Scanning device, cloud management device, method and system for checking and killing malicious programs
First Claim
1. A scanning device for checking and killing a malicious program comprising:
- a first transmission interface configured to transmit information to a server-side device and receive information transmitted by the server-side device;
an environment information reader configured to read current system environment information of a client device and transmit it to the server-side device via the first transmission interface;
a first scanner configured to obtain via the first transmission interface a first scanning content indication judged by the server-side device at least based on the system environment information, scan a specified position in the first scanning content indication, and at least transmit feature data of an unknown program file obtained by scanning to the server-side device via the first transmission interface; and
a second scanner configured to obtain via the first transmission interface a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and scan according to the second scanning content indication.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a scanning device, a cloud management device, a method and system for checking and killing a malicious program. Therein, a cloud management device for checking and killing a malicious program comprises: a second transmission interface; a first indicator configured to generate a first scanning content indication according to characteristics of a newborn malicious program and system environment information transmitted by a client device; a first matcher configured to obtain via the second transmission interface feature data of the unknown program file transmitted by the client device, and hereby perform matching in known records of feature data of malicious programs; and a second indicator configured to generate a second scanning content indication when the first matcher fails to match to a known record, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and transmit the same to the client device through the second transmission interface.
-
Citations
22 Claims
-
1. A scanning device for checking and killing a malicious program comprising:
-
a first transmission interface configured to transmit information to a server-side device and receive information transmitted by the server-side device; an environment information reader configured to read current system environment information of a client device and transmit it to the server-side device via the first transmission interface; a first scanner configured to obtain via the first transmission interface a first scanning content indication judged by the server-side device at least based on the system environment information, scan a specified position in the first scanning content indication, and at least transmit feature data of an unknown program file obtained by scanning to the server-side device via the first transmission interface; and a second scanner configured to obtain via the first transmission interface a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and scan according to the second scanning content indication. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A cloud management device for checking and killing a malicious program comprising:
-
a second transmission interface configured to transmit information to a client device and receive information transmitted by the client device; a first indicator configured to generate a first scanning content indication according to characteristics of a newborn malicious program and system environment information transmitted by the client device, the first scanning content indication at least comprising scanning content at a specified position and notifying scanned feature data of an unknown program file, and transmit the first scanning content indication to the client device via the second transmission interface; a first matcher configured to obtain via the second transmission interface feature data of the unknown program file transmitted by the client device, and hereby perform matching in known records of feature data of malicious programs; and a second indicator configured to generate a second scanning content indication when the first matcher fails to match to a known record, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and transmit the second scanning content indication to the client device via the second transmission interface. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. (canceled)
-
17. A scanning method for checking and killing a malicious program comprising:
-
reading current system environment information of a client device, and transmitting it to a server-side device; obtaining a first scanning content indication judged by the server-side device based on the system environment information, scanning a specified position in the first scanning content indication, and transmitting at least feature data of an unknown program file obtained by scanning to the server-side device; and obtaining a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and scanning according to the second scanning content indication. - View Dependent Claims (18)
-
-
19. (canceled)
-
20. (canceled)
-
21. (canceled)
-
22. (canceled)
Specification