| US 7,490,354 B2 | ||
| Virus detection in a network | ||
| Zachary Adam Garbow, Rochester, Minn. (US); Michael David Gordon, Rochester, Minn. (US); Robert Hart Hamlin, Rochester, Minn. (US); William Russell Marshall, Rochester, Minn. (US); Clayton Lee McDaniel, Rochester, Minn. (US); and Emuejevoke Jane-Frances Sanomi-Fleming, Rochester, Minn. (US) | ||
| Assigned to International Business Machines Corporation, Armonk, N.Y. (US) | ||
| Filed on Jun. 10, 2004, as Appl. No. 10/865,252. | ||
| Prior Publication US 2006/0005244 A1, Jan. 05, 2006 | ||
| Int. Cl. G06F 11/00 (2006.01) | ||
| U.S. Cl. 726—24 [726/22; 726/23; 713/189; 713/190; 713/191; 705/51; 705/52; 705/53; 705/54; 717/174; 717/175; 717/176; 717/177; 717/178] | 9 Claims |
| 1. A method comprising:
receiving a plurality of notifications from a plurality of clients in network, wherein each of the plurality of clients detected
that an attribute of a file was changed, and wherein each of the plurality of notifications comprises a name of the file,
a modifying entity, and the attribute of the file, wherein the modifying entity identifies a program that changed the attribute
of the file;
determining a count of a number of times that the notifications that the attribute of the file was changed were received;
selecting a threshold, wherein the selecting the threshold further comprises selecting the threshold that is higher if the
modifying entity is trusted by a system administrator and selecting the threshold that is lower if the modifying entity is
not trusted by the system administrator; and
deciding whether the file includes a suspected virus if the count exceeds the threshold.
|