IDENTIFICATION OF TELEMETRY DATA
First Claim
Patent Images
1. A method comprising:
- scanning a file by an anti-malware engine and comparing the file to at least one attribute to identify the file for telemetry collection;
identifying the file as a telemetry candidate, comprising identifying a match between the file and the at least one attribute;
communicating an offer to send a sample of the file to a server;
receiving a response to the offer from the server; and
sending a sample of the file to the server when the response indicates an acceptance of the offer.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server.
39 Citations
20 Claims
-
1. A method comprising:
-
scanning a file by an anti-malware engine and comparing the file to at least one attribute to identify the file for telemetry collection; identifying the file as a telemetry candidate, comprising identifying a match between the file and the at least one attribute; communicating an offer to send a sample of the file to a server; receiving a response to the offer from the server; and sending a sample of the file to the server when the response indicates an acceptance of the offer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-readable medium comprising instructions, that when executed by a computer, cause the computer to:
-
scan a file on the computer, wherein the file is not a known malware file, wherein the file is scanned by an anti-malware engine on the computer, and wherein the anti-malware engine has access to definition files that are updateable independently of updating the anti-malware engine; determine that the file is a telemetry candidate based on an attribute within the definition files; send an offer to send a sample of the file to a server without user notification, wherein the offer comprises a telemetry report related to the file; receive a response to the offer from the server; and send the sample of the file to the server when the response indicates an acceptance of the offer. - View Dependent Claims (16)
-
-
17. A method comprising:
-
sending telemetry data identification files to a plurality of user computers, wherein the telemetry data identification files include at least one attribute to be used for telemetry collection by an anti-malware engine; receiving an offer of telemetry data from a particular user computer of the plurality of user computers related to a file on the particular user computer, wherein the file is identified by the anti-malware engine at the particular user computer based on a match between the file and the at least one attribute; determining that a sample of the file has not previously been obtained from the particular user computer; indicating an acceptance of the offer of telemetry data; and receiving telemetry data comprising a sample of the file from the particular user computer. - View Dependent Claims (18, 19, 20)
-
Specification