Abstract: The present application discloses a method and a device for scanning virus. The method for scanning virus comprises: ascertaining first scanning items in a client based on a determination to perform an intelligent scan; scanning the first scanning items at a first scanning speed; and scanning second scanning items in the client at a second scanning speed based on the client satisfying a first switching condition, the second scanning items are all remaining items except the first scanning items in the client, wherein the first scanning speed is higher than the second scanning speed. According to the scheme of the present application, adverse effects of virus scanning on a user's normal operation on and use of the client can be reduced.

Abstract: The present application discloses a method and a system for detecting malicious code. The method comprises receiving a testing sample; testing the sample with a plurality of malicious code detectors to obtain a plurality of testing results; determining a credibility scale and a reputation value of each of the testing results, wherein the credibility scale indicates whether the testing result is malicious or safe, and the reputation value indicates a quantified trust level corresponding to the credibility scale; and determining a final detection result of the testing sample based on the determined credibility scales and the reputation values of the testing results. According to the technical solution of the present application, the testing results obtained from various malicious code detectors are rationally utilized to improve the testing accuracy for the malicious code.

Abstract: The present invention provides a method, apparatus, system, device and a computer storage medium for treating virus. A client reports a scan log to a cloud service platform, and/or reports virus family information to the cloud service platform after the virus family information is identified based on the scan log. The cloud service platform identifies the scan log to obtain virus family information, and/or issues the virus removal instruction corresponding to the virus family information to the client after receiving the virus family information from the client, for the client to execute the virus removal instruction. Compared with the method of simply performing the behavior analysis and deleting files by the client, it is more advantageous that the method of the present invention issues virus removal instructions regarding the virus family information from the cloud, the virus treating is more personalized and precise, and the security of the machine system is improved.

Abstract: The present application discloses a method and a device for scanning virus. The method for scanning virus comprises: ascertaining first scanning items in a client based on a determination to perform an intelligent scan; scanning the first scanning items at a first scanning speed; and scanning second scanning items in the client at a second scanning speed based on the client satisfying a first switching condition, the second scanning items are all remaining items except the first scanning items in the client, wherein the first scanning speed is higher than the second scanning speed. According to the scheme of the present application, adverse effects of virus scanning on a user's normal operation on and use of the client can be reduced.

Abstract: A method, apparatus and system for detecting a malicious process behavior. A detection apparatus monitors a process to obtain behavior information about a target process behavior, and then sends the behavior information to a server, which determines whether the target process behavior is a malicious process behavior. The detection apparatus can receive first operation indication information returned by the server according to a detection result of the target process behavior, and perform an operation on the target process behavior according to the first operation indication information. The target process behavior is subjected to a comprehensive detection by the server according to the behavior information, rather than depending on a specified feature analysis of a single sample of the target process behavior by the detection apparatus, so that malicious process behavior can be detected in time, thereby improving the security performance of the system.

Abstract: The present invention provides a method, apparatus, system, device and a computer storage medium for treating virus. A client reports a scan log to a cloud service platform, and/or reports virus family information to the cloud service platform after the virus family information is identified based on the scan log. The cloud service platform identifies the scan log to obtain virus family information, and/or issues the virus removal instruction corresponding to the virus family information to the client after receiving the virus family information from the client, for the client to execute the virus removal instruction. Compared with the method of simply performing the behavior analysis and deleting files by the client, it is more advantageous that the method of the present invention issues virus removal instructions regarding the virus family information from the cloud, the virus treating is more personalized and precise, and the security of the machine system is improved.

Abstract: The present application discloses a method and a system for detecting malicious code. The method comprises receiving a testing sample; testing the sample with a plurality of malicious code detectors to obtain a plurality of testing results; determining a credibility scale and a reputation value of each of the testing results, wherein the credibility scale indicates whether the testing result is malicious or safe, and the reputation value indicates a quantified trust level corresponding to the credibility scale; and determining a final detection result of the testing sample based on the determined credibility scales and the reputation values of the testing results. According to the technical solution of the present application, the testing results obtained from various malicious code detectors are rationally utilized to improve the testing accuracy for the malicious code.

Abstract: A method, apparatus and system for detecting a malicious process behavior. A detection apparatus monitors a process to obtain behavior information about a target process behavior, and then sends the behavior information to a server, which determines whether the target process behavior is a malicious process behavior. The detection apparatus can receive first operation indication information returned by the server according to a detection result of the target process behavior, and perform an operation on the target process behavior according to the first operation indication information. The target process behavior is subjected to a comprehensive detection by the server according to the behavior information, rather than depending on a specified feature analysis of a single sample of the target process behavior by the detection apparatus, so that malicious process behavior can be detected in time, thereby improving the security performance of the system.

Abstract: Systems and methods are provided for enhancement of single sign-on protection. For example, information associated with one or more executable files related to an application process is acquired at a beginning of the application process; whether the one or more executable files are included in a pre-established white-list database is determined based on at least information associated with the executable files; a target uniform-resource locator (URL) associated with the application process is acquired in response to the one or more executable files being not included in the pre-established white-list database; and in response to the target URL being included in a pre-established log-in URL database on an authentication server, the application process is intercepted, and/or a risk notification is provided to a user.