	US 11,755,726 B2
	Utilizing machine learning for smart quarantining of potentially malicious files
Changsha Ma, Campbell, CA (US); Rex Shang, Los Altos, CA (US); Douglas A. Koch, Santa Clara, CA (US); Dianhuan Lin, Sunnyvale, CA (US); Howie Xu, Palo Alto, CA (US); Bharath Kumar, Bengaluru (IN); Shashank Gupta, San Jose, CA (US); Parnit Sainion, San Jose, CA (US); Narinder Paul, Sunnyvale, CA (US); and Deepen Desai, San Ramon, CA (US)
Assigned to Zscaler, Inc., San Jose, CA (US)
Filed by Zscaler, Inc., San Jose, CA (US)
Filed on Jun. 16, 2020, as Appl. No. 16/902,759.
Application 16/902,759 is a continuation in part of application No. 16/377,129, filed on Apr. 5, 2019.
Prior Publication US 2020/0320192 A1, Oct. 8, 2020
Int. Cl. G06F 21/00 (2013.01); G06F 21/55 (2013.01); G06N 20/00 (2019.01); G06F 21/53 (2013.01); G06N 5/04 (2023.01)

CPC G06F 21/554 (2013.01) [G06F 21/53 (2013.01); G06N 5/04 (2013.01); G06N 20/00 (2019.01); G06F 2221/033 (2013.01)]

20 Claims

1. A non-transitory computer-readable storage medium having computer-readable code stored thereon for programming one or more processors to perform steps of:

obtaining a file associated with a user for processing;

utilizing a combination of policy for the user and processing of the file with machine learning to determine whether to

i) quarantine the file and scan the file in a sandbox,

ii) allow the file to the user and scan the file in the sandbox, and

iii) allow the file to the user without the scan;

responsive to the allow the file, sending the file to the user independent of the sandbox;

responsive to the quarantine of the file and the sandbox determining the file is malicious, blocking the file; and

responsive to the quarantine of the file and the sandbox determining the file is benign, allowing the file.