| 发明名称 |
Identification of telemetry data |
| 摘要 |
Methods, systems, and computer-readable media are disclosed for identifying telemetry data. A particular method scans a file and compares the file to at least one attribute to be used for telemetry collection. When the file is identified as a telemetry candidate, an offer to submit a sample of the file is sent to a server. A response to the offer is received from the server. If the response to the offer indicates an acceptance, a sample of the file is sent to the server. |
| 申请公布号 |
US9208315(B2) |
申请公布日期 |
2015.12.08 |
| 申请号 |
US200912405252 |
申请日期 |
2009.03.17 |
| 申请人 |
Microsoft Corporation |
发明人 |
Hussain Ahmed S.;Kumar Ajith;Sandu Catalin D.;Loh Alvin;Reasor Sterling M.;Chakraborty Santanu;Faulhaber Joseph L. |
| 分类号 |
G06F11/00;G06F21/56 |
主分类号 |
G06F11/00 |
| 代理机构 |
|
代理人 |
Tabor Ben;Swain Sandy;Minhas Micky |
| 主权项 |
1. A method comprising:
scanning a file by an anti-malware engine, the anti-malware engine receiving telemetry data from a server, the telemetry data including at least one attribute, and comparing the file to the at least one attribute; identifying the file as a telemetry candidate, the telemetry candidate identified by a malware detection engine at a client device, the malware detection engine configured to detect known malware and other potentially dangerous software, wherein the file is identified as the telemetry candidate in response to identifying a match between the file and the at least one attribute; communicating an offer to send a sample of the file to the server; receiving a response to the offer from the server; and after receiving the response:
sending the sample of the file to the server conditioned on the response indicating an acceptance of the offer to send the sample; andrefraining from sending the sample of the file to the server conditioned on the response indicating a refusal of the offer to send the sample. |
| 地址 |
Redmond WA US |
