Threat emergence date scan optimization to avoid unnecessary loading of scan engines

摘要

Threat emergence dates as well as file modification and scanning history are tracked to determine which files need to be scanned for possible infection by various attacking agents. Information concerning which scan engines are used to scan for the presence of different attacking agents is also tracked. Where given files only need to be scanned for a subset of all possible threats and the relevant scanning code resides in only a subset of all the scan engines, only the required scan engines are initialized, loaded or called in order to scan those files.

主权项

1. A computer implemented method for optimizing malicious code scanning for updated definitions, the method comprising the steps of:
determining, by a computer, a set of at least one threat of a computer system for which at least one file is to be scanned; determining, by the computer, which of a plurality of scan engines are required to scan the at least one file using definitions for the first set of at least one threat; utilizing, by the computer, only first required scan engines to scan the at least one file for the set of at least one threat; receiving, by the computer, at least one malicious code update comprising definitions of a second set of at least one threats that differs from definitions of the first set of at least one threats; responsive receiving to the updated definitions, loading a second set of scan engines corresponding to the updated definitions for the second set of threats, the second set of scan engines corresponding to the updated definitions and differing from the first set of scan engines corresponding to definitions of the first set of at least one threats; and utilizing, by the computer, only the second required scan engines to rescan the at least one file for the second set of at least one threat.