Preemptive and/or reduced-intrusion malware scanning

US 9,141,794 B1
Filed: 03/10/2009
Issued: 09/22/2015
Est. Priority Date: 03/10/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:

receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target;

applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;

selecting targets for preemptive scanning using said measure of priority; and

storing the measure of priority for said targets in a prioritized target table,wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One embodiment relates to a computer-implemented method of preemptively scanning targets for malicious codes. Input qualities regarding said targets are received. A first computer-implemented procedure is applied to generate a measure of priority for scanning of said targets. Targets are selected for preemptive scanning using said measure of priority. In addition, resource utilization inputs may be received, and a second computer-implemented procedure may be applied to determine a system resource usage level using the resource utilization inputs. In that case, the malware scanning may be performed opportunistically based on the system resource usage level. Other embodiments, aspects and features may also be disclosed.

Citations

14 Claims

1. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:
- receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target;
  
  applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;
  
  selecting targets for preemptive scanning using said measure of priority; and
  
  storing the measure of priority for said targets in a prioritized target table,wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the input qualities include a frequency at which a target has been accessed.
  - 3. The computer-implemented method of claim 1, wherein the input qualities include a last time at which a target'"'"'s content was modified.
  - 4. The computer-implemented method of claim 1, wherein the input qualities include an estimation of system resources required to fetch and scan a target.
  - 5. The computer-implemented method of claim 1, wherein the input qualities include age data for a target'"'"'s content.
  - 6. The computer-implemented method of claim 1, wherein the input qualities include source information for a target.
  - 7. The computer-implemented method of claim 1, further comprising:
    - storing tracking data indicative of target-related events; and
      
      using the tracking data in determining said measure of priority.
  - 8. The computer-implemented method of claim 1, further comprising:
    - receiving resource utilization inputs; and
      
      applying a second computer-implemented procedure to determine a system resource usage level using the resource utilization inputs; and
      
      performing malware scanning opportunistically based on the system resource usage level.
  - 9. The computer-implemented method of claim 8, wherein said opportunistically-performed malware scanning includes selecting targets based on said measure of priority when the system resource usage level indicates a low-level of usage.
  - 10. The computer-implemented method of claim 8, wherein said opportunistically-performed malware scanning includes pausing the malware scanning when the system resource usage level indicates a high-level of usage.

11. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:
- receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target;
  
  applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;
  
  selecting targets for preemptive scanning using said measure of priority;
  
  receiving resource utilization inputs;
  
  applying a second computer-implemented procedure to determine a system resource usage level using the resource utilization inputs; and
  
  performing malware scanning opportunistically based on the system resource usage level,wherein said opportunistically-performed malware scanning includes selecting targets having estimated scan times below a threshold when the system resource usage level indicates an intermediate-level of usage.

12. An apparatus configured to scan targets for malicious code, the apparatus comprising:
- memory configured to store computer-readable code and data;
  
  a processor configured to execute computer-readable code and to access said memory;
  
  a scheduling engine configured to receive input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target, and apply a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;
  
  a scan manager configured to select targets for preemptive scanning using said measure of priority; and
  
  a prioritized target table configured to store the measure of priority for said targets, wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target.
- View Dependent Claims (13)
- - 13. The apparatus of claim 12, further comprising:
    - a resource monitor configured to receive resource utilization inputs and apply a second computer-implemented procedure to determine a system resource usage level using the resource utilization input,wherein the scan manager is further configured to opportunistically schedule malware scanning based on the system resource usage level.

14. An apparatus configured to scan targets for malicious code, the apparatus comprising:
- memory configured to store computer-readable code and data;
  
  a processor configured to execute computer-readable code and to access said memory;
  
  a scheduling engine configured to receive input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target, and apply a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;
  
  a scan manager configured to select targets for preemptive scanning using said measure of priority; and
  
  a resource monitor configured to receive resource utilization inputs and apply a second computer-implemented procedure to determine a system resource usage level using the resource utilization input,wherein the scan manager is further configured to opportunistically schedule malware scanning based on the system resource usage level, andwherein the scan manager is configured to select targets based on said measure of priority when the system resource usage level indicates a low-level of usage, pause the malware scanning when the system resource usage level indicates a high-level of usage, and select targets having estimated scan times below a threshold when the system resource usage level indicates an intermediate-level of usage.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Soubramanien, Viswa, Wei, Shaohong
Primary Examiner(s)
LEUNG, ROBERT B

Application Number

US12/401,160
Time in Patent Office

2,387 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 1/329   by task scheduling

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/566   Dynamic detection, i.e. det...

G06F 9/5038   considering the execution o...

G06F 9/505   considering the load

Y02D 10/00   Energy efficient computing,...

Preemptive and/or reduced-intrusion malware scanning

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Preemptive and/or reduced-intrusion malware scanning

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links