Systems and methods for classifying unknown files/spam based on a user actions, a file's prevalence within a user community, and a predetermined prevalence threshold
First Claim
1. A computer-implemented method for classifying unknown files based on user actions, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
- identifying at least one file whose trustworthiness is unknown due at least in part to the file'"'"'s prevalence within a user community being below a predetermined prevalence threshold, wherein the predetermined prevalence threshold represents a minimum number of client devices within the user community that have encountered an instance of the file;
identifying a report received from at least one client device that identifies at least one action taken by a user within the user community after being informed by security software on the client device that the trustworthiness of the file is unknown;
determining that the action taken by the user indicates that the user believes the file is trustworthy even after being informed by the security software on the client device that the trustworthiness of the file is unknown;
classifying the file as trustworthy based at least in part on the action taken by the user;
providing the file'"'"'s classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the file.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented, server-side method for classifying unknown files based on user actions may include (1) identifying at least one file whose trustworthiness is unknown, (2) identifying a report received from at least one client device that identifies at least one action taken by a user within a user community when informed by security software on the client device that the trustworthiness of the file is unknown, (3) determining that the action taken by the user indicates that the user believes the file is trustworthy, (4) classifying the file as trustworthy based at least in part on the action taken by the user, and then (5) providing the file'"'"'s classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the file. Corresponding systems, encoded computer-readable media, and client-side methods are also disclosed.
35 Citations
20 Claims
-
1. A computer-implemented method for classifying unknown files based on user actions, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
-
identifying at least one file whose trustworthiness is unknown due at least in part to the file'"'"'s prevalence within a user community being below a predetermined prevalence threshold, wherein the predetermined prevalence threshold represents a minimum number of client devices within the user community that have encountered an instance of the file; identifying a report received from at least one client device that identifies at least one action taken by a user within the user community after being informed by security software on the client device that the trustworthiness of the file is unknown; determining that the action taken by the user indicates that the user believes the file is trustworthy even after being informed by the security software on the client device that the trustworthiness of the file is unknown; classifying the file as trustworthy based at least in part on the action taken by the user; providing the file'"'"'s classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 19, 20)
-
-
13. A computer-implemented method for identifying files that have been classified as trustworthy based on user actions, at least a portion of the method being performed by a client device comprising at least one processor, the method comprising:
-
identifying a file; querying a server for a trustworthiness classification assigned to the file; receiving, from the server, a trustworthiness classification assigned to the file that indicates that the file is likely trustworthy, wherein; the trustworthiness classification assigned to the file by the server is based at least in part on at least one action taken by a user of at least one additional client device after being informed by security software on the additional client device that the trustworthiness of the file is unknown due at least in part to the file'"'"'s prevalence within a user community being below a predetermined prevalence threshold, wherein the predetermined prevalence threshold represents a minimum number of client devices within the user community that have encountered an instance of the file; the action taken by the user indicates that the user believes the file is trustworthy even after being informed by the security software on the client device that the trustworthiness of the file is unknown; allowing the file to install on the client device. - View Dependent Claims (14)
-
-
15. A system for classifying unknown files based on user actions, the system comprising:
-
an identification module programmed to; identify at least one file whose trustworthiness is unknown due at least in part to the file'"'"'s prevalence within a user community being below a predetermined prevalence threshold, wherein the predetermined prevalence threshold represents a minimum number of client devices within the user community that have encountered an instance of the file; identify a report received from at least one client device that identifies at least one action taken by a user within the user community after being informed by security software on the client device that the trustworthiness of the file is unknown;
a classification module programmed to;determine that the action taken by the user indicates that the user believes the file is trustworthy even after being informed by the security software on the client device that the trustworthiness of the file is unknown; classify the file as trustworthy based at least in part on the action taken by the user; provide the file'"'"'s classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the file; at least one processor configured to execute the identification module and the classification module. - View Dependent Claims (16, 17, 18)
-
Specification