US Patent No. 10,462,173

MALWARE DETECTION VERIFICATION AND ENHANCEMENT BY COORDINATING ENDPOINT AND MALWARE DETECTION SYSTEMS


Patent No. 10,462,173
Issue Date October 29, 2019
Title Malware Detection Verification And Enhancement By Coordinating Endpoint And Malware Detection Systems
Inventorship Ashar Aziz, Coral Gables, FL (US)
Osman Abdoul Ismael, Palo Alto, CA (US)
Assignee FireEye, Inc., Milpitas, CA (US)

Claim of US Patent No. 10,462,173

1. A system to determine maliciousness of an object, comprising:a first endpoint, including at least one processor, configured with a first software profile, further configured to detect one or more features exhibited by an object during processing by the first endpoint and determine if the features detected are suspicious;
a malware detection system, including at least one processor, communicatively coupled directly or indirectly to the first endpoint over a network, the malware detection system configured to process a received object in a virtual machine of one or more virtual machines that operate within the malware detection system to detect one or more features in response to the first endpoint determining the features of the object are suspicious, the virtual machine being provisioned with the first software profile;
a security logic engine configured to (i) receive information associated with features detected, during processing of the object, by the first endpoint and by the virtual machine of the malware detection system, (ii) correlate the received information associated with the received features, (iii) generate a first determination of maliciousness of the object, and (iv) in response to the generation of the first determination of maliciousness of the object, issue an alert,
wherein the security logic engine is further configured to direct the malware detection system to process the object within a second virtual machine of the one or more virtual machines that is provisioned with a second software profile, in response to receipt of information associated with features from a second endpoint with the second software profile.