Patent · US Active

Detecting malicious software through file group behavior

US7594272B1 · kind B1 · utility

35Cited by

1References

21Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Mark Kennedy · Redondo Beach, US
David Kane · Los Angeles, US

Key dates

Filing date	Oct 5, 2004
Grant date	Sep 22, 2009
Priority date	—
Expiry date	Nov 11, 2026

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/566
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A malicious software detection module (MSDM) detects worms and other malicious software. The MSDM executes on a computer system connected to a network. The MSDM monitors a storage device of the computer system for the arrival of software from a suspicious portal. The MSDM designates such software as suspicious. The MSDM tracks the set of files that are associated with the suspicious software. If the files in the set individually or collectively engage in suspicious behavior, the MSDM declares the suspicious software malicious and prevents file replication and/or other malicious behavior.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.