Abstract: There are provided measures for enabling dynamic remote malware scanning. Such measures could exemplarily include identification of an electronic file to be scanned for malware, generation of at least one scanning object of the identified electronic file on the basis of a dynamic configuration by a remote entity, said at least one scanning object being generated by using malware-susceptible data of the identified electronic file and neglecting malware-insusceptible data of the identified electronic file, transfer of the at least one scanning object of the identified electronic file for remote malware scanning to the remote entity, and execution of a malware scan of the at least one scanning object of the electronic file at the remote entity by a malware scanning engine or application.

Abstract: There are provided measures for enabling dynamic remote malware scanning. Such measures could exemplarily comprise include identification of an electronic file to be scanned for malware, generation of at least one scanning object of the identified electronic file on the basis of a dynamic configuration by a remote entity, said at least one scanning object being generated by using malware-susceptible data of the identified electronic file and neglecting malware-insusceptible data of the identified electronic file, transfer of the at least one scanning object of the identified electronic file for remote malware scanning to the remote entity, and execution of a malware scan of the at least one scanning object of the electronic file at the remote entity by a malware scanning engine or application.

Abstract: This document discloses a solution for automatically detecting malicious content by computer security routine executed in a processing device. A user input to a social media application is detected by the computer security routine. The user input indicates that a user wants to share content with at least one other user through the social media application. In response, the computer security routine suspends said sharing and performs, before determining whether or not to allow the sharing, a security check for suspiciousness of contents the user intends to share.

Abstract: According to an aspect of the invention, there is provided a method of protecting a user from a compromised web resource. The method may include monitoring a user's requests for trusted web resources to determine one or more web resources to be checked. The method may include querying a network database based on the determined one or more web resources to obtain historical data relating to whether any of the one or more web resources has been compromised at any time during a preceding time period. The method may include providing a predetermined response to protect the user if any of the one or more web resources has been compromised.

Abstract: A method of inhibiting the spread of malware across a network of interconnected computer terminals. The method includes detecting malware or suspicious behavior at a first computer terminal and inspecting the first computer terminal, before and/or after said step of detecting malware or suspicious behavior, to identify contacts forming part of a social network. Identities of the identified contacts are sent to a backend security system, and at the backend security system, said identities are received and instructions sent to one or more second computer terminals associated with respective identities to cause those second computer terminals to implement an increased level of security.

Abstract: First data relating to a selected file is obtained. Based upon the first data it is determined if malware detection processing can be selected. Malware detection processing of the file is selected based upon said first data if it is determined that malware detection processing can be selected based upon the first data. If it is determined that, based upon the first data, malware detection processing cannot be selected based upon the first data, second data relating to the selected file is obtained and malware detection processing of the file is selected based upon said first and second obtained data. The selected malware detection processing is applied to said selected file. In an exemplary embodiment the first data is metadata and represents a faster scan of the file, and the second data is content of the file's header and represents a more in-depth scan of the file.

Abstract: A method of inspecting a file on a client computer in order to determine if the file is malicious. The client computer sends a hash of the file to a server. The server then compares the hash of the file to a database of hashes of known files, and uses results of the comparison to determine whether or not the file is unknown to the server. If the file is unknown, the server sends a request for a first security analysis of the file to the client computer. The client computer then performs the first security analysis on the file, modifies the results of the first security analysis by removing or hashing selected data from results, and sends the modified results of the first security analysis to the server. The server performs a second security analysis on the modified results in order to determine if the file is malicious.

Abstract: The present invention relates to a method of controlling the download of anti-virus software updates to a device. The device is configured to transmit an update query to a network device requesting information on whether any updates are available for the anti-virus software. When the device receives the response it stores the response in the cache. The cache can then be queried following a trigger and, if the cache indicates an update to the anti-virus software is available the device downloads an update to the anti-virus software. In an alternative embodiment the device may download and install an update upon receiving the response to the query if the response to the query indicates that an update is available. The query may be transmitted during a scan or upon determining a change in a connection at a device.

Abstract: According to an aspect of the invention, there is provided a method of protecting a user from a compromised web resource. The method may include monitoring a user's requests for trusted web resources to determine one or more web resources to be checked. The method may include querying a network database based on the determined one or more web resources to obtain historical data relating to whether any of the one or more web resources has been compromised at any time during a preceding time period. The method may include providing a predetermined response to protect the user if any of the one or more web resources has been compromised.

Abstract: This document discloses a solution for automatically detecting malicious content by computer security routine executed in a processing device. A user input to a social media application is detected by the computer security routine. The user input indicates that a user wants to share content with at least one other user through the social media application. In response, the computer security routine suspends said sharing and performs, before determining whether or not to allow the sharing, a security check for suspiciousness of contents the user intends to share.

Abstract: A method of inhibiting the spread of malware across a network of interconnected computer terminals. The method includes detecting malware or suspicious behaviour at a first computer terminal and inspecting the first computer terminal, before and/or after said step of detecting malware or suspicious behaviour, to identify contacts forming part of a social network. Identities of the identified contacts are sent to a backend security system, and at the backend security system, said identities are received and instructions sent to one or more second computer terminals associated with respective identities to cause those second computer terminals to implement an increased level of security.

Abstract: The present invention relates to a method of controlling the download of anti-virus software updates to a device. The device is configured to transmit an update query to a network device requesting information on whether any updates are available for the anti-virus software. When the device receives the response it stores the response in the cache. The cache can then be queried following a trigger and, if the cache indicates an update to the anti-virus software is available the device downloads an update to the anti-virus software. In an alternative embodiment the device may download and install an update upon receiving the response to the query if the response to the query indicates that an update is available. The query may be transmitted during a scan or upon determining a change in a connection at a device.

Abstract: First data relating to a selected file is obtained. Based upon the first data it is determined if malware detection processing can be selected. Malware detection processing of the file is selected based upon said first data if it is determined that malware detection processing can be selected based upon the first data. If it is determined that, based upon the first data, malware detection processing cannot be selected based upon the first data, second data relating to the selected file is obtained and malware detection processing of the file is selected based upon said first and second obtained data. The selected malware detection processing is applied to said selected file. In an exemplary embodiment the first data is metadata and represents a faster scan of the file, and the second data is content of the file's header and represents a more in-depth scan of the file.