	US 11,722,516 B2
	Using reputation to avoid false malware detections
Andrew J. Thomas, Oxfordshire (GB)
Assigned to Sophos Limited, Abingdon (GB)
Filed by Sophos Limited, Abingdon (GB)
Filed on Apr. 15, 2022, as Appl. No. 17/721,614.
Application 17/721,614 is a continuation of application No. 16/811,397, filed on Mar. 6, 2020, granted, now 11,310,264.
Application 16/811,397 is a continuation of application No. 16/137,218, filed on Sep. 20, 2018, granted, now 10,616,269, issued on Apr. 7, 2020.
Application 16/137,218 is a continuation of application No. 14/263,977, filed on Apr. 28, 2014, granted, now 10,122,753, issued on Nov. 6, 2018.
Prior Publication US 2022/0368698 A1, Nov. 17, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)

CPC H04L 63/145 (2013.01) [H04L 63/0227 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)]

20 Claims

1. A system for threat detection, the system comprising:

a gateway in a computer network of an enterprise, the gateway configured to detect a request for network traffic from an endpoint in the enterprise, the request including a destination address and the request containing a violation of a network policy for the enterprise, the gateway further configured to identify the endpoint that originated the request, and to query the endpoint to determine a first instance of a source of the request on the endpoint; and

a threat management facility for managing the enterprise, the threat management facility coupled in a communicating relationship with the gateway, and the threat management facility configured to locate one or more other endpoints associated with the enterprise that contain a second instance of the source of the request, and to cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.