摘要 |
FIELD: cryptography; information technology.SUBSTANCE: invention relates to computer security. Method, in which record in database containing rule for detecting malware; collection of legitimate files is created accounting such criteria, as effect of collection of files on stability of operating system (OS) and stability of applications of collection of files, popularity of files in collection; created collection of legitimate files is checked for detection of malware using rule for detecting malware contained in said record; if legitimate file is determined as malware, determination incident criticality is calculated, reflecting effect of legitimate file, determined as malware, on OS stability and stability of applications; on basis of calculation of determination incident criticality record is excluded, which includes rule for detecting malware, with which legitimate file was defined as malware, from data base for reducing number of determination of legitimate file objects as malware.EFFECT: technical result consists in minimizing number of false responses, when detecting malware.34 cl, 4 dwg, 2 tbl |