Efficient file scanning using secure listing of file modification times
First Claim
Patent Images
1. A computer implemented method for efficiently scanning files for malicious code, the method comprising the steps of:
- maintaining a non-tamperable record of modifications to files on a volume, the record of modifications to files indicating modification statuses of the files, a modification status indicating when an associated file was last modified, wherein maintaining the non-tamperable record further comprises;
responsive to a first file being modified, monitoring the first file for a short period of time after the modification to determine whether the first file is deleted during the short period of time, andperforming a step from a group of steps comprising;
responsive to the first file not being deleted during the short period of time, recording the modification to the first file, andresponsive to the first file being deleted during the short period of time, not recording the modification to the first file;
receiving at least one malicious code signature;
establishing a defined time period measured as an amount of time prior to a current time at which scanning is to be performed;
establishing a high priority for files last modified within the defined time period;
establishing a low priority for files last modified prior to the defined time period; and
scanning files on the volume for the at least one malicious code signature responsive to the established priorities, the scanning comprising scanning files having established high priorities prior to scanning files having established low priorities.
5 Assignments
0 Petitions
Accused Products
Abstract
A scanning optimization manager efficiently scans files for malicious code. The scanning optimization manager maintains a non-tamperable record of modifications to files on a volume. The scanning optimization manager receives at least one malicious code signature. Responsive to the receipt of the at least one malicious code signature, the scanning optimization manager scans at least some files on the volume for the at least one malicious code signature at a priority corresponding to an associated modification status.
-
Citations
21 Claims
-
1. A computer implemented method for efficiently scanning files for malicious code, the method comprising the steps of:
-
maintaining a non-tamperable record of modifications to files on a volume, the record of modifications to files indicating modification statuses of the files, a modification status indicating when an associated file was last modified, wherein maintaining the non-tamperable record further comprises; responsive to a first file being modified, monitoring the first file for a short period of time after the modification to determine whether the first file is deleted during the short period of time, and performing a step from a group of steps comprising; responsive to the first file not being deleted during the short period of time, recording the modification to the first file, and responsive to the first file being deleted during the short period of time, not recording the modification to the first file; receiving at least one malicious code signature; establishing a defined time period measured as an amount of time prior to a current time at which scanning is to be performed; establishing a high priority for files last modified within the defined time period; establishing a low priority for files last modified prior to the defined time period; and scanning files on the volume for the at least one malicious code signature responsive to the established priorities, the scanning comprising scanning files having established high priorities prior to scanning files having established low priorities. - View Dependent Claims (2, 3, 4, 5, 6, 19)
-
-
7. A non-transitory computer readable storage medium containing executable program code for efficiently scanning files for malicious code, the computer program code comprising:
-
program code for maintaining a non-tamperable record of modifications to files on a volume, the record of modifications to files indicating modification statuses of the files, a modification status indicating when an associated file was last modified, wherein the program code for maintaining the non-tamperable record further comprises; program code for, responsive to a first file being modified, monitoring the first file for a short period of time after the modification to determine whether the first file is deleted during the short period of time, and program code for performing a step from a group of steps comprising; responsive to the first file not being deleted during the short period of time, recording the modification to the first file, and responsive to the first file being deleted during the short period of time, not recording the modification to the first file; program code for receiving at least one malicious code signature; program code for establishing a defined time period measured as an amount of time prior to a current time at which scanning is to be performed; program code for establishing a high priority for files last modified within the defined time period; program code for establishing a low priority for files last modified prior to the defined time period; and program code for scanning files on the volume for the at least one malicious code signature responsive to the established priorities, the scanning comprising scanning files having established high priorities prior to scanning files having established low priorities. - View Dependent Claims (8, 9, 10, 11, 12, 20)
-
-
13. A computer system for efficiently scanning files for malicious code, the computer system comprising:
-
a volume for storing files; a processor for executing software portions; and a computer readable storage medium containing executable software portions, the software portions comprising; a software portion configured to maintain a non-tamperable record of modifications to files on the volume, the record of modifications to files indicating modification statuses of files, a modification status indicating when an associated file was last modified, wherein the software portion configured to maintain the non-tamperable record further comprises; a software portion configured to, responsive to a first file being modified, monitor the first file for a short period of time after the modification to determine whether the first file is deleted during the short period of time, and a software portion configured to perform a step from a group of steps comprising; responsive to the first file not being deleted during the short period of time, recording the modification to the first file, and responsive to the first file being deleted during the short period of time, not recording the modification to the first file; a software portion configured to receive at least one malicious code signature; a software portion configured to establish a defined time period measured as an amount of time prior to a current time at which scanning is to be performed; a software portion configured to establish a high priority for files last modified within the defined time period; a software portion configured to establish a low priority for files last modified prior to the defined time period; and a software portion configured to scan files on the volume for the at least one malicious code signature responsive to the established priorities, the scanning comprising scanning files having established high priorities prior to scanning files having established low priorities. - View Dependent Claims (14, 15, 16, 17, 18, 21)
-
Specification