Information security – Monitoring or scanning of software or data including attack... – Intrusion detection
Reexamination Certificate
2001-12-28
2008-08-19
La Forgia, Christian (Department: 2131)
Information security
Monitoring or scanning of software or data including attack...
Intrusion detection
C713S188000, C707S793000
Reexamination Certificate
active
07415726
ABSTRACT:
The present invention provides a computer program product, method and data processing apparatus for reviewing files for potential malware. The computer program product comprises logging code operable to maintain a statistical log having an entry for each file sent for review, each entry being arranged to store a count value indicating the number of times that the file has been sent for review and a value of one or more predetermined attributes relating to the file. Weighting table code is also used to maintain a weighting table identifying, for each value of said one or more predetermined attributes, a weighting indicating the likelihood that a file having that value of the one or more predetermined attributes will be malware. The computer program product further comprises statistical log interface code operable, upon receipt of a file, to determine with reference to the statistical log the count value relating to that file, and action determination code operable, if the count value determined by the statistical log interface code exceeds a predetermined threshold, to reference the weighting table to determine the weighting to be associated with the file, based on the value of said one or more predetermined attributes associated with that file in the statistical log. Finally, action performing code is provided to perform predetermined actions in relation to the file depending on the weighting determined by the action determination code. It has been found that this technique is useful in identifying files that may potentially contain malware.
REFERENCES:
patent: 5440723 (1995-08-01), Arnold et al.
patent: 5452442 (1995-09-01), Kephart
patent: 6272641 (2001-08-01), Ji
patent: 6401210 (2002-06-01), Templeton
patent: 6609196 (2003-08-01), Dickinson et al.
patent: 6711583 (2004-03-01), Chess et al.
patent: 6886099 (2005-04-01), Smithson et al.
patent: WO 99/12307 (1999-03-01), None
patent: WO 00/70463 (2000-11-01), None
Gudgion Kevin Andrew
Kelly Nicholas Paul
Lawson Tarbotton Lee Codel
Forgia Christian La
Hamaty Christopher J.
McAfee, Inc.
Zilka-Kotab, PC
LandOfFree
Controlling access to suspicious files does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Controlling access to suspicious files, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Controlling access to suspicious files will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3995754