Server-assisted anti-malware client
First Claim
Patent Images
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive a query from a particular host device;
identify a file detected by an antimalware tool local to the particular host device;
determine that the particular host device is associated with a particular one of a plurality of domains, wherein each domain corresponds to a respective network;
identify that a particular one of a plurality of sets of rules corresponds to the particular domain;
determine a particular security score for the file based on the particular set of rules, wherein a different security score is to be determined for the file when detected local to a host device in a different one of the plurality of domains;
determine particular reputation data for the file based at least in part on the security score, wherein the particular reputation data includes the security score and information detected by one or more other devices identifying characteristics of the file relevant to the antimalware tool; and
send a response to the query to the particular host device, wherein the response includes the particular reputation data.
11 Assignments
0 Petitions
Accused Products
Abstract
An antimalware support system is provided to support one or more host-based antimalware clients. A query is received from a particular host device that identifies a file detected by an antimalware tool local to the particular host device. Reputation data is determined for the file, and a response to the query is sent to the particular host device. The query response includes the reputation data determined for the file.
58 Citations
22 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive a query from a particular host device; identify a file detected by an antimalware tool local to the particular host device; determine that the particular host device is associated with a particular one of a plurality of domains, wherein each domain corresponds to a respective network; identify that a particular one of a plurality of sets of rules corresponds to the particular domain; determine a particular security score for the file based on the particular set of rules, wherein a different security score is to be determined for the file when detected local to a host device in a different one of the plurality of domains; determine particular reputation data for the file based at least in part on the security score, wherein the particular reputation data includes the security score and information detected by one or more other devices identifying characteristics of the file relevant to the antimalware tool; and send a response to the query to the particular host device, wherein the response includes the particular reputation data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
receiving a query from a particular host device; identifying a file detected by an antimalware tool local to the particular host device; determining that the particular host device is associated with a particular one of a plurality of domains, wherein each domain corresponds to a respective network; identifying that a particular one of a plurality of sets of rules corresponds to the particular domain; determine a particular security score for the file based on the particular set of rules, wherein a different security score is to be determined for the file when detected local to a host device in a different one of the plurality of domains; determine particular reputation data for the file based at least in part on the security score, wherein the particular reputation data includes the security score and information detected by one or more other devices identifying characteristics of the file relevant to the antimalware tool; and sending a response to the query to the particular host device, wherein the response includes the particular reputation data. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
at least one processor device; at least one memory element; and an antimalware support server adapted when executed by the at least one processor device to; receive a query from a particular host device; identify a file detected by an antimalware tool local to the particular host device; determine that the particular host device is associated with a particular one of a plurality of domains, wherein each domain corresponds to a respective network; identify that a particular one of a plurality of sets of rules corresponds to the particular domain; determine a particular security score for the file based on the particular set of rules, wherein a different security score is to be determined for the file when detected local to a host device in a different one of the plurality of domains; determine particular reputation data for the file based at least in part on the security score, wherein the particular reputation data includes the security score and information detected by one or more other devices identifying characteristics of the file relevant to the antimalware tool; and send a response to the query to the particular host device, wherein the response includes the particular reputation data. - View Dependent Claims (19, 20, 21, 22)
-
Specification