Fail-fast model for signature validation

1 - 45 . (canceled) 46 . A computer-implemented method of updating a malware signature data structure, comprising: classifying an object under analysis as malicious, and computing an object signature of the object under analysis; and validating the classification, comprising: dividing a clean object signatures data structure into a plurality of sub-units; assigning the sub-units to dedicated data structures; scanning the dedicated data structures, in parallel, with a plurality of scanner instances; and upon at least one scanner instance determining, above a threshold, that the object signature for the object under analysis matches the clean objects signatures data structure, rejecting the object signature for inclusion in the malware signature data structures and terminating the scanner instances. 47 . The computer-implemented method of claim 46 , wherein validating the classification further comprises down sampling the clean object signatures data structure. 48 . The computer-implemented method of claim 47 , wherein down sampling yields a reduced clean object Signature database with at least a 50% reduced size. 49 . The computer-implemented method of claim 47 , wherein down sampling the clean object signatures data structure comprises excluding signatures for samples last encountered past a time threshold. 50 . The computer-implemented method of claim 49 , wherein the time threshold is six months. 51 . The computer-implemented method of claim 47 , wherein down sampling the clean object signatures data structure comprises excluding signatures for samples that have not produced a hit for a number of validation cycles above a threshold. 52 . The computer-implemented method of claim 47 , wherein down sampling the clean object signatures data structure comprises including only samples that have produced a hit within a past number of N cycles, wherein N is a positive integer. 53 . The computer-implemented method of claim 46 , further comprising allocating one dedicated scanner instance per dedicated data structure. 54 . The computer-implemented method of claim 46 , wherein the scanner instances are virtual machines. 55 . The computer-implemented method of claim 46 , wherein the scanner instances are containers. 56 . The computer-implemented method of claim 46 , wherein the dedicated data structures comprise hard drive partitions 57 . The computer-implemented method of claim 46 , wherein the dedicated data structures comprise virtual had drives. 58 . The computer-implemented method of claim 46 , wherein dividing the clean objects signatures data structure comprises dividing by object type or file type. 59 . One or more tangible, nontransitory computer-readable media having stored thereon executable instructions to instruct a processor circuit to: receive, for an object under analysis classified as malicious, a signature for the object under analysis; assign subdivisions of a clean object signatures database to a plurality of dedicated data storage structures for the subdivisions; cause a plurality of scanner instances to scan the dedicated data storage structures in parallel; upon at least one scanner instance determining, above a threshold, that the signature for the object under analysis matches the clean object signatures database, reject the signature of the object under analysis for inclusion in a malware signatures database for endpoint devices, and terminate the scanner instances. 60 . The one or more tangible, nontransitory computer-readable media of claim 59 , wherein the instructions are further to down sample the clean object signatures database. 61 . The one or more tangible, nontransitory computer-readable media of claim 60 , wherein down sampling yields a reduced clean object Signature database with at least a 50% reduced size. 62 . The one or more tangible, nontransitory computer-readable media of claim 59 , wherein the executable instructions are further to allocate one dedicated scanner instance per dedicated data structure. 63 . A computing system, comprising: a hardware platform comprising at least one processor circuit and at least one memory; a guest infrastructure; and instructions encoded within the at least one memory to instruct the at least one processor circuit to: allocate, within the guest infrastructure, a plurality of scanner instances configured to compare object signatures; receive, for an object under analysis classified as malicious, a signature for the object under analysis; assign subdivisions of a clean object signatures database to a plurality of dedicated data storage structures for the subdivisions; cause the plurality of scanner instances to scan the dedicated data storage structures in parallel; and upon at least one scanner instance determining, above a threshold, that the signature for the object under analysis matches the clean object signatures database, reject the signature of the object under analysis for inclusion in a malware signatures database for endpoint devices, and terminate the scanner instances. 64 . The computing system of claim 63 , wherein the guest infrastructure comprises a containerization infrastructure. 65 . The computing system of claim 63 , wherein the guest infrastructure comprises a virtualization infrastructure.