Rollback feature
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a computer, cause the computer to:
- scan to determine that a file in at least a portion of a computer memory is a malicious file;
make a copy of the file that can be restored;
delete the file from the portion of memory;
responsive to an indication that the determination of the file as malicious is a false positive, prompt the user to initiate a reboot; and
in response to the reboot initiation, cause the file to be restored to the computer using the copy.
9 Assignments
0 Petitions
Accused Products
Abstract
A file stored in a first portion of a computer memory of a computer is determined to be a malicious file. A duplicate of the file is stored in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory. One or more protection processes are performed on the file. The determination that the file is a malicious file is determined to be a false positive and the file is restored, during a boot sequence, to a state prior to the one or more protection processes being performed on the file.
-
Citations
20 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a computer, cause the computer to:
-
scan to determine that a file in at least a portion of a computer memory is a malicious file; make a copy of the file that can be restored; delete the file from the portion of memory; responsive to an indication that the determination of the file as malicious is a false positive, prompt the user to initiate a reboot; and in response to the reboot initiation, cause the file to be restored to the computer using the copy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method comprising:
-
scanning to determine that a file in at least a portion of a computer memory is a malicious file; making a copy of the file that can be restored; deleting the file from the portion of memory; responsive to an indication that the determination of the file as malicious is a false positive, prompting the user to initiate a reboot; and in response to the reboot initiation, causing the file to be restored to the computer using the copy.
-
-
17. A system comprising:
-
at least one processor; one or more memory elements; and rollback logic, executable by the at least one processor, to; scan to determine that a file in at least a portion of a computer memory is a malicious file; make a copy of the file that can be restored; delete the file from the portion of the computer memory; responsive to an indication that the determination of the file as malicious is a false positive, prompt the user to initiate a reboot; and in response to the reboot initiation, cause the file to be restored to the computer using the copy. - View Dependent Claims (18, 19, 20)
-
Specification