Rollback feature
First Claim
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a computer, cause the computer to:
- scan, at a computer, to determine that a file on the computer is a malicious file;
send, to a remote server, data identifying the file determined to be malicious;
remove the file from the computer based on determining that the file is a malicious file;
receive signature analysis data from the remote server to indicate that the remote server determines the file to not be malicious;
indicate, based on the signature analysis data from the remote server, that the determination that the file is a malicious file is a false positive; and
restore the file based on the false positive.
9 Assignments
0 Petitions
Accused Products
Abstract
A file stored in a first portion of a computer memory of a computer is determined to be a malicious file. A duplicate of the file is stored in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory. One or more protection processes are performed on the file. The determination that the file is a malicious file is determined to be a false positive and the file is restored, during a boot sequence, to a state prior to the one or more protection processes being performed on the file.
31 Citations
25 Claims
-
1. At least one non-transitory machine accessible storage medium having instructions stored thereon, the instructions when executed on a computer, cause the computer to:
-
scan, at a computer, to determine that a file on the computer is a malicious file; send, to a remote server, data identifying the file determined to be malicious; remove the file from the computer based on determining that the file is a malicious file; receive signature analysis data from the remote server to indicate that the remote server determines the file to not be malicious; indicate, based on the signature analysis data from the remote server, that the determination that the file is a malicious file is a false positive; and restore the file based on the false positive. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A method comprising:
-
scanning, at a computer, to determine that a file on the computer is a malicious file; sending, to a remote server, data identifying the files determined to be malicious; removing the file from the computer based on determining that the file is a malicious file; receiving signature analysis data from the remote server to indicate that the remote server determines the file to not be malicious; indicating, based on the signature analysis data from the remote server, that the determination that the file is a malicious file is a false positive; and restore the file based on the false positive. - View Dependent Claims (21)
-
-
22. A system comprising:
-
at least one processor; computer memory; and rollback logic, comprising code executable by the at least one processor, to; scan to determine that a file on a computer is a malicious file; send, to a remote server, data identifying the file determined to be malicious;
remove the file from the computer based on determining that the file is a malicious file;receive signature analysis data from the remote server to indicate that the remote server determines the file to not be malicious; indicate, based on the signature analysis data from the remote server, that the determination that the file is a malicious file is a false positive; and restore the file based on the false positive. - View Dependent Claims (23, 24, 25)
-
Specification