Techniques for remediating an infected file
First Claim
1. A method for remediating an infected file comprising the steps of:
- maintaining a plurality of file identities within a remediation repository each associated with a file, wherein for each file identity one or more regions of interest of the associated file are selectively identified, the one or more regions of interest for each file collectively representing less than all of the file;
in response to identifying an infected file, selecting a file associated with a file identity from the remediation repository that matches the infected file;
selectively comparing at least one of a plurality of portions of the one or more regions of interest of the matching file with one or more corresponding portions of regions of the infected file; and
based on selectively comparing the portions of the regions, replacing at least one of the plurality of portions of the one or more regions of the infected file with the at least one corresponding portion of the one or more regions of interest of the matching file,wherein portions of the one or more regions of interest that are particularly likely to be infected by a virus are divided into smaller portions than less vulnerable portions prior to the file being identified as infected.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for remediating an infected file are disclosed. In one embodiment, a method may have the steps of maintaining a plurality of file identities within a remediation repository each associated with a file, wherein for each file identity one or more regions of interest of the associated file are selectively identified, the one or more regions of interest for each file collectively representing less than all of the file; in response, selecting a file associated with a file identity from the remediation repository that matches the infected file; selectively comparing the one or more regions of interest of the matching file with one or more corresponding regions of the infected file; and based on comparing the regions, replacing at least one portion of the one or more regions of the infected file with at least one corresponding portion of the one or more regions of interest of the matching file.
-
Citations
18 Claims
-
1. A method for remediating an infected file comprising the steps of:
-
maintaining a plurality of file identities within a remediation repository each associated with a file, wherein for each file identity one or more regions of interest of the associated file are selectively identified, the one or more regions of interest for each file collectively representing less than all of the file; in response to identifying an infected file, selecting a file associated with a file identity from the remediation repository that matches the infected file; selectively comparing at least one of a plurality of portions of the one or more regions of interest of the matching file with one or more corresponding portions of regions of the infected file; and based on selectively comparing the portions of the regions, replacing at least one of the plurality of portions of the one or more regions of the infected file with the at least one corresponding portion of the one or more regions of interest of the matching file, wherein portions of the one or more regions of interest that are particularly likely to be infected by a virus are divided into smaller portions than less vulnerable portions prior to the file being identified as infected. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for remediating an infected file comprising the steps of:
-
maintaining a plurality of file identities within a remediation repository each associated with a file, wherein for each file identity one or more regions of interest of the associated file are selectively identified, the one or more regions of interest for each file collectively representing less than all of the file and wherein each of the one or more regions of interest comprises a plurality of portions of the region of interest; in response to identifying an infected file, searching for a file associated with a file identity from the remediation repository that matches the infected file; selecting a matching file that is not associated with a file identity from the remediation repository; in response to selecting the matching file, creating a file identity and associating the file identity with the matching file; selectively identifying one or more regions of interest of the matching file, the one or more regions of interest collectively representing less than all of the file; selectively comparing a plurality of portions of the one or more regions of interest of the matching file with one or more corresponding portions of the corresponding regions of the infected file; and based on selectively comparing the portions of regions, replacing at least one portion of the plurality of portions of the one or more regions of the infected file with at least one corresponding portion of the one or more regions of interest of the matching file, wherein portions of the one or more regions of interest that are particularly likely to be infected by a virus are divided into smaller portions than less vulnerable portions prior to the file being identified as infected. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A system for remediating an infected file comprising:
one or more hardware processors communicatively coupled to a network;
wherein the one or more processors are configured to;maintain a plurality of file identities within a remediation repository each associated with a file, wherein for each file identity a plurality of portions of one or more regions of interest of the associated file are selectively identified, the one or more regions of interest for each file collectively representing less than all of the file; in response to identifying an infected file, select a file associated with a file identity from the remediation repository that matches the infected file; selectively compare at least one of the plurality of portions of the one or more regions of interest of the matching file with one or more corresponding portions of regions of the infected file; and based on selectively comparing the portions of regions, replace at least one portion of a plurality of portions of the one or more regions of the infected file with at least one corresponding portion of the one or more regions of interest of the matching file, wherein portions of the one or more regions of interest that are particularly likely to be infected by a virus are divided into smaller portions than less vulnerable portions prior to the file being identified as infected.
Specification