Method for mitigating false positive generation in antivirus software
First Claim
Patent Images
1. A method of mitigating false-positive malware detection comprising:
- accessing an operating system file that has been identified as malware;
determining whether the operating system file has an existing digital signature;
if there is no existing digital signature, creating a signature for the operating system file;
comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in a signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and
if the at least one signature attribute is not found in the signature database, defining the operating system file as malware.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for mitigating false-positives as detected by antivirus software comprising accessing an operating system file that has been identified as malware; creating a signature for the operating system file; comparing the created signature to a signature database; and, if the created signature is not found in the signature database, defining the operating system file as malware. An operating system file, as used herein, is any file included as a part of the operating system binary executable file set, as well as any files added from third party vendors that integrate with or plug into the operating system.
-
Citations
18 Claims
-
1. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system file that has been identified as malware; determining whether the operating system file has an existing digital signature; if there is no existing digital signature, creating a signature for the operating system file; comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in a signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and if the at least one signature attribute is not found in the signature database, defining the operating system file as malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system catalog; parsing the operating system catalog; reading hash values from the parsed operating system catalog to represent content of files in the operating system; storing the hash values in a signature database; accessing an operating system file that has been identified as malware; determining whether the operating system file has an existing digital signature; if there is no existing digital signature, creating a signature for the operating system file; comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in the signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and if the at least one signature attribute is not found in the signature database, defining the operating system file as malware. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system file that has been identified as malware; determining a publisher of the operating system file; comparing at least one signature attribute of the operating system file to at least one of a number of signature attributes contained in an operating system catalog; and if the publisher of the operating system file is not found to be represented in the operating system catalog, defining the operating system file as malware. - View Dependent Claims (17, 18)
-
Specification