Efficient usage of sandbox environments for malicious and benign documents with macros
US12067117B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Feb 9, 2022 |
| Grant date | Aug 20, 2024 |
| Priority date | — |
| Expiry date | Nov 5, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/034
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
According to examples, an apparatus may include a processor and a memory on which is stored machine-readable instructions that may cause the processor to determine a code fingerprint of a document containing a macro, in which the code fingerprint corresponds to a functionality of the macro. The processor may also determine whether the code fingerprint of the document matches a cluster code fingerprint associated with a cluster of documents. Based on a determination that the code fingerprint matches the cluster code fingerprint associated with the cluster of documents, the processor may determine whether the cluster of documents has been identified as being malicious or benign. In addition, based on a determination that the cluster of documents has been identified as being malicious or benign, the processor may handle the document as being malicious or benign while preventing the document from being sent to a sandbox environment for detonation of the document.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.