Determining malware prevention based on retrospective content scan
First Claim
1. A method for retrospectively analyzing original input content to detect malicious content in a computer system having a processor, the original input content having been previously processed to create modified input content and prevented from being received by an intended recipient, the method comprising:
- accessing, by the processor, the original input content or a characteristic associated with the original input content;
analyzing, by the processor, the original input content or the characteristic associated with the original input content based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was created; and
when it is determined that the original input content includes suspected malicious content, analyzing, by the processor, the modified input content to determine whether the modified input content includes the suspected malicious content.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments include a method for retroactively analyzing original input content to detect malicious content in a computer system, in which the original input content has been previously processed to generate modified input content and prevented from being received by an intended recipient. The method includes accessing the original input content or a characteristic associated with the original input content, and analyzing it based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was generated. When it is determined that the original input content includes suspected malicious content, the method includes analyzing the modified input content to determine whether the modified input content includes the suspected malicious content.
-
Citations
22 Claims
-
1. A method for retrospectively analyzing original input content to detect malicious content in a computer system having a processor, the original input content having been previously processed to create modified input content and prevented from being received by an intended recipient, the method comprising:
-
accessing, by the processor, the original input content or a characteristic associated with the original input content; analyzing, by the processor, the original input content or the characteristic associated with the original input content based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was created; and when it is determined that the original input content includes suspected malicious content, analyzing, by the processor, the modified input content to determine whether the modified input content includes the suspected malicious content. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method for retrospectively analyzing original input content to detect malicious content in a computer system having a processor, the original input content having been previously processed to generate modified input content and prevented from being received by an intended recipient, the method comprising:
-
accessing, by the processor, the original input content or a characteristic associated with the original input content; analyzing, by the processor, the original input content or the characteristic associated with the original input content based on a malware detection algorithm to determine whether the original input content includes or is associated with suspected malicious content, wherein the malware detection algorithm includes at least one update of a blacklist item, signature, or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was generated; and when it is determined that the original input content includes or is associated with suspected malicious content, generating a report indicating that suspected malicious content was modified in the previously processed original input content. - View Dependent Claims (20, 21, 22)
-
Specification