What technology area does this patent fall under?

Primary CPC classification G06F21/565. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Systems and methods for anti-malware scanning using automatically-created white lists

US11609992B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11609992-B2
Application number	US-202016830416-A
Country	US
Kind code	B2
Filing date	Mar 26, 2020
Priority date	Mar 29, 2019
Publication date	Mar 21, 2023
Grant date	Mar 21, 2023

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the obtained object, determining whether the obtained object is whitelisted, and scanning the obtained object based on whether the obtained object is whitelisted, wherein the whitelist is created based on scanning of objects stored in archives of the organization, and the obtained object is determined as being whitelisted when the computed hash value of the obtained object matches a hash value of an object in a whitelist created for the organization.

First claim

Opening claim text (preview).

The invention claimed is: 1. A method for anti-malware scanning, the method comprising: identifying a plurality of objects in a backup archive that is connected to a first network comprising a plurality of computing devices; scanning the plurality of objects in the backup archive to generate a whitelist, wherein the whitelist identifies (1) a subset of the plurality of objects that do not need to be scanned at a subsequent time and (2) respective hash values of objects in the subset; initiating, using the whitelist, a first malware scan in a computing device of the plurality of computing devices; wherein the first malware scan comprises for each object of the computing device, computing a hash value of the object, determining whether the object is in the whitelist by comparing the hash value of the object with the respective hash values of the objects identified in the whitelist, and in response to determining that the object is in the whitelist, not scanning the object in the first malware scan; detecting that the computing device has left the first network to join a second network of a different organization; and initiating a second malware scan on the computing device, wherein the second malware scan uses a different whitelist of the different organization. 2. The method of claim 1 , further comprising in response to determining that the object is not in the whitelist, scanning the object in the malware scan. 3. The method of claim 1 , further comprising providing a result of the malware scan to a provider of a protection service. 4. The method of claim 1 , wherein scanning the plurality of objects in the backup archive to generate the whitelist further comprises: for each respective object of the plurality of objects, scanning the respective object, obtaining metadata associated with the respective object, and storing the obtained metadata in a database. 5. The method of claim 4 , wherein the metadata associated with a respective object of the plurality of objects of the organization includes at least a parameter for storing a respective hash value of the respective object. 6. The method of claim 5 , wherein the metadata associated with the respective object of the plurality of objects of the organization further includes parameters for storing one or more of: a name of the respective object, a size of the respective object, a digital signature of the respective object, a number of the plurality of computing devices where the respective object is used, a number of the plurality of computing devices where the respective object is installed, a time at which the respective object first appears in the organization, flags for anti-malware scanning when the respective object was previously scanned by an anti-malware scanner. 7. The method of claim 1 , wherein a first object, which (1) was not scanned in the first malware scan and (2) is in the whitelist, is scanned in the second malware scan in response to determining that the first object is not in the different whitelist. 8. The method of claim 1 , wherein a first object, which (1) was scanned in the first malware scan and (2) is not in the whitelist, is not scanned in the second malware scan in response to determining that the first object is in the different whitelist. 9. A system for anti-malware scanning, the system comprising: at least one hardware processor of a server configured to: identify a plurality of objects in a backup archive that is connected to a first network comprising a plurality of computing devices; scan the plurality of objects in the backup archive to generate a whitelist, wherein the whitelist identifies (1) a subset of the plurality of objects that do not need to be scanned at a subsequent time and (2) respective hash values of objects in the subset; initiate, using the whitelist, a first malware scan in a computing device of the plurality of computing devices; wherein the first malware scan comprises for each object of the computing device, computing a hash value of the object, determining whether the object is in the whitelist by comparing the hash value of the object with the respective hash values of the objects identified in the whitelist, and in response to determining that the object is in the whitelist, not scan the object in the first malware scan; detect that the computing device has left the first network to join a second network of a different organization; and initiate a second malware scan on the computing device, wherein the second malware scan uses a different whitelist of the different organization. 10. The system of claim 9 , wherein the at least one hardware processor is further configured to in response to determining that the object is not in the whitelist, scan the object in the malware scan. 11. The system of claim 9 , wherein the at least one hardware processor is further configured to provide a result of the malware scan to a provider of a protection service. 12. The system of claim 9 , wherein the at least one hardware processor is further configured to scan the plurality of objects in the backup archive to generate the whitelist by for each respective object of the plurality of objects, scanning the respective object, obtaining metadata associated with the respective object, and storing the obtained metadata in a database. 13. The system of claim 12 , wherein the metadata associated with a respective object of the plurality of objects of the organization includes at least a parameter for storing a respective hash value of the respective object. 14. The system of claim 13 , wherein the metadata associated with the respective object of the plurality of objects of the organization further includes parameters for storing one or more of: a name of the respective object, a size of the respective object, a digital signature of the respective object, a number of the plurality of computing devices where the respective object is used, a number of the plurality of computing devices where the respective object is installed, a time at which the respective object first appears in the organization, flags for anti-malware scanning when the respective object was previously scanned by an anti-malware scanner. 15. The system of claim 9 , wherein a first object, which (1) was not scanned in the first malware scan and (2) is in the whitelist, is scanned in the second malware scan in response to determining that the first object is not in the different whitelist. 16. The system of claim 9 , wherein a first object, which (1) was scanned in the first malware scan and (2) is not in the whitelist, is not scanned in the second malware scan in response to determining that the first object is in the different whitelist. 17. A non-transitory computer readable medium storing thereon computer executable instructions for anti-malware scanning, comprising instructions for: identifying a plurality of objects in a backup archive that is connected to a first network comprising a plurality of computing devices; scanning the plurality of objects in the backup archive to generate a whitelist, wherein the whitelist identifies (1) a subset of the plurality of objects that do not need to be scanned at a subsequent time and (2) respective hash values of objects in the subset; initiating, using the whitelist, a first malware scan in a computing device of the plurality of computing devices; wherein the first malware scan comprises for each object of the computing device, computing a hash value of the object, determining whether the object is in the whitelist by comparing the hash value of the ob

Assignees

Acronis Int Gmbh

Inventors

Classifications

G06F21/561
Virus type analysis · CPC title
G06F21/568
eliminating virus, restoring damaged files · CPC title
G06F21/562
Static detection · CPC title
G06F21/565Primary
by checking file integrity · CPC title
G06F21/566Primary
Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities · CPC title

Patent family

Related publications grouped by family.

View patent family 72606245

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11609992B2 cover?: Disclosed herein are systems and method for scanning objects of a computing device, by an anti-malware, using a white list created for an organization based on data of the organization. In one aspect, an exemplary method comprises obtaining one or more objects of the organization from the computing device, and for each obtained object of the one or more objects, computing a hash value of the ob…
Who is the assignee on this patent?: Acronis Int Gmbh
What technology area does this patent fall under?: Primary CPC classification G06F21/565. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 21 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).