METHOD AND APPARATUS FOR REDUCING FALSE POSITIVE DETECTION OF MALWARE
First Claim
Patent Images
1. A method of detecting malware on a computer, comprising:
- identifying files of unknown trustworthiness as potential threats on the computer;
receiving a trustworthiness level for each of the files from a backend;
comparing the trustworthiness level of each of the files to a threshold level;
designating each of the files where the trustworthiness level thereof satisfies the threshold level as a false positive threat; and
designating each of the files where the trustworthiness level thereof does not satisfy the threshold level as a true positive threat.
5 Assignments
0 Petitions
Accused Products
Abstract
Method and apparatus for detecting malware are described. In some examples, files of unknown trustworthiness are identified as potential threats on the computer. A trustworthiness level for each of the files is received from a backend. The trustworthiness level of each of the files is compared to a threshold level. Each of the files where the trustworthiness level thereof satisfies the threshold level is designated as a false positive threat. Each of the files where the trustworthiness level thereof does not satisfy the threshold level is designated as a true positive threat.
-
Citations
20 Claims
-
1. A method of detecting malware on a computer, comprising:
-
identifying files of unknown trustworthiness as potential threats on the computer; receiving a trustworthiness level for each of the files from a backend; comparing the trustworthiness level of each of the files to a threshold level; designating each of the files where the trustworthiness level thereof satisfies the threshold level as a false positive threat; and designating each of the files where the trustworthiness level thereof does not satisfy the threshold level as a true positive threat. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for detecting malware on a computer, comprising:
-
means for identifying files of unknown trustworthiness as potential threats on the computer; means for receiving a trustworthiness level for each of the files from a backend; means for comparing the trustworthiness level of each of the files to a threshold level; means for designating each of the files where the trustworthiness level thereof satisfies the threshold level as a false positive threat; and means for designating each of the files where the trustworthiness level thereof does not satisfy the threshold level as a true positive threat. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer readable medium having stored thereon instructions that when executed by a processor cause the processor to perform a method of detecting malware on a computer, comprising:
-
identifying files of unknown trustworthiness as potential threats on the computer; receiving a trustworthiness level for each of the files from a backend; comparing the trustworthiness level of each of the files to a threshold level; designating each of the files where the trustworthiness level thereof satisfies the threshold level as a false positive threat; and designating each of the files where the trustworthiness level thereof does not satisfy the threshold level as a true positive threat. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification