and a scanning engine operable to scan with or without use of the information and to indicate, when the information applies, whether a file is designated as good or malware. - View Dependent Claims (19, 20)
-
Specification