摘要 |
Determining malware status of a file is disclosed. An apparatus obtains information about an unknown target file, obtains system context of the unknown target file, and determines the unknown target file as clean if the system context matches with one or more predetermined conditions indicative of cleanliness. The predetermined conditions of cleanliness include at least the target file being located in a directory which contains other clean files. |