Dynamic Selection and Loading of Anti-Malware Signatures
First Claim
1. A computer-implemented method, comprising:
- determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device;
loading relevant malware detection signatures to a malware scanner;
scanning the device using the relevant malware detection signatures; and
unloading signatures for threats that are no longer relevant to the device.
2 Assignments
0 Petitions
Accused Products
Abstract
An anti-malware system dynamically loads and unloads additional malware detection signatures based on a collection of data sources that indicate what signatures are relevant to a host machine in its current environment. A signature selector component determines what relevant signatures should be loaded. The signature selector component uses a variety of data sources either individually, or in combination, to determine relevancy of the available malware detection signatures. The anti-malware system dynamically determines which of the available malware detection signatures and classes of signatures are relevant and should be provided to a machine based on available information. The malware detection signatures are obtained and loaded automatically from one or more sources when a threat becomes relevant. A program or application may be blocked from accessing files until the relevant malware detection signatures have been loaded onto the machine.
-
Citations
20 Claims
-
1. A computer-implemented method, comprising:
-
determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device; loading relevant malware detection signatures to a malware scanner; scanning the device using the relevant malware detection signatures; and unloading signatures for threats that are no longer relevant to the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer system, comprising:
-
one or more processors; system memory; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the processors to perform a method for automatically determining and loading relevant malware detection signatures, the processor operating to; determine which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines that communicate with the device; load relevant malware detection signatures to a malware scanner; scan the device using the relevant malware detection signatures; and unload signatures for threats that are no longer relevant to the device.
-
-
15. The computer system of claim 15, the processor further operating to:
determine which malware detection signatures are relevant to the device based upon a hardware configuration or a software configuration of the device. - View Dependent Claims (16, 17, 18, 19)
-
20. A computer-readable storage device comprising instructions that, when executed by a computer, cause the computer system to:
-
determine which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device, wherein the relevant malware detection signatures are determined based upon one or more of; a hardware configuration or a software configuration of the device, malware detected by one or more other machines that have a logical connection to the device, a configuration of one or more other machines that have a logical connection to the device, data aggregated on a global scale, and a geographic location of the device; block one or more programs from accessing files on the device until the relevant malware detection signatures have been loaded; obtain the relevant malware detection signatures; load the relevant malware detection signatures to a malware scanner; scan the device using the relevant malware detection signatures; and unload signatures for threats that are no longer relevant to the device.
-
Specification