Method and apparatus for reducing false positive detection of malware

摘要

Method and apparatus for detecting malware are described. In some examples, files of unknown trustworthiness are identified as potential threats on the computer. A trustworthiness level for each of the files is received from a backend. The trustworthiness level of each of the files is compared to a threshold level. Each of the files where the trustworthiness level thereof satisfies the threshold level is designated as a false positive threat. Each of the files where the trustworthiness level thereof does not satisfy the threshold level is designated as a true positive threat.

主权项

1. A method of detecting malware on a computer, comprising:
identifying files of unknown trustworthiness as potential threats on the computer based on at least a white list; receiving a trustworthiness level for each of the files from a backend, wherein the backend is configured to service queries for trustworthiness levels and coordinate updates to the white list, and wherein the trustworthiness level for each of the files is one of a plurality of trustworthiness levels comprising a provider trusted level, a community trusted level, a community presence level, and unknown in order of decreasing trustworthiness; comparing the trustworthiness level of each of the files to a threshold level, wherein the threshold level corresponds to one of the plurality of trustworthiness levels; designating each of the files where the trustworthiness level thereof satisfies the threshold level as a false positive threat; and designating each of the files where the trustworthiness level thereof does not satisfy the threshold level as a true positive threat.