Eliminating False Malware Alerts with Actions-in-Context
Original Publication Date: 2005-Jan-21
Included in the Prior Art Database: 2005-Jan-21
Current antivirus software identifies malware by recognizing code signature of malware executable. An alternative effective approach to identify malware is to track their activity and attach an identification trigger mechansim to this tracking process. This invention identifies a procedure to identify malware based on combination of its current activity and other actions that it has already taken.