Dynamic Selection and Loading of Anti-Malware Signatures

US 20150096029A1
Filed: 12/05/2014
Published: 04/02/2015
Est. Priority Date: 11/15/2012
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method, comprising:

determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device;

loading relevant malware detection signatures to a malware scanner;

scanning the device using the relevant malware detection signatures; and

unloading signatures for threats that are no longer relevant to the device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An anti-malware system dynamically loads and unloads additional malware detection signatures based on a collection of data sources that indicate what signatures are relevant to a host machine in its current environment. A signature selector component determines what relevant signatures should be loaded. The signature selector component uses a variety of data sources either individually, or in combination, to determine relevancy of the available malware detection signatures. The anti-malware system dynamically determines which of the available malware detection signatures and classes of signatures are relevant and should be provided to a machine based on available information. The malware detection signatures are obtained and loaded automatically from one or more sources when a threat becomes relevant. A program or application may be blocked from accessing files until the relevant malware detection signatures have been loaded onto the machine.

Citations

20 Claims

1. A computer-implemented method, comprising:
- determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device;
  
  loading relevant malware detection signatures to a malware scanner;
  
  scanning the device using the relevant malware detection signatures; and
  
  unloading signatures for threats that are no longer relevant to the device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-implemented method of claim 1, further comprising:
    - determining which malware detection signatures are relevant to the device based upon the device'"'"'s hardware configuration or software configuration or both.
  - 3. The computer-implemented method of claim 1, further comprising:
    - determining which malware detection signatures are relevant to the device based upon malware detected by one or more other machines that have a logical connection to the device.
  - 4. The computer-implemented method of claim 1, further comprising:
    - determining which malware detection signatures are relevant to the device based upon a configuration of one or more other machines that communicate with the device.
  - 5. The computer-implemented method of claim 1, further comprising:
    - determining which malware detection signatures are relevant to the device based upon data aggregated on a global scale.
  - 6. The computer-implemented method of claim 1, further comprising:
    - determining which malware detection signatures are relevant to the device based upon a geographic location of the device.
  - 7. The computer-implemented method of claim 1, wherein at least one of the device and the other machines are virtual machines.
  - 8. The computer-implemented method of claim 1, further comprising:
    - automatically obtaining the relevant malware detection signatures from one or more signature repositories.
  - 9. The computer-implemented method of claim 1, further comprising:
    - automatically obtaining the relevant malware detection signatures from a that has a logical connection to the device.
  - 10. The computer-implemented method of claim 1, further comprising:
    - automatically obtaining the relevant malware detection signatures from a data center signature server.
  - 11. The computer-implemented method of claim 1, further comprising:
    - automatically obtaining the relevant malware detection signatures from a local storage.
  - 12. The computer-implemented method of claim 1, further comprising:
    - loading the relevant malware detection signatures for a specified duration and then unloading the relevant malware detection signatures.
  - 13. The computer-implemented method of claim 1, further comprising:
    - blocking one or more programs from accessing files on the device until the relevant malware detection signatures have been loaded.

14. A computer system, comprising:
- one or more processors;
  
  system memory;
  
  one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the processors to perform a method for automatically determining and loading relevant malware detection signatures, the processor operating to;
  
  determine which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device;
  
  load relevant malware detection signatures to a malware scanner;
  
  scan the device using the relevant malware detection signatures; and
  
  unload signatures for threats that are no longer relevant to the device.

15. The computer system of claim 15, the processor further operating to:
- determine which malware detection signatures are relevant to the device based upon a hardware configuration or a software configuration of the device.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The computer system of claim 15, the processor further operating to:
    - determine which malware detection signatures are relevant to the device based upon a configuration of one or more other machines has a logical connection to the device.
  - 17. The computer system of claim 15, wherein at least one of the device and the other machines are virtual machines.
  - 18. The computer system of claim 15, the processor further operating to:
    - block one or more programs from accessing files on the device until the relevant malware detection signatures have been loaded.
  - 19. The computer system of claim 15, wherein the logical connection is used over a network environment selected from the group consisting of:
    - a local area network (LAN), a wide area network (WAN), an enterprise-wide computer network, and an intranet.

20. A computer-readable storage device comprising instructions that, when executed by a computer, cause the computer system to:
- determine which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device, wherein the relevant malware detection signatures are determined based upon one or more of;
  
  a hardware configuration or a software configuration of the device,malware detected by one or more other machines that have a logical connection to the device,a configuration of one or more other machines that have a logical connection to the device,data aggregated on a global scale, anda geographic location of the device;
  
  block one or more programs from accessing files on the device until the relevant malware detection signatures have been loaded;
  
  obtain the relevant malware detection signatures;
  
  load the relevant malware detection signatures to a malware scanner;
  
  scan the device using the relevant malware detection signatures; and
  
  unload signatures for threats that are no longer relevant to the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Johnson, Joseph, Kapoor, Vishal, Jarrett, Michael S., Thompson, Ronald L.

Application Number

US14/562,488
Publication Number

US 20150096029A1
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

G06F 21/564 by virus signature recognition

Dynamic Selection and Loading of Anti-Malware Signatures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Dynamic Selection and Loading of Anti-Malware Signatures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links