Rollback feature
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
- receive, at a server, data corresponding to a file determined by a malware protection program to be malicious;
compare malware definitions used by the malware protection program with malware definitions used by one or more other malware protection programs known to incorrectly identify files as malicious;
perform signature analysis on the file to determine whether the file was incorrectly determined to be malicious; and
forward to the malware protection program data indicating a false positive detection based on the signature analysis and comparison of the malware definitions used by the malware protection program with malware definitions used by the other malware protection programs.
9 Assignments
0 Petitions
Accused Products
Abstract
A file stored in a first portion of a computer memory of a computer is determined to be a malicious file. A duplicate of the file is stored in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory. One or more protection processes are performed on the file. The determination that the file is a malicious file is determined to be a false positive and the file is restored, during a boot sequence, to a state prior to the one or more protection processes being performed on the file.
-
Citations
22 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
-
receive, at a server, data corresponding to a file determined by a malware protection program to be malicious; compare malware definitions used by the malware protection program with malware definitions used by one or more other malware protection programs known to incorrectly identify files as malicious; perform signature analysis on the file to determine whether the file was incorrectly determined to be malicious; and forward to the malware protection program data indicating a false positive detection based on the signature analysis and comparison of the malware definitions used by the malware protection program with malware definitions used by the other malware protection programs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method comprising:
-
receiving, at a server, data corresponding to a file determined by a malware protection program to be malicious; comparing malware definitions used by the malware protection program with malware definitions used by one or more other malware protection programs known to incorrectly identify files as malicious; performing signature analysis on the file to determine whether the file was incorrectly determined to be malicious; and forwarding to the malware protection program data indicating a false positive detection based on the signature analysis and comparison of the malware definitions used by the malware protection program with malware definitions used by the other malware protection programs. - View Dependent Claims (19, 20)
-
-
21. A system comprising:
-
at least one processor; computer memory; and a security server to; receive, at a server, data corresponding to a file determined by a malware protection program to be malicious; compare malware definitions used by the malware protection program with malware definitions used by one or more other malware protection programs known to incorrectly identify files as malicious; perform signature analysis on the file to determine whether the file was incorrectly determined to be malicious; and forward to the malware protection program data indicating a false positive detection based on the signature analysis and comparison of the malware definitions used by the malware protection program with malware definitions used by the other malware protection programs. - View Dependent Claims (22)
-
Specification