Method for mitigating false positive generation in antivirus software
First Claim
Patent Images
1. A method of mitigating false-positive malware detection comprising:
- accessing an operating system file that has been identified as malware;
determining whether the operating system file has an existing digital signature;
if there is no existing digital signature, creating a signature for the operating system file;
comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in a signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and
if the at least one signature attribute is not found in the signature database, defining the operating system file as malware.
5 Assignments
0 Petitions
Accused Products
Abstract
A method for mitigating false-positives as detected by antivirus software comprising accessing an operating system file that has been identified as malware; creating a signature for the operating system file; comparing the created signature to a signature database; and, if the created signature is not found in the signature database, defining the operating system file as malware. An operating system file, as used herein, is any file included as a part of the operating system binary executable file set, as well as any files added from third party vendors that integrate with or plug into the operating system.
287 Citations
18 Claims
-
1. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system file that has been identified as malware; determining whether the operating system file has an existing digital signature; if there is no existing digital signature, creating a signature for the operating system file; comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in a signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and if the at least one signature attribute is not found in the signature database, defining the operating system file as malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system catalog; parsing the operating system catalog; reading hash values from the parsed operating system catalog to represent content of files in the operating system; storing the hash values in a signature database; accessing an operating system file that has been identified as malware; determining whether the operating system file has an existing digital signature; if there is no existing digital signature, creating a signature for the operating system file; comparing at least one signature attribute of the existing or created signature to at least one of a number of signature attributes contained in the signature database, wherein the at least one signature attribute of the existing or created signature comprises a name of a publisher of the operating system file; and if the at least one signature attribute is not found in the signature database, defining the operating system file as malware. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A method of mitigating false-positive malware detection comprising:
-
accessing an operating system file that has been identified as malware; determining a publisher of the operating system file; comparing at least one signature attribute of the operating system file to at least one of a number of signature attributes contained in an operating system catalog; and if the publisher of the operating system file is not found to be represented in the operating system catalog, defining the operating system file as malware. - View Dependent Claims (17, 18)
-
Specification