Preemptive and/or reduced-intrusion malware scanning
First Claim
1. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:
- receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target;
applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities;
selecting targets for preemptive scanning using said measure of priority; and
storing the measure of priority for said targets in a prioritized target table,wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target.
1 Assignment
0 Petitions
Accused Products
Abstract
One embodiment relates to a computer-implemented method of preemptively scanning targets for malicious codes. Input qualities regarding said targets are received. A first computer-implemented procedure is applied to generate a measure of priority for scanning of said targets. Targets are selected for preemptive scanning using said measure of priority. In addition, resource utilization inputs may be received, and a second computer-implemented procedure may be applied to determine a system resource usage level using the resource utilization inputs. In that case, the malware scanning may be performed opportunistically based on the system resource usage level. Other embodiments, aspects and features may also be disclosed.
-
Citations
14 Claims
-
1. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:
-
receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target; applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities; selecting targets for preemptive scanning using said measure of priority; and storing the measure of priority for said targets in a prioritized target table, wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of preemptively scanning targets for malicious codes, the method comprising:
-
receiving input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target; applying a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities; selecting targets for preemptive scanning using said measure of priority; receiving resource utilization inputs; applying a second computer-implemented procedure to determine a system resource usage level using the resource utilization inputs; and performing malware scanning opportunistically based on the system resource usage level, wherein said opportunistically-performed malware scanning includes selecting targets having estimated scan times below a threshold when the system resource usage level indicates an intermediate-level of usage.
-
-
12. An apparatus configured to scan targets for malicious code, the apparatus comprising:
-
memory configured to store computer-readable code and data; a processor configured to execute computer-readable code and to access said memory; a scheduling engine configured to receive input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target, and apply a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities; a scan manager configured to select targets for preemptive scanning using said measure of priority; and a prioritized target table configured to store the measure of priority for said targets, wherein the prioritized target table includes a first data field which identifies a target, a second data field which indicates a priority for the target, and a third data field which provides data relating to an estimated scan time for the target. - View Dependent Claims (13)
-
-
14. An apparatus configured to scan targets for malicious code, the apparatus comprising:
-
memory configured to store computer-readable code and data; a processor configured to execute computer-readable code and to access said memory; a scheduling engine configured to receive input qualities regarding said targets, wherein the input qualities include at least data indicative of a percentage scan completion for a partially-scanned target, and apply a first computer-implemented procedure to generate a measure of priority for scanning of said targets using the input qualities; a scan manager configured to select targets for preemptive scanning using said measure of priority; and a resource monitor configured to receive resource utilization inputs and apply a second computer-implemented procedure to determine a system resource usage level using the resource utilization input, wherein the scan manager is further configured to opportunistically schedule malware scanning based on the system resource usage level, and wherein the scan manager is configured to select targets based on said measure of priority when the system resource usage level indicates a low-level of usage, pause the malware scanning when the system resource usage level indicates a high-level of usage, and select targets having estimated scan times below a threshold when the system resource usage level indicates an intermediate-level of usage.
-
Specification