Patent · US Active

Method and apparatus for automatically excluding false positives from detection as malware

US8925088B1 · kind B1 · utility

4Cited by

0References

19Claims

0Family size

Assignee

Symantec Corporation · US

Inventors

Jeffrey Wilhelm · Los Angeles, US
Abubakar Wawda · Cupertino, US

Key dates

Filing date	Aug 3, 2009
Grant date	Dec 30, 2014
Priority date	—
Expiry date	Nov 3, 2032

Classification

Technology area (CPC G)Physics
CPC primaryG06F21/552
WIPO fieldComputer technology
WIPO sectorElectrical engineering

Abstract

A method and apparatus for automatically excluding false positives from detection as malware is described. In one embodiments, a method for using one or more processors to provide false positive reduction for heuristic-based malware detection of a plurality of files in memory includes accessing global first appearance information associated with a plurality of files, accessing global malware information comprising heuristics and an emergence date associated with each malware group of a plurality of malware groups, comparing the global malware information with the global first appearance information to identify at least one false positive amongst the plurality of files and preventing detection of the at least one false positive as malware.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.