Scanning device, cloud management device, method and system for checking and killing malicious programs
First Claim
1. A scanning device for checking and killing a malicious program comprising:
- a first transmission interface to transmit, by a processor, information to a server-side device and receive information transmitted by the server-side device;
an environment information reader to read, by the processor, current system environment information of a client device and transmit the current system environment information to the server-side device via the first transmission interface;
a first scanner to obtain, by the processor, via the first transmission interface a first scanning content indication determined by the server-side device at least based on the system environment information, scan a specified position in the first scanning content indication, and at least transmit feature data of an unknown program file obtained by scanning to the server-side device via the first transmission interface;
a second scanner to obtain, by the processor, via the first transmission interface a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of a contextual environment of the unknown program file, scan according to the second scanning content indication, and transmit via the first transmission interface a scanning result after the scanning according to the second scanning content indication to the server-side device; and
a first fixer to obtain via the first transmission interface a fixing logic determined by the server-side device based on the scanning result provided by the second scanner, and perform a fixing processing for the unknown program file according to the fixing logic.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention discloses a scanning device, a cloud management device, a method and system for checking and killing a malicious program. Therein, a cloud management device for checking and killing a malicious program comprises: a second transmission interface; a first indicator configured to generate a first scanning content indication according to characteristics of a newborn malicious program and system environment information transmitted by a client device; a first matcher configured to obtain via the second transmission interface feature data of the unknown program file transmitted by the client device, and hereby perform matching in known records of feature data of malicious programs; and a second indicator configured to generate a second scanning content indication when the first matcher fails to match to a known record, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of the contextual environment of the unknown program file, and transmit the same to the client device through the second transmission interface.
-
Citations
6 Claims
-
1. A scanning device for checking and killing a malicious program comprising:
-
a first transmission interface to transmit, by a processor, information to a server-side device and receive information transmitted by the server-side device; an environment information reader to read, by the processor, current system environment information of a client device and transmit the current system environment information to the server-side device via the first transmission interface; a first scanner to obtain, by the processor, via the first transmission interface a first scanning content indication determined by the server-side device at least based on the system environment information, scan a specified position in the first scanning content indication, and at least transmit feature data of an unknown program file obtained by scanning to the server-side device via the first transmission interface; a second scanner to obtain, by the processor, via the first transmission interface a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of a contextual environment of the unknown program file, scan according to the second scanning content indication, and transmit via the first transmission interface a scanning result after the scanning according to the second scanning content indication to the server-side device; and a first fixer to obtain via the first transmission interface a fixing logic determined by the server-side device based on the scanning result provided by the second scanner, and perform a fixing processing for the unknown program file according to the fixing logic. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A scanning method for checking and killing a malicious program comprising:
-
reading, by a processor, current system environment information of a client device, and transmitting the current system environment information to a server-side device; obtaining, by the processor, a first scanning content indication determined by the server-side device based on the system environment information, scanning a specified position in the first scanning content indication, and transmitting at least feature data of an unknown program file obtained by scanning to the server-side device; obtaining, by the processor, a second scanning content indication transmitted by the server-side device, the second scanning content indication comprising scanning a specified attribute of the unknown program file and/or a specified attribute of a contextual environment of the unknown program file, and scanning according to the second scanning content indication; and transmitting a scanning result after the scanning according to the second scanning content indication to the server-side device and one of;
(1) obtaining a determined result of whether the unknown program file is a malicious program determined by the server-side device based on the scanning result, and performing a corresponding processing according to the determined result and (2) obtaining a determined logic related to the second scanning content indication notified by the server-side device, determining whether the unknown program file is a malicious program according to the scanning result after the scanning according to the second scanning content indication and the determined logic, and performing a corresponding processing.
-
Specification