Detecting and remediating malware dropped by files
US9178906B1 · kind B1 · utility
Assignee
Inventors
Key dates
| Filing date | Jul 11, 2014 |
| Grant date | Nov 3, 2015 |
| Priority date | — |
| Expiry date | Jul 11, 2034 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/145
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A security module detects and remediates malware from suspicious hosts. A file arrives at an endpoint from a host. The security module detects the arrival of the file and determines the host from which the file arrived. The security module also determines whether the host is suspicious. If the host is suspicious, the security module observes the operation of the file and identifies a set of files dropped by the received file. The security module monitors the files in the set using heuristics to detect whether any of the files engage in malicious behavior. If a file engages in malicious behavior, the security module responds to the malware detection by remediating the malware, which may include removing system changes caused by the set.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.