Systems and methods for using property tables to perform non-iterative malware scans
First Claim
1. A computer-implemented method for using property tables to perform non-iterative malware scans, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
- identifying at least one malware signature that identifies at least one property value for an item of malware;
accessing a property table that identifies;
property values shared by one or more application packages;
for each property value, each application package that shares the property value in question;
determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without iterating through the individual property values of each application package.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented method for using property tables to perform non-iterative malware scans may include (1) obtaining at least one malware signature from a security software provider that identifies at least one property value for an item of malware, (2) accessing a property table for a computing device that identifies property values shared by one or more application packages installed on the computing device and, for each property value, each application package that shares the property value in question, and (3) determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without having to iterate through the individual property values of each application package. Various other methods, systems, and computer-readable media are also disclosed.
-
Citations
20 Claims
-
1. A computer-implemented method for using property tables to perform non-iterative malware scans, at least a portion of the method being performed by a server-side computing device comprising at least one processor, the method comprising:
-
identifying at least one malware signature that identifies at least one property value for an item of malware; accessing a property table that identifies; property values shared by one or more application packages; for each property value, each application package that shares the property value in question; determining, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without iterating through the individual property values of each application package. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for using property tables to perform non-iterative malware scans, the system comprising:
-
a signature-retrieval module programmed to identify at least one malware signature that identifies at least one property value for an item of malware; a malware-detection module programmed to; access a property table that identifies property values shared by one or more application packages and, for each property value, each application package that shares the property value in question; determine, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without iterating through the individual property values of each application package; at least one processor configured to execute the signature-retrieval module and the malware-detection module. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory computer-readable medium comprising one or more computer-executable instructions that, when executed by at least one processor of a server-side computing device, cause the server-side computing device to:
-
identify at least one malware signature that identifies at least one property value for an item of malware; access a property table that identifies; property values shared by one or more application packages; for each property value, each application package that shares the property value in question; determine, by comparing each property value identified in the malware signature with the property table, whether any of the application packages match the malware signature without iterating through the individual property values of each application package. - View Dependent Claims (20)
-
Specification