| 发明名称 | Detecting malware through package behavior | ||
| 摘要 | A file on a computer system is evaluated against trust criteria to determine whether the file is compatible with the trust criteria. Responsive to the file being incompatible with the trust criteria, the file is assigned to a package. Files assigned to the package are tracked to determine whether the files collectively perform malicious behavior. The package is convicted as malware responsive to the files in the package collectively performing malicious behavior. | ||
| 申请公布号 | US9361460(B1) | 申请公布日期 | 2016.06.07 |
| 申请号 | US201313948026 | 申请日期 | 2013.07.22 |
| 申请人 | Symantec Corporation | 发明人 | Satish Sourabh |
| 分类号 | G06F21/00;G06F21/56 | 主分类号 | G06F21/00 |
| 代理机构 | Fenwick & West LLP | 代理人 | Fenwick & West LLP |
| 主权项 | 1. A method for detecting malware on a computer system, comprising: evaluating a first file on a computer system against trust criteria to determine whether the first file is compatible with the trust criteria; responsive to the first file being incompatible with the trust criteria, assigning the first file to a package of one or more files; monitoring the first file assigned to the package to determine whether the first file touches additional files on the computer system; assigning a second file on the computer system to the package responsive to the second file being touched by the first file and the second file being incompatible with the trust criteria; tracking collective behavior of the files assigned to the package; comparing the collective behavior tracked for the files assigned to the package to conditions of a malware heuristic; and determining whether to convict the package as malware based on the comparison. | ||
| 地址 | Mountain View CA US | ||