US2017366560A1PendingUtilityA1

Server-assisted anti-malware client

49
Assignee: MCAFEE INCPriority: Mar 15, 2013Filed: Apr 3, 2017Published: Dec 21, 2017
Est. expiryMar 15, 2033(~6.7 yrs left)· nominal 20-yr term from priority
H04L 67/06H04L 67/34H04L 63/145
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A host-based antimalware client can interface with a server-based antimalware support server. A file is identified at a host device. It is determined whether local reputation data for the file is available at the host device for the file. A query is sent to an antimalware support system relating to the file. Particular reputation data is received from the antimalware support system corresponding to the query. It is determined whether to allow the file to be loaded on the host device based at least in part on the particular reputation data.

Claims

exact text as granted — not AI-modified
1 - 20 . (canceled) 
     
     
         21 . At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
 identify a detected event at a host device;   identify reputation data corresponding to the event maintained by an antimalware support system remote from the host device, wherein the reputation data is based at least in part on data received from a plurality of entities remote from the host device; and   cause the reputation data to be presented with a prompt of a user of the host device to request permission for the event.   
     
     
         22 . The storage medium of  claim 21 , wherein presentation of the reputation data includes a description of characteristics of the file described in the reputation data. 
     
     
         23 . The storage medium of  claim 21 , wherein the instructions when executed on a machine, further cause the machine to collect data describing the response of the user to the prompt, wherein the data describing the response of the user is added to the reputation data corresponding to the event. 
     
     
         24 . The storage medium of  claim 21 , wherein the event is associated with use of a file by the host device, and the reputation data describes characteristics of the file. 
     
     
         25 . The storage medium of  claim 24 , wherein the characteristics of the file include behaviors of the file. 
     
     
         26 . The storage medium of  claim 24 , wherein at least a portion of the characteristics are discovered by an antimalware tool local to the host device. 
     
     
         27 . The storage medium of  claim 24 , wherein at least a portion of the characteristics are discovered by one or more of the plurality of entities. 
     
     
         28 . The storage medium of  claim 21 , wherein the plurality of entities comprise a plurality of other host devices, and antimalware tools local to the plurality of other host devices reported the characteristics of the file to the antimalware support system. 
     
     
         29 . The storage medium of  claim 21 , wherein the reputation data includes a reputation score for the event. 
     
     
         30 . The storage medium of  claim 21 , wherein the reputation data describes a response of at least one other user to another prompt requesting permission of the other user for the event. 
     
     
         31 . The storage medium of  claim 30 , wherein the other prompt corresponds to an instance of the vent at another host device. 
     
     
         32 . The storage medium of  claim 30 , wherein the other user comprises a plurality of other users, and the reputation data describes cumulative responses of the other users to prompts requesting user permission for the event. 
     
     
         33 . The storage medium of  claim 21 , wherein the reputation data is based at least in part on intelligence data received by the antimalware support system from a third party intelligence service. 
     
     
         34 . The storage medium of  claim 21 , wherein identifying reputation data includes receiving the reputation data from the antimalware support in response to a request of the antimalware support system. 
     
     
         35 . The storage medium of  claim 21 , wherein the instructions when executed on a machine, further cause the machine to identify local reputation data at the host device, wherein local reputation data is caused to also be presented with the prompt. 
     
     
         36 . At least one machine accessible storage medium having instructions stored thereon, the instructions when executed on a machine, cause the machine to:
 receive a request from a host device for reputation data corresponding to an event involving a particular file at the host device;   identify particular reputation data for the file, wherein the particular reputation data is based at least in part on data received from a plurality of entities remote from the host device; and   return the particular reputation data in a response to the host device for use by the host device in providing guidance to a user through a prompt of the user corresponding to the event.   
     
     
         37 . The storage medium of  claim 36 , wherein the request includes a hash of the file and other reputation data for the file detected at the host device. 
     
     
         38 . The storage medium of  claim 36 , wherein the particular reputation data comprises data received from a third party intelligence service. 
     
     
         39 . The storage medium of  claim 36 , wherein the instructions when executed on a machine, further cause the machine to generate a reputation score for the file from reputation data available for the file, and the reputation score is included in the response. 
     
     
         40 - 68 . (canceled)

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.