SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR CONTEXT-DRIVEN BEHAVIORAL HEURISTICS
First Claim
Patent Images
1. A method, comprising:
- receiving a request to open a file in a computer;
scanning the file;
determining whether unwanted data is present in the file by;
comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and
evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer.
9 Assignments
0 Petitions
Accused Products
Abstract
A system, method and computer program product are provided for detecting unwanted data. A scan for unwanted data is performed to generate results of the scan. A context of the scan is then identified. Further, the presence of unwanted data is conditionally indicated based on both the results of the scan and the context of the scan.
112 Citations
19 Claims
-
1. A method, comprising:
-
receiving a request to open a file in a computer; scanning the file; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
a server computer coupled to an end user computer over a network connection, the server computer providing software to the end user computer such that the end user computer is configured for; scanning a file received by the end user computer; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the end user computer. - View Dependent Claims (11, 12, 13, 14)
-
-
15. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
receiving a request to open a file in a computer; scanning the file; determining whether unwanted data is present in the file by; comparing data in the file with a plurality of signatures representative of certain types of unwanted data; and evaluating a context associated with the scanning activities, wherein a context ID is established for the context and associated with the file, the context ID being related to attempts by the file to initiate activities in the computer. - View Dependent Claims (16, 17, 18, 19)
-
Specification