SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONTEXT-DRIVEN BEHAVIORAL HEURISTICS
First Claim
Patent Images
1. A method, comprising:
- receiving a request to open a file in a computer;
scanning the file;
determining whether unwanted data is present in the file by;
comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and
evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for detecting unwanted data. A scan for unwanted data is performed to generate results of the scan. A context of the scan is then identified. Further, the presence of unwanted data is conditionally indicated based on both the results of the scan and the context of the scan.
-
Citations
19 Claims
-
1. A method, comprising:
-
receiving a request to open a file in a computer; scanning the file; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
a server computer coupled to an end user computer over a network connection, the server computer providing software to the end user computer such that the end user computer is configured for; scanning a file received by the end user computer; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the end user computer. - View Dependent Claims (11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
receiving a request to open a file in a computer; scanning the file; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer. - View Dependent Claims (16, 17, 18, 19)
-
Specification