Discovering malicious input files and performing automatic and distributed remediation

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Vishal Kapoor · Iowa City, US
• Jonathan M. Keller · Seattle, US
• Ajith Kuttannair Kumar · Erie, US
• Adrian Marinescu · Sammamish, US
• Marc E. Seinfeld · Kenmore, US
• Anil Thomas · Redmond, US
• Michael S. Jarrett · Kirkland, US
• Joseph Johnson · Seattle, US
• Joseph L. Faulhaber · Bozeman, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/2101
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The subject disclosure is directed towards detecting malware or possible malware in an input file by allowing the input file to be opened, and by monitoring for one or more behaviors corresponding to the open file that likely indicate malware. Only certain executable files and/or file types opened thereby may be monitored, with various collected event data used for antimalware purposes when improper behavior is observed. Example behaviors include writing of a file to storage, generation of network traffic, injection of a process, running of script, and/or writing system registry data. Telemetry data and/or a sample of the file may be sent to an antimalware service, and malware remediation may be performed. Data (e.g., the collected events) may be distributed to other nodes for use in antimalware detection, e.g., to block execution of a similar file.