This patent application is assigned to
The following quote was obtained by the news editors from the background information supplied by the inventors: "This application relates to malware protection programs.
"Because malware programs are becoming increasingly sophisticated and aggressive, malware protection programs are forced to become more aggressive in their identification and handling of malicious files. Thus, malware protection programs are continuously generating new methods of identifying and remediating malicious files. Some of the more recent methods include behavioral detection, automatic signature creation, heuristic detections, and black listing packets. These detection methods and other commonly used methods are used to anticipate new, undetected malware that exhibit characteristics associated with known malware.
"As malware protection programs become more aggressive in their methods of detection, there is an increasing risk of false positive identifications. A false positive identification occurs when a file is incorrectly identified as a malicious file. A problem with false positive identifications is that malware programs unknowingly remediate files that were false identified in the same manner as known malware, including the quarantining or deleting of the malicious file. These remediation techniques can have significant impacts on users and businesses. In some instances, the impact of removing or disabling a file that was falsely identified renders critical software inoperable."
In addition to the background information obtained for this patent application, VerticalNews journalists also obtained the inventors' summary information for this patent application: "In general, one innovative aspect of the subject matter described in this specification can be embodied in methods that include the actions of determining, by a malware protection program executing on a computer, that a file stored in first portion of a computer memory of the computer is a malicious file; storing a duplicate of the file in a quarantine area in the computer memory, the quarantine area being in a second portion of the computer memory that is different from the first portion of the computer memory; performing, by the malware protection program, one or more protection processes on the file; determining whether the determination that the file is a malicious file is a false positive determination; in response to determining that the determination that the file is a malicious file is a false positive determination: restoring the file by a pre-boot rollback process executing on the computer during a boot sequence to a state prior to the one or more protection processes performed on the file; and booting the computer with the restored file; and in response to determining that the determination that the file is a malicious file is not a false positive determination, not restoring the file to a state prior to the one or more protection processes performed on the file. Other embodiments of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.
"Another innovative aspect of the subject matter described in this specification can be embodied in methods that include the actions of storing a duplicate file in a quarantine area, the duplicate file being a copy of a candidate malicious file that was repaired by a malware protection program, wherein the candidate malicious file consists of one or more files that were identified by the malware protection program as containing malicious content; performing, by the malware protection program, a protection process on the candidate malicious file, wherein the protection process results in modification of at least some portion of the candidate malicious file from a first portion of the computer memory; receiving a false positive data, wherein the false positive data is used to determine whether to restore the candidate malicious file; and in response to determining to restore the candidate malicious file, restoring, through a pre-boot scan during a boot sequence, the candidate malicious file to the first portion of the computer memory by replacing the candidate malicious file with the duplicate file from the quarantine area. Other embodiments of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.
"The details of one or more embodiments of the invention are set forth in the accompanying drawings and the description below. Other features, aspects, and advantages of the invention will become apparent from the description, the drawings, and the claims.
BRIEF DESCRIPTION OF THE DRAWINGS
"FIG. 1 is a diagram of an example malware protection program that includes a rollback feature.
"FIG. 2 is a diagram of an example false positive processor.
"FIG. 3 is a flow diagram of an example false positive restoration process.
"FIG. 4 is a flow diagram of an example rollback process.
"Like reference numbers and designations in the various drawings indicate like elements."
URL and more information on this patent application, see: Singh,
Keywords for this news article include:
Our reports deliver fact-based news of research and discoveries from around the world. Copyright 2014, NewsRx LLC
Most Popular Stories
- Apple, HP, Intel May Take a Hit from Slowdown in Smartphone Sales Growth
- FDIC Files Lawsuit on Behalf of Banks Allegedly Hurt by Libor Scandal
- Some California Cities Seeking Water Independence
- Motley Crue's Nikki Sixx Marries Model Courtney Bingham
- Chinese e-Commerce Giant Alibaba Gears for IPO in U.S.
- Will Missing Malaysian Jet Prompt Aviation System Change?
- Jack Daniel's Resists Changes to Tenn. Whiskey Law