Server-assisted anti-malware client
First Claim
Patent Images
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- identify, using an antimalware client executed on a host device, a file in memory of the host device;
determine, at the antimalware client, attributes of the file relating to reputation of the file;
send a query from the host device to an antimalware support system relating to the file, wherein the query is to include local reputation data describing the attributes of the file and the query further comprises a request for the antimalware support system to perform a reputation analysis of the file in response to the query;
receive, in response to the query, particular reputation data from the antimalware support system, wherein the particular reputation data is generated by the antimalware support system during the reputation analysis based at least in part on the local reputation data;
receive a remediation script from the antimalware support system based on the query;
run the remediation script on the antimalware client to remove the file from the memory of the host device; and
use the antimalware client to dispose of the remediation script following the removal of the file.
11 Assignments
0 Petitions
Accused Products
Abstract
A host-based antimalware client can interface with a server-based antimalware support server. A file is identified at a host device. It is determined whether local reputation data for the file is available at the host device for the file. A query is sent to an antimalware support system relating to the file. Particular reputation data is received from the antimalware support system corresponding to the query. It is determined whether to allow the file to be loaded on the host device based at least in part on the particular reputation data.
-
Citations
17 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
identify, using an antimalware client executed on a host device, a file in memory of the host device; determine, at the antimalware client, attributes of the file relating to reputation of the file; send a query from the host device to an antimalware support system relating to the file, wherein the query is to include local reputation data describing the attributes of the file and the query further comprises a request for the antimalware support system to perform a reputation analysis of the file in response to the query; receive, in response to the query, particular reputation data from the antimalware support system, wherein the particular reputation data is generated by the antimalware support system during the reputation analysis based at least in part on the local reputation data; receive a remediation script from the antimalware support system based on the query; run the remediation script on the antimalware client to remove the file from the memory of the host device; and use the antimalware client to dispose of the remediation script following the removal of the file. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method comprising:
-
identifying, using an antimalware client executed on a host device, a file local to the host device; determining, using the antimalware client, attributes of the file; sending a query from the host device to an antimalware support system relating to the file, wherein the query is to include local reputation data describing the attributes of the file and the query further comprises a request for the antimalware support system to perform a reputation analysis of the file in response to the query; receiving particular reputation data from the antimalware support system, wherein the particular reputation data is generated by the antimalware support system during the reputation analysis based at least in part on the local reputation data; receiving a remediation script from the antimalware support system based on the query; running the remediation script on the antimalware client to remove the file from memory of the host device; and using the antimalware client to dispose of the remediation script following the removal of the file. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A system comprising:
-
at least one processor device; at least one memory element; and an antimalware client local to a host device and adapted when executed by the at least one processor device to; identify a file local to the host device; scan the file to identify characteristics of the file; generate local reputation data at the host device based on the characteristics of the file; send a query to an antimalware support system relating to the file, wherein the query is to include the local reputation data and comprises a request for the antimalware support system to perform a reputation analysis of the file in response to the query; receive, in response to the query, particular reputation data from the antimalware support system, wherein the particular reputation data is generated by the antimalware support system during the reputation analysis based at least in part on the local reputation data; receive a remediation script from the antimalware support system based on the query; run the remediation script on the antimalware client to remove the file from memory of the host device; and use the antimalware client to dispose of the remediation script following the removal of the file. - View Dependent Claims (17)
-
Specification