Offline scan, clean and telemetry using installed antimalware protection components

Assignee

• MICROSOFT TECHNOLOGY LICENSING, LLC · US

Inventors

• Sterling Reasor · Bellevue, US
• Kumi N. Hilwa · Redmond, US
• Eddy S. Hsia · Sammamish, US
• Santanu Chakraborty · Bellevue, US
• Joseph L. Faulhaber · Bozeman, US
• Vishal Kapoor · Iowa City, US
• Michael S. Jarrett · Kirkland, US
• Charles Turner · Redmond, US
• Jeremy D. Croy · Redmond, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/568
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

The subject disclosure relates to antimalware scanning, and more particularly to offline antimalware scanning of a host environment via an alternate, known safe operating system. An offline scanning product obtains data previously written by the host environment online antimalware scanning tool, e.g., configuration data and antimalware signatures in shared data stores accessible to the offline and online products, and uses that data to perform the offline antimalware scan. The offline scanning product writes results information and any quarantined files to other shared data stores, whereby the online environment, when rebooted, has access to the information, such as for review and to upload telemetry information to an online service for analysis. Also described is offline replacement of operating system files that cannot be cleaned or removed when online.