Method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer

摘要

A method and apparatus for performing a reputation based analysis on a malicious infection to secure a computer. In one embodiment, the method includes monitoring application activity occurring at computers, generating reputation information associated with the application activity, in response to a malicious infection to at least one of the computers, examining the reputation information to access unreputed portions of the application activity that occurred at the at least one of the computers and determining a malicious signature based on the unreputed portions of the application activity.

主权项

1. A method for performing a reputation based analysis on a malicious infection to secure a computer, comprising:
monitoring, using at least one processor, application activity occurring at computers; generating, using at least one processor, reputation information associated with the application activity; in response to a malicious infection to at least one of the computers, examining, using at least one processor, the reputation information from memory to access unreputed portions of the application activity that occurred at the at least one of the computers; and determining, using at least one processor, a malicious signature based on the unreputed portions of the application activity by at least transforming the application activity and the reputation information into the malicious signature, wherein the malicious signature comprises information for identifying malware or malware variants and a grouping of side effects associated with the identified malware or malware variants.