&#xfeff;<html>
  <head>
    <META http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="html_style_eog.css"/>
<script type="text/javascript">
          function printpage()
          {
          window.print()
          }
        </script>
<script type="text/javascript" src="https://components.uspto.gov/js/ais/40-patentsgazette.js"></script></head>
  <body bgcolor='#FFFFFF' onload='javascript: if ((navigator.appName.indexOf("Netscape")!=-1) && parent.leftFrame!=null) parent.leftFrame.location.reload();'>
    <basefont face="Times New Roman, Times New Roman, Times New Roman " size="2">
      <div style="margin-left: +10pt">
        <table width="90%" border="0" rules="none" align="center">
          <tr align="center">
            <td width="20%" colspan="1" rowspan="2" align="left" valign="top"><a href="https://ppubs.uspto.gov/pubwebapp/external.html?q=12455885.pn.&amp;db=USPAT" target="popup"><input type="button" class="button" value="   Full Text   "></a></td>
            <td class="table_data"><b>US 12,455,885 B2</b></td>
            <td width="20%" colspan="1" rowspan="2" align="right" valign="top">
              <form><input type="button" value="Print this page" onclick="printpage()"></form>
            </td>
          </tr>
          <tr align="center">
            <td colspan="1" class="table_data" style="text-transform: uppercase"><b>Computing threat detection rule systems and methods</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b> Michal Najman,  Vsetin (CZ)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Assigned to  Avast Software s.r.o.,  Prague (CZ)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed by  Avast Software s.r.o.,  Prague (CZ)</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Filed on Jul.  26, 2022, as Appl. No. 17/873,611.</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Prior Publication US 2024/0037103 A1, Feb.  1, 2024</b></td>
          </tr>
          <tr align="center">
            <td colspan="3" class="table_data"><b>Int. Cl. </b><i><b>G06F 16/20</b></i> (2019.01); <i><b>G06F 16/242</b></i> (2019.01); <i><b>G06F 16/2455</b></i> (2019.01)</td>
          </tr>
        </table>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="75%">
            <col width="15%">
          </colgroup>
          <tr align="left">
            <td class="table_data" align="left"><b>CPC </b><i><b>G06F 16/24564</b></i> (2019.01)&#xa0;[<i><b>G06F 16/244</b></i> (2019.01)]</td>
            <td class="table_data" align="right"><b>32 Claims</b></td>
          </tr>
        </table>
        <center><img src="US12455885-20251028-D00000.gif" alt="OG exemplary drawing"></center>
        <table width="90%" border="0" rules="none" align="center">
          <colgroup>
            <col width="90%">
          </colgroup>
          <tr>
            <td class="table_data" align="center">&#xa0;</td>
          </tr>
          <tr>
            <td valign="top" class="para_text">
              <div class="claim_text_root">1. A method for performing a malware threat intelligence update, the method comprising:<div class="claim_text">receiving a plurality of data points comprising a plurality of files;</div>
                <div class="claim_text">determining a plurality of identifiers for the plurality of data points, the determining the plurality of identifiers for the plurality of data points comprising applying a hash function to transform the plurality of data points to a plurality of byte sequences;</div>
                <div class="claim_text">determining at least one term for each of the plurality of data points to determine a plurality of terms respectively associated with the plurality of identifiers;</div>
                <div class="claim_text">compressing the plurality of data points, the compressing comprising determining, based on the plurality of terms respectively associated with the plurality of identifiers, a plurality of collections of identifiers respectively associated with the plurality of terms, and limiting the number of identifiers in each of the plurality of collections to a threshold number;</div>
                <div class="claim_text">receiving a rule;</div>
                <div class="claim_text">determining a plurality of conditions of the rule;</div>
                <div class="claim_text">comparing the plurality of conditions of the rule to the plurality of terms to determine a plurality of matching terms respectively associated with corresponding collections of identifiers of the plurality of collections of identifiers;</div>
                <div class="claim_text">determining an intersection of the corresponding collections of identifiers;</div>
                <div class="claim_text">determining a number of the plurality of data points covered by the rule based on the intersection of the corresponding collections of identifiers; and</div>
                <div class="claim_text">updating malware threat intelligence of a computing device based on the number of the plurality of data points covered by the rule, the updating comprising performing a transmission of the rule to the computing device based on the number of the plurality of data points covered by the rule;</div>
                <div class="claim_text">detecting an electronic message received by the computing device;</div>
                <div class="claim_text">comparing the plurality of conditions of the rule to the electronic message received by the computing device; and</div>
                <div class="claim_text">blocking the electronic message based on the comparing of the plurality of conditions of the rule to the electronic message.</div>
              </div>
            </td>
          </tr>
        </table>
      </div>
    
  </body>
</html>