Dynamic selection and loading of anti-malware signatures
First Claim
1. A computer-implemented method, comprising:
- determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device;
automatically obtaining the relevant malware detection signatures;
loading the relevant malware detection signatures to a malware scanner;
scanning the device using the relevant malware detection signatures; and
unloading signatures for threats that are no longer relevant to the device.
3 Assignments
0 Petitions
Accused Products
Abstract
An anti-malware system dynamically loads and unloads additional malware detection signatures based on a collection of data sources that indicate what signatures are relevant to a host machine in its current environment. A signature selector component determines what relevant signatures should be loaded. The signature selector component uses a variety of data sources either individually, or in combination, to determine relevancy of the available malware detection signatures. The anti-malware system dynamically determines which of the available malware detection signatures and classes of signatures are relevant and should be provided to a machine based on available information. The malware detection signatures are obtained and loaded automatically from one or more sources when a threat becomes relevant. A program or application may be blocked from accessing files until the relevant malware detection signatures have been loaded onto the machine.
19 Citations
18 Claims
-
1. A computer-implemented method, comprising:
-
determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device; automatically obtaining the relevant malware detection signatures; loading the relevant malware detection signatures to a malware scanner; scanning the device using the relevant malware detection signatures; and unloading signatures for threats that are no longer relevant to the device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer system, comprising:
-
one or more processors; system memory; one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the one or more processors, causes the processors to perform a method for automatically determining and loading relevant malware detection signatures, the processor operating to; determine which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device; automatically obtain the relevant malware detection signatures; load the relevant malware detection signatures to a malware scanner; scan the device using the relevant malware detection signatures; and unload signatures for threats that are no longer relevant to the device. - View Dependent Claims (15, 16, 17)
-
-
18. A computer program product for implementing a method for automatically determining and loading relevant malware detection signatures, the computer program product comprising one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by one or more processors of a computing system, cause the computing system to perform the method comprising of:
-
determining which malware detection signatures are relevant to a device, including signatures for malware that is not capable of running on the device, but that may affect other machines on a local network that includes the device, wherein the relevant malware detection signatures are determined based upon a hardware configuration or a software configuration of the device, malware detected by one or more other machines on a local network, a configuration of one or more other machines on the device'"'"'s network, data aggregated on a global scale, or a geographic location of the device; blocking one or more programs from accessing files on the device until the relevant malware detection signatures have been loaded; automatically obtaining the relevant malware detection signatures; loading the relevant malware detection signatures to a malware scanner; scanning the device using the relevant malware detection signatures; and unloading signatures for threats that are no longer relevant to the device.
-
Specification