Abstract: The disclosed computer-implemented method for reducing infection risk of computing systems may include (i) determining a distance between a computing system that is connected to a local network and an additional computing system that is not connected to the local network but is connected to the computing system via a series of connected devices, (ii) detecting that the additional computing system is infected with malware, (iii) calculating an infection probability for the computing system that is based at least in part on the distance between the computing system and the additional computing system that is infected, and (iv) performing a security action on the computing system that reduces a risk of infection of the computing system in response to the infection probability for the computing system meeting a predetermined threshold for infection probability. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for obtaining information about security threats on endpoint devices may include (1) detecting, by a security program on a computing device, an attempt to access at least one suspicious file, (2) before permitting the computing device to access the suspicious file, identifying, by the security program, at least one third-party resource not associated with the security program that contains information potentially indicative of the trustworthiness of the suspicious file, (3) obtaining, by the security program from the third-party resource, the information potentially indicative of the trustworthiness of the suspicious file, and then (4) determining, by the security program based at least in part on the information potentially indicative of the trustworthiness of the suspicious file, whether the suspicious file represents a security threat to the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for determining reputations of files may include (i) identifying, on an endpoint device, a loadpoint data entry created by a file installed on the endpoint device that directs an operating system of the endpoint device to execute the file during boot up operations of the endpoint device, (ii) determining a reputation of the loadpoint data entry, (iii) detecting, on an additional endpoint device, an attempt to install a suspicious file with a loadpoint data entry at least partially similar to the loadpoint data entry of the file installed on the endpoint device, (iv) determining a reputation of the suspicious file based on the reputation of the loadpoint data entry of the file installed on the endpoint device, and (v) protecting the additional endpoint device from security threats by performing a security action on the suspicious file based on the reputation of the suspicious file.

Abstract: The disclosed computer-implemented method for classifying files may include (i) identifying a point in time before which there is a non-zero probability that at least one file within a group of files has been classified by a security system, (ii) identifying, within the group of files, a file with a timestamp that indicates the file was created or modified before the point in time, (iii) assign, based on the timestamp of the file, a classification to the file that indicates the file is not trusted, and (iv) perform, by the security system, a security action based on the classification of the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for obtaining information about security threats on endpoint devices may include (1) detecting, by a security program on a computing device, an attempt to access at least one suspicious file, (2) before permitting the computing device to access the suspicious file, identifying, by the security program, at least one third-party resource not associated with the security program that contains information potentially indicative of the trustworthiness of the suspicious file, (3) obtaining, by the security program from the third-party resource, the information potentially indicative of the trustworthiness of the suspicious file, and then (4) determining, by the security program based at least in part on the information potentially indicative of the trustworthiness of the suspicious file, whether the suspicious file represents a security threat to the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method, apparatus, and computer readable medium for detecting malware on a target computer system is described. A threat profile is obtained at the target computer, the threat profile having manifestation information for known malware, the manifestation information including effects of the known malware on computer systems infected by the known malware. Using the threat profile, at least a portion of the manifestation information is detected on the target computer. A confidence level for detection of potential malware is determined based on the at least a portion of the manifestation information detected. The potential malware on the target computer is convicted as malware for remediation if the confidence level satisfies a threshold confidence level.