Systems and methods for using acquisitional contexts to prevent false-positive malware classifications
First Claim
1. A computer-implemented method for using acquisitional contexts to prevent false-positive malware classifications, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
- receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, wherein the contextual information;
identifies a context in which the client-side computing device acquired the file;
indicates that the client-side computing device exonerated the file due to the context in which the client-side computing device acquired the file after receiving, from the server-side computing device, reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community;
using, based at least in part on the file having been exonerated at the client-side computing device due to the context in which the client-side computing device acquired the file after receiving reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community, the context in which the client-side computing device acquired the file to determine a reputation rating for the file;
providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy.
2 Assignments
0 Petitions
Accused Products
Abstract
A method for using acquisitional contexts to prevent false-positive malware classifications. The method may include (1) receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, (2) determining, based at least in part on the contextual information received from the client-side computing device, a reputation rating for the file, and (3) providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy. Various other methods and systems are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for using acquisitional contexts to prevent false-positive malware classifications, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
-
receiving, from at least one client-side computing device within a community of users, contextual information associated with a file, wherein the contextual information; identifies a context in which the client-side computing device acquired the file; indicates that the client-side computing device exonerated the file due to the context in which the client-side computing device acquired the file after receiving, from the server-side computing device, reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community; using, based at least in part on the file having been exonerated at the client-side computing device due to the context in which the client-side computing device acquired the file after receiving reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community, the context in which the client-side computing device acquired the file to determine a reputation rating for the file; providing the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer-implemented method for using acquisitional contexts to prevent false-positive malware classifications, at least a portion of the method being performed by a client-side computing device comprising at least one processor, the method comprising:
-
identifying, at the client-side computing device, a file; requesting a reputation rating for the file from a server-side computing device; receiving the reputation rating for the file from the server-side computing device, wherein the server-side computing device determined the reputation rating for the file by; analyzing contextual information received from at least one other client-side computing device within a community of users that indicates that the other client-side computing device exonerated a prior instance of the file due to a context in which the other client-side computing device acquired the prior instance of the file after receiving, from the server-side computing device, reputation information for the prior instance of the file that indicated that the prior instance of the file should not be trusted due to the prior instance of the file'"'"'s low prevalence within the community; using, based at least in part on the prior instance of the file having been exonerated at the other client-side computing device due to the context in which the other client-side computing device acquired the prior instance of the file after receiving reputation information for the prior instance of the file that indicated that the prior instance of the file should not be trusted due to the prior instance of the file'"'"'s low prevalence within the community, the context in which the other client-side computing device acquired the prior instance of the file to determine the reputation rating for the file; determining, based at least in part on the reputation rating received from the server-side computing device, that the file is trustworthy despite the client-side computing device having acquired the file via a context that is insufficient to determine that the file is trustworthy. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system for using acquisitional contexts to prevent false-positive malware classifications, the system comprising:
-
a context-receiving module programmed to receive, at a server-side computing device from at least one client-side computing device within a community of users, contextual information associated with a file, wherein the contextual information; identifies a context in which the client-side computing device acquired the file; indicates that the client-side computing device exonerated the file due to the context in which the client-side computing device acquired the file after receiving, from the server-side computing device, reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community; a reputation-determining module programmed to use, based at least in part on the file having been exonerated at the client-side computing device due to the context in which the client-side computing device acquired the file after receiving reputation information for the file that indicated that the file should not be trusted due to the file'"'"'s low prevalence within the community, the context in which the client-side computing device acquired the file to determine a reputation rating for the file; a providing module programmed to provide the reputation rating for the file to at least one additional client-side computing device within the community in order to prevent the additional client-side computing device from falsely classifying the file as untrustworthy due to acquiring an additional instance of the file via a context that is insufficient to determine that the additional instance of the file is trustworthy; at least one processor configured to execute the context-receiving module, the reputation-determining module, and the providing module. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification