US 12,074,904 B2
Using reputation to avoid false malware detections
Andrew J. Thomas, Oxfordshire (GB)
Assigned to Sophos Limited
Filed by Sophos Limited, Abingdon (GB)
Filed on Jun. 28, 2023, as Appl. No. 18/342,867.
Application 18/342,867 is a continuation of application No. 17/721,614, filed on Apr. 15, 2022, granted, now 11,722,516.
Application 17/721,614 is a continuation of application No. 16/811,397, filed on Mar. 6, 2020, granted, now 11,310,264, issued on Apr. 19, 2022.
Application 16/811,397 is a continuation of application No. 16/137,218, filed on Sep. 20, 2018, granted, now 10,616,269, issued on Apr. 7, 2020.
Application 16/137,218 is a continuation of application No. 14/263,977, filed on Apr. 28, 2014, granted, now 10,122,753, issued on Nov. 6, 2018.
Prior Publication US 2023/0403297 A1, Dec. 14, 2023
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01)
CPC H04L 63/145 (2013.01) [H04L 63/0227 (2013.01); H04L 63/1416 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A system for threat detection, the system comprising:
a malware detection engine executing on an endpoint in an enterprise network, the malware detection engine configured to detect a security violation including an instance of an advanced persistent threat on the endpoint; and
a threat management facility for managing the enterprise network, the threat management facility coupled in a communicating relationship with the endpoint and configured to:
receive a report of the security violation from the malware detection engine,
identify the endpoint associated with the malware detection engine that reports the security violation,
query the endpoint to determine a first instance of a source of the security violation on the endpoint,
identify one or more other endpoints associated with the enterprise network that contain a second instance of the source of the security violation, and
cause the one or more other endpoints to remediate the second instance of the source on the one or more other endpoints.