| CPC G06F 21/564 (2013.01) [G06F 9/45558 (2013.01); G06F 11/1469 (2013.01); G06F 21/85 (2013.01); H04L 9/0643 (2013.01); G06F 2009/45575 (2013.01); G06F 2009/45587 (2013.01)] | 12 Claims |
|
1. A method, comprising:
receiving, at a data management system, a plurality of writes made to a virtual machine;
computing, at the data management system, a plurality of fingerprints for the plurality of writes made to the virtual machine;
comparing, at the data management system, the plurality of fingerprints computed for the plurality of writes made to the virtual machine to a plurality of malware fingerprints in a malware catalog; and
taking remedial action based at least in part on multiple matches between the plurality of fingerprints computed for the plurality of writes made to the virtual machine and the plurality of malware fingerprints breaching a threshold quantity of matches at the virtual machine within a threshold duration of time, the breaching of the threshold quantity of matches indicating a malware infection at the virtual machine, wherein taking the remedial action comprises:
detaching one or more corrupted data volumes from the virtual machine; and
attaching, using a snapshot of the virtual machine, one or more uncorrupted data volumes corresponding to the one or more corrupted data volumes from the snapshot to the virtual machine.
|