Patent · US Active

Intelligent event collection for rolling back an endpoint state in response to malware

US10970396B2 · kind B2 · utility

3Cited by

6References

20Claims

0Family size

Assignee

Malwarebytes Inc. · US

Inventors

Arif Gezalov · Westminster, US
Pedro Bustamante Lopez-Chicheri · Mountain View, US
Douglas Stuart Swanson · Holmfirth, GB

Key dates

Filing date	Jun 20, 2018
Grant date	Apr 6, 2021
Priority date	—
Expiry date	Apr 27, 2039

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

An anti-malware application detects and remediates malware. The anti-malware application detects an event associated with a process and determines if the event matches an entry in an exclusions list. If the event is absent from the exclusions list, the anti-malware application monitors the operation of the process, logs the event data in an event log, and sends the event to a server to determine whether the process corresponds to malware. The anti-malware application updates the exclusions list based on the logged event if the process does not correspond to malware. The anti-malware application restores a file edited by the process to the saved copy of the original file prior to the file being edited by the process if the process corresponds to malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.