Method and system for antimalware scanning with variable scan settings

US 7,725,941 B1
Filed: 05/15/2008
Issued: 05/25/2010
Est. Priority Date: 12/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method for scanning an executable file for malware presence, the method comprising:

(a) detecting, by a computer, an attempt to execute a file on the computer;

(b) for a known file, performing a signature malware check;

(c) for an unknown file, performing a risk analysis based on a plurality of risk factors;

(d) based on the risk analysis, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; and

(e) if no malware is detected using the malware detection algorithms, permitting execution of the file.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method and computer program product for scanning an executable file for malware presence, the method comprising: (a) detecting an attempt to execute a file on a computer; (b) identifying whether the file is known or unknown; (c) if the file is a known file, performing a signature malware check; (d) if the file is an unknown file, performing risk analysis and risk assessment for the file; (e) based on the risk analysis and the risk assessment, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; (f) performing the malware detection algorithms on the file; and (g) if no malware is detected, permitting execution of the file. The risk analysis is based on file source, file origin, file path, file size, whether the file is digitally signed, whether the file is a download utility, whether the file is packed, whether the file was received from a CDROM.

Citations

11 Claims

1. A method for scanning an executable file for malware presence, the method comprising:
- (a) detecting, by a computer, an attempt to execute a file on the computer;
  
  (b) for a known file, performing a signature malware check;
  
  (c) for an unknown file, performing a risk analysis based on a plurality of risk factors;
  
  (d) based on the risk analysis, identifying which malware detection algorithms need to be used for the file, in addition to signature detection; and
  
  (e) if no malware is detected using the malware detection algorithms, permitting execution of the file.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the risk factor is any of file size, file format, file structure, whether the file is digitally signed, whether the file is a download utility, whether the file is packed, file source, and whether the file was received from a CDROM.
  - 3. The method of claim 1, wherein the risk factor is a URL from which the file was received.
  - 4. The method of claim 1, wherein the risk factor is file origin.
  - 5. The method of claim 1, wherein the risk factor is file path.
  - 6. The method of claim 1, wherein the malware detection algorithms include any of heuristic detection algorithms, statistical analysis, sending a copy or some portion of the file to a server for anti-malware check, and instruction-based emulation.
  - 7. The method of claim 1, wherein the malware detection algorithms includes a sending a portion of the file to a server for anti-malware check.
  - 8. The method of claim 1, wherein the malware detection algorithms include sending a control value generated based on the file to the server for anti-malware check.
  - 9. The method of claim 1, wherein the malware detection algorithms include an environment-based emulation.
  - 10. A non-transitory computer useable storage medium having computer executable program logic stored thereon, the computer executable program logic executing on a processor for implementing the steps of claim 1.
  - 11. A system for scanning an executable file for malware presence, the system comprising:
    - a processor;
      
      a memory coupled to the processor;
      
      computer code loaded into the memory for executing on the processor, for performing the steps of claim 1.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kaspersky Lab ZAO
Original Assignee
Kaspersky Lab ZAO
Inventors
Pavlyushchik, Mikhail A.
Primary Examiner(s)
Cervetti, David Garcia

Application Number

US12/120,699
Time in Patent Office

740 Days
Field of Search

713/187, 713/188, 726/22, 726/23, 726/24, 726/25
US Class Current

726/24
CPC Class Codes

G06F 21/562 Static detection

G06F 21/564 by virus signature recognition

Method and system for antimalware scanning with variable scan settings

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for antimalware scanning with variable scan settings

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links