Method and apparatus for detecting a malware in files
First Claim
1. An apparatus for detecting a malware in files, comprising:
- an acquisition unit configured to obtain from a file system information about a first time point when a folder is created by the file system, and information about a second time point when a file is created in the folder by the file system;
a candidate determination unit configured to determine whether the file created by the file system is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point; and
an inspection unit configured to perform the malware inspection on the file created by the file system when it is determined to be the candidate file for the malware inspection,wherein the candidate determination unit is configured to determine that the file created by the file system is the candidate file to be inspected when the second time point is not within a predetermined time interval from the first time point.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for detecting a malware in files includes an acquisition unit configured to obtain from a file system information about a first time point when an interested folder is created by the file system, and information about a second time point when an interested file is created in the interested folder by the file system, a candidate determination unit configured to determine whether the interested file is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point, and an inspection unit configured to perform the malware inspection on the interested file determined to be the candidate file for the malware inspection.
5 Citations
23 Claims
-
1. An apparatus for detecting a malware in files, comprising:
-
an acquisition unit configured to obtain from a file system information about a first time point when a folder is created by the file system, and information about a second time point when a file is created in the folder by the file system; a candidate determination unit configured to determine whether the file created by the file system is a candidate file to be subjected to a malware inspection, based on the information on the first and the second time point; and an inspection unit configured to perform the malware inspection on the file created by the file system when it is determined to be the candidate file for the malware inspection, wherein the candidate determination unit is configured to determine that the file created by the file system is the candidate file to be inspected when the second time point is not within a predetermined time interval from the first time point. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for detecting a malware in files, the method comprising:
-
obtaining from a file system information about a first time point when folder is created by the file system and information about a second time point when a file is created in the folder by the file system; determining whether or not the file created by the file system is a candidate file to be subjected to a malware inspection based on the information about the first and the second time point; and performing the malware inspection on the file created by the file system when it is determined to be the candidate file, wherein said determining whether or not the file created by the file system is a candidate file includes determining the file created by the file system is a candidate file to be subjected to the malware inspection when the second time point is not within a predetermined time interval from the first time point. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
-
Specification