Abstract: In certain embodiments, a computer-implemented method comprises receiving, via a computer network and from a first computer system, a first malware analysis request. The first malware analysis request comprises a file to be analyzed for malware by a malware analysis system. The method includes initiating a malware analysis by the malware analysis system of the first file for malware. The method includes communicating to the first computer system a response for the first file determined by the malware analysis system to the first computer system. The response comprises an indication of whether the first file comprises malware.

Abstract: In certain embodiments, a computer system includes a memory unit and a processing unit. The processing unit executes a monitoring module stored on the computer system. The monitoring module monitors the computer system for addition of a file to the computer system and detects an addition of a file to the computer system. The monitoring module accesses policies to determine whether to communicate information associated with the detected addition of the file over a communication network to a remote malware analysis system to initiate a possible malware analysis of the file by the remote malware analysis system. The monitoring module initiates, in response to determining to communicate information associated with the detected addition of the file, communication over the communication network of information associated with the detected addition of the file to the remote malware analysis system, the remote malware analysis system operable to analyze the file for malware.

Abstract: According to one embodiment, a computer-implemented method includes: accessing a set of configuration parameters, accessing a set of identifiers of files known not to be malware, and accessing a set of identifiers of files known to be malware. Further, the method includes: comparing a first file to the set of configuration parameters, determining that a first hash of the first file is not in the set of identifiers of files known not to be malware and that the first hash is not in the set of identifiers of files known to be malware, and sending the at least one file and information related to the at least one file to be analyzed for malware. The method includes deleting the set of configuration parameters, the set of identifiers of files known not to be malware, and the set of identifiers of files known to be malware after sending the first file.

Abstract: In certain embodiments, a computer-implemented method comprises receiving, via a computer network and from a first computer system, a first malware analysis request. The first malware analysis request comprises a file to be analyzed for malware by a malware analysis system. The method includes initiating a malware analysis by the malware analysis system of the first file for malware. The method includes communicating to the first computer system a response for the first file determined by the malware analysis system to the first computer system. The response comprises an indication of whether the first file comprises malware.

Abstract: In certain embodiments, a computer system includes a memory unit and a processing unit. The processing unit executes a monitoring module stored on the computer system. The monitoring module monitors the computer system for addition of a file to the computer system and detects an addition of a file to the computer system. The monitoring module accesses policies to determine whether to communicate information associated with the detected addition of the file over a communication network to a remote malware analysis system to initiate a possible malware analysis of the file by the remote malware analysis system. The monitoring module initiates, in response to determining to communicate information associated with the detected addition of the file, communication over the communication network of information associated with the detected addition of the file to the remote malware analysis system, the remote malware analysis system operable to analyze the file for malware.

Abstract: According to one embodiment, a computer-implemented method includes: accessing a set of configuration parameters, accessing a set of identifiers of files known not to be malware, and accessing a set of identifiers of files known to be malware. Further, the method includes: comparing a first file to the set of configuration parameters, determining that a first hash of the first file is not in the set of identifiers of files known not to be malware and that the first hash is not in the set of identifiers of files known to be malware, and sending the at least one file and information related to the at least one file to be analyzed for malware. The method includes deleting the set of configuration parameters, the set of identifiers of files known not to be malware, and the set of identifiers of files known to be malware after sending the first file.