Systems and methods for preventing chronic false positives

摘要

A computer-implemented method for preventing chronic false positives may include (1) whitelisting a file based on a challenge notification that challenges a classification of the file as insecure, (2) obtaining attribute information about the file, (3) identifying, by analyzing the attribute information, a primitive that identifies a source of origin for the file, (4) determining, based on an analysis of files that originate from the source of origin, that the source of origin identified by the primitive is trustworthy, and (5) adjusting, based on the determination that the source of origin identified by the primitive is trustworthy, a security policy associated with the primitive to prevent future false positives for other files that originate from the source of origin. Various other methods, systems, and computer-readable media are also disclosed.

主权项

1. A computer-implemented method for preventing chronic false positives, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
whitelisting a file based on a challenge notification that challenges a classification of the file as insecure; obtaining attribute information about the file; identifying, by analyzing the attribute information, a primitive that identifies a source of origin for the file; determining, based on an analysis of files that originate from the source of origin, that the source of origin identified by the primitive is trustworthy; adjusting, based on the determination that the source of origin identified by the primitive is trustworthy, a security policy associated with the primitive to prevent future false positives for other files that originate from the source of origin.