Generating analytical data from detection events of malicious objects

Assignee

• Malwarebytes Inc. · US

Inventors

• Mark William Patton · Santa Clara, US
• Darren Kazuo Chinen · Fremont, US
• Braydon Michael Davis · Danville, US
• Ragesh Damodaran · Santa Clara, US
• Manikandan Vellore Muneeswaran · Santa Clara, US
• Vijay Arumugam Velayutham · San Jose, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/107
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A security server tracks malicious objects detected by malware detection applications that scan for malicious objects on clients. The security server also receives client information from the clients indicating client states. The client state describes one or more protection applications executing on the client that seek to identify and prevent malicious objects from taking malicious actions based on real-time monitoring. Thus, the security server may identify when the protection application fails to detect a malicious object. In addition, the security server maps detection events of malicious objects with corresponding client states to generate aggregate detection information for a population of clients. Analytical data can be derived from the aggregate detection information to identify trends useful for evaluating different types of protection applications. Furthermore, the security server may initiate automated actions based on the identified trends to improve detection and remediation of the malicious objects on the clients.