Method and system for antimalware scanning with variable scan settings
First Claim
1. A method for scanning an executable file for malware presence, the method comprising:
- (a) detecting, by a computer, an attempt to execute a file on the computer;
(b) for a known file, performing a signature malware check;
(c) for an unknown file, performing a risk analysis based on a plurality of risk factors;
(d) based on the risk analysis, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; and
(e) if no malware is detected using the malware detection algorithms, permitting execution of the file.
1 Assignment
0 Petitions
Accused Products
Abstract
A system, method and computer program product for scanning an executable file for malware presence, the method comprising: (a) detecting an attempt to execute a file on a computer; (b) identifying whether the file is known or unknown; (c) if the file is a known file, performing a signature malware check; (d) if the file is an unknown file, performing risk analysis and risk assessment for the file; (e) based on the risk analysis and the risk assessment, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; (f) performing the malware detection algorithms on the file; and (g) if no malware is detected, permitting execution of the file. The risk analysis is based on file source, file origin, file path, file size, whether the file is digitally signed, whether the file is a download utility, whether the file is packed, whether the file was received from a CDROM.
-
Citations
11 Claims
-
1. A method for scanning an executable file for malware presence, the method comprising:
-
(a) detecting, by a computer, an attempt to execute a file on the computer; (b) for a known file, performing a signature malware check; (c) for an unknown file, performing a risk analysis based on a plurality of risk factors; (d) based on the risk analysis, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; and (e) if no malware is detected using the malware detection algorithms, permitting execution of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification