CN101859349A - File screening system and file screening method for searching and killing malicious programs - Google Patents
File screening system and file screening method for searching and killing malicious programs Download PDFInfo
- Publication number
- CN101859349A CN101859349A CN200910038609A CN200910038609A CN101859349A CN 101859349 A CN101859349 A CN 101859349A CN 200910038609 A CN200910038609 A CN 200910038609A CN 200910038609 A CN200910038609 A CN 200910038609A CN 101859349 A CN101859349 A CN 101859349A
- Authority
- CN
- China
- Prior art keywords
- file
- document
- client
- information
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to the field of anti-malicious program software of computers, in particular to a file screening system and a file screening method for searching and killing malicious programs. The file screening system for searching and killing the malicious programs comprises a server and a plurality of clients, wherein the server comprises a communication module, a file collecting library, a file record form and a screening module; the communication module of the server is used for jointly realizing information interaction among the server and the clients with the communication module of each client; the file collecting library is used for storing files meeting collection requirements; the file record form is used for recording distribution number information, first transmitting time information and last triggering time information of each file; the screening module is used for putting the files meeting the collection requirements into the file collecting library; and each client comprises a communication module and a file characteristic acquisition module. By adopting the file screening device, the time for identifying the malicious programs is shortened.
Description
Technical field
The present invention relates to the anti-rogue program class of computing machine software field, relate in particular to a kind of file screening system and document screening method that is used for the killing rogue program.
Background technology
At present, the ultimate principle of the anti-malware software killing of computing machine rogue program is: differentiate whether the file of collecting is rogue program, and will differentiate that the rogue program that comes out extracts feature, generating feature storehouse; The all files of scanning in the client computer, and judge each file whether with feature database in the malice feature be complementary, if coupling then be the malice file.Along with the development of computer software and hardware technology, on the one hand, the hard drive space of computing machine is increasing, and the software that can install and deposit is more and more; The kind of software is also more and more on the other hand, especially some professional softwares, such as engineering softwares such as PRO-E, UG, also have Electronic Design software, financial accounting software, level design software or the like, many professional softwares all are that specific crowd uses, and the usage ratio in whole the Internet is not very big, but these softwares shared space on single client is bigger, the total number of files quantity of all these softwares is huge, and the ratio that the wideless quantity of documents that distributes accounts for total number of files is very high.Therefore, the all files of whole client place computing machine is differentiated which file is requiring a great deal of time of malice, make that the time of anti-malware software response rogue program is elongated, all rogue programs are detected the coverage rate step-down, can not satisfy user's request for utilization.
At the problems referred to above, carry out one roughing earlier, a part is not had the file of harm (maybe can be defined as non-malice) and discharge outside discriminating, capture range, will improve the response speed and raising anti-malware software detected ratios to rogue program of anti-malware software rogue program.
Summary of the invention
The present invention has overcome deficiency of the prior art, first purpose of the present invention provides a kind of file screening system, use this system can the software on the computing machine in the network that total system distributed be screened, the file that screens can be used for follow-up rogue program and differentiates.
Second purpose of the present invention provides a kind of document screening method of using above-mentioned file screening system.
In order to realize above-mentioned first purpose, the present invention adopts following technical scheme:
Be used for the file screening system of killing rogue program, it is characterized in that, comprise server end and a plurality of client;
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The file collection storehouse, it is used to deposit the file that meets collection condition;
The file logging table, it writes down the distributed quantity information of each file, and the start time information of each file and last triggered time information; The distributed quantity of said each file is meant the number of computers that client is housed of depositing this document, the said start time is meant that there is the time of this file for the first time in the computing machine of depositing this document by the report of user end to server end, and the said last triggered time is meant that there is the time of this file for the last time in the computing machine of depositing this document by the report of user end to server end;
The screening module, it is used to calculate the distribution range and the rate of propagation of each file, and will meet the file that imposes a condition and put into the file collection storehouse, described imposing a condition set by the programming personnel, judges whether to filter out this document to the file collection storehouse according to the rate of propagation of file distribution range and file; Described file distribution range is meant the ratio of the number of computers that has this document and the total number of computers that client is installed, and the rate of propagation of described file is meant that the quantity of this document is divided by last triggered time of this document and the difference of start time;
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
The file characteristic acquisition module, the file feature information of All Files in its continuous circle collection client place computing machine, this document is corresponding one by one with its file characteristic, and file feature information sends to server end by the client communication module.
In order to realize above-mentioned second purpose, the present invention adopts following technical scheme:
Use above-mentioned file screening system to carry out the method for document screening, it comprises following process:
A. a plurality of clients are installed in respectively on each computing machine, server end is connected by network with a plurality of clients;
B. the file feature information of All Files on its place computing machine of the continuous circle collection of file characteristic acquisition module of client, and send to server end by the communication module of client;
If c. there is this characteristic information in server end, then the distributed quantity information with this feature institute respective file adds 1, will be recorded as the last triggered time of this document simultaneously the current time; If there is not this characteristic information in server end, then the distributed quantity information with this feature institute respective file is made as 1, will be recorded as the start time and the last triggered time of this document simultaneously the current time;
When d. the last triggered time of the distributed quantity information of certain file and file changes in the file logging table, the screening module is calculated the distribution range and the rate of propagation of this document, if this document meets and imposes a condition then put into the file collection storehouse, otherwise wouldn't collect this file.
By adopting above-mentioned document screening device and screening technique, can the All Files in the computing machine be screened, according to distribution range and the rate of propagation of each file in network, some files that do not have harm (or can be defined as non-malice substantially) are substantially discharged outside capture range, the file of collecting can follow-uply carry out rogue program again to be differentiated, has shortened the time spent of differentiating rogue program greatly.
Description of drawings
Fig. 1 is the distribution situation synoptic diagram of All Files in whole computing machines of client are housed.
Below in conjunction with embodiment content of the present invention is elaborated.
Embodiment
The effect of file screening system of the present invention is to filter out a part of file, this part file that screens is as the follow-up object that carries out operations such as rogue program discriminating, and the not screened file that comes out can think not have the harm file, does not carry out follow-up rogue program and differentiates.This just requires the screening rule of this document screening system to want rationally, otherwise will omit the file that should differentiate.
Therefore, at first to introduce the theoretical foundation that this document screening system carries out document screening.The general distribution range of black and white sample in whole network exists difference, and we can utilize this species diversity to collect the black and white sample.Here said black and white sample refers to the malice file respectively and the file that means no harm.After deliberation, the file that contains malicious code generally has following feature:
1, rogue program is to show off the period that technology is a purpose, and the total amount of rogue program is less, growth rate is slower; Rogue program is the period of purpose with economic interests, and its growth rate is very fast, and total amount increases rapidly, meets the economics rule.
2, the economic aim of rogue program has determined the rogue program author need allow rogue program be distributed on wider victim's machine.And make rogue program is illegal act, and this has limited the scale of disseminating of rogue program again.
3, no matter in the solution of anti-rogue program how, all exist one or more initial victims at least.
Referring to Fig. 1, this figure is the distribution situation synoptic diagram of All Files in whole computing machines of client are housed.Wherein X-axis is the distribution range of file, and Y is the file amount.As can be seen from the figure, the distribution range of most files is all smaller, and the distribution range is a dash area area among the figure less than the file total amount of m%.This wherein just comprises some professional softwares, and as engineering software, Electronic Design software, financial accounting software or the like, from follow-up description as can be known, the minimum file of these distribution ranges is not collected, and just can not carry out follow-up rogue program and differentiate operation.
The file screening system that is used for anti-rogue program comprises server end and a plurality of client;
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The file collection storehouse, it is used to deposit the file that meets collection condition, as follow-up source file storehouse of carrying out the killing rogue program;
The file logging table, it writes down the distributed quantity information of each file, and the start time information of each file and last triggered time information; The quantity of said each file is meant the number of computers that client is housed of depositing this document, the said start time is meant that there is the time of this file for the first time in the computing machine of depositing this document by the report of user end to server end, and the said last triggered time is meant that there is the time of this file for the last time in the computing machine of depositing this document by the report of user end to server end;
The screening module, it is used to calculate the distribution range and the rate of propagation of each file, and will meet the file that imposes a condition and put into the file collection storehouse, described imposing a condition set by the programming personnel, judges whether to filter out this document to the file collection storehouse according to the rate of propagation of file distribution range and file; Described file distribution range is meant the ratio of the number of computers that has this document and the total number of computers that client is installed, and the rate of propagation of described file is meant that the quantity of this document is divided by last departure time of this document and the difference of start time;
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
The file characteristic acquisition module, the file feature information of All Files in its continuous circle collection client place computing machine, this document is corresponding one by one with its file characteristic, and file feature information sends to server end by the client communication module.Client judges whether this characteristic information sent before sending file feature information, and for the characteristic information that had sent, client no longer repeats to send;
Client does not all send to client to whole file, only adopts the characteristic information of file, reduces the Network Transmission flow, reduces the required file storage of server.But, must can determine a file by these characteristic informations, promptly file is corresponding one by one with the characteristic information of file.In the present invention, file feature information is described in two ways, and first is file MD5 value, if the MD5 value is identical, then be same file, if the MD5 value is different, further adopt the second way, file is divided into 10 zones, calculates the HASH value in these 10 zones respectively, any two values of choosing these 10 HASH values are an eigenwert, every group is a feature, if the file of different MD5 has any one feature identical, then be considered as identical file, otherwise be different files.
In conjunction with Fig. 1, described impose a condition into:
The file distribution range is during greater than m% and less than w%, if the rate of propagation of file less than U1, then screens this document and puts into the file collection storehouse;
The file distribution range is higher than b% and during less than n%, if the rate of propagation of file greater than U2, then screens this document and puts into the file collection storehouse;
When the file distribution range is higher than n%, then this document is screened and put into the file collection storehouse;
Wherein, m<b<w<n; The numerical value of described m, b, w, n, U1, U2 is set according to the quantity of client by the programming personnel.The quantity of client is many more, and the screening accuracy rate of file screening system is also just high relatively more.The definite of above-mentioned each numerical value also can set as required, such as, it is big more that the m value is set, and the accuracy rate of screening may reduce (some have the file of harm may leak choosing), but the follow-up quantity of documents for the treatment of that rogue program is differentiated reduces, and the time that rogue program is differentiated shortens.On the contrary, if the setting of m value is more little, the accuracy rate of screening will improve, but the time of follow-up killing disease will increase.
According to the distribution situation of our company's software client, value is as follows for applicant's (Kingsoft software), m=0.001, and b=0.01, w=0.02, n=0.1, U1 are 1/2 minutes, U2 was 1/2 seconds.With these numerical value is example, introduces the method for document screening below.
The document screening method comprises following process:
A. a plurality of clients are installed in respectively on each computing machine, server end is connected by network with a plurality of clients;
B. the file feature information of All Files on its place computing machine of the continuous circle collection of file characteristic acquisition module of client, and send to server end by the communication module of client; Client judges whether this characteristic information sent before sending file feature information, and for the characteristic information that had sent, client no longer repeats to send;
If c. there is this characteristic information in server end, then the distributed quantity information with this feature institute respective file adds 1, will be recorded as the last triggered time of this document simultaneously the current time; If there is not this characteristic information in server end, then the distributed quantity information with this feature institute respective file is made as 1, will be recorded as the start time and the last triggered time of this document simultaneously the current time;
When d. the last triggered time of the distributed quantity information of certain file and file changes in the file logging table, the screening module is calculated the distribution range and the rate of propagation of this document, if this document meets and imposes a condition then put into the file collection storehouse, otherwise wouldn't collect this file.Specifically, the file distribution range is greater than 0.001% and less than 0.02% o'clock, if the rate of propagation of file greater than 2 minutes/, then screens this document and puts into the file collection storehouse; The file distribution range is higher than 0.01% and less than 0.1% o'clock, if the rate of propagation of file less than 2 the second/, then this document is screened and puts into the file collection storehouse; The file distribution range is higher than at 0.1% o'clock, then this document is screened and puts into the file collection storehouse.
As the analysis of front to the rogue program feature that contains malicious code, a malice file in the early stage, the distribution range does not reach m%, can be not screened come out.But along with its diffusion, its distribution range increases, in case its distribution range reaches m% to w%, and rate of propagation is less than U1, and then file can be screened comes out.Even it is a rogue program (such as the worm that utilizes leak initiatively to propagate) of propagating at a high speed, this document does not reach above-mentioned requirements and is collected at this moment, so along with the diffusion of this document, the file distribution range is higher than b% and during less than n%, if the rate of propagation of file is greater than U2, then this document can be screened comes out; If still do not meet collection condition this moment, along with the further diffusion of this malice file as long as its distribution range reaches n%, so no matter how many its rate of propagation is, all come out screened.This shows that method of the present invention can effectively filter out the malice file at the diffusion characteristic of rogue program file, reduces the time of follow-up discriminating rogue program.
In addition, need to prove that what take for the information gathering of client is that machine is collected, and is not manual collection, the row cache of going forward side by side has so just guaranteed that to the user information source is anonymous, and information does not have related with the user.And owing to temporarily leave in the buffer area, concerning the user, server end does not have permanent storage client's relevant information.In addition, what server end extracted is executable file, rather than leaves the document on the subscriber set in.
Above embodiment describes the only unrestricted technical scheme of the present invention in order to explanation.Any modification or partial replacement that does not break away from spirit and scope of the invention should be encompassed in the middle of the claim scope of the present invention.
Claims (10)
1. be used for the file screening system of killing rogue program, it is characterized in that, comprise server end and a plurality of client;
Server end comprises:
Communication module, it is used for realizing jointly with the communication module of each client the information interaction of server end and client;
The file collection storehouse, it is used to deposit the file that meets collection condition;
The file logging table, it writes down the distributed quantity information of each file, and the start time information of each file and last triggered time information; The quantity of said each file is meant the number of computers that client is housed of depositing this document, the said start time is meant that there is the time of this file for the first time in the computing machine of depositing this document by the report of user end to server end, and the said last triggered time is meant that there is the time of this file for the last time in the computing machine of depositing this document by the report of user end to server end;
The screening module, it is used to calculate the distribution range and the rate of propagation of each file, and will meet the file that imposes a condition and put into the file collection storehouse, described imposing a condition set by the programming personnel, judges whether to filter out this document to the file collection storehouse according to the rate of propagation of file distribution range and file; Described file distribution range is meant the ratio of the number of computers that has this document and the total number of computers that client is installed, and the rate of propagation of described file is meant that the quantity of this document is divided by last departure time of this document and the difference of start time;
Client comprises:
Communication module, it is used for realizing jointly with the communication module of server end the information interaction of server end and client;
The file characteristic acquisition module, the file feature information of All Files in its continuous circle collection client place computing machine, this document is corresponding one by one with its file characteristic, and file feature information sends to server end by the client communication module.
2. the file screening system that is used for the killing rogue program according to claim 1 is characterized in that,
File feature information is described in two ways, and first is file MD5 value, if the MD5 value is identical, it then is same file, if the MD5 value is different, further adopt the second way, file is divided into 10 zones, calculate the HASH value in these 10 zones respectively, any two values of choosing these 10 HASH values are an eigenwert, and every group is a feature, if the file of different MD5 has any one feature identical, then be considered as identical file, otherwise be different files.
3. the file screening system that is used for the killing rogue program according to claim 2 is characterized in that,
Described impose a condition into:
The file distribution range is during greater than m% and less than w%, if the rate of propagation of file less than U1, then screens this document and puts into the file collection storehouse;
The file distribution range is higher than b% and during less than n%, if the rate of propagation of file greater than U2, then screens this document and puts into the file collection storehouse;
When the file distribution range is higher than n%, then this document is screened and put into the file collection storehouse;
Wherein, m<b<w<n; The numerical value of described m, b, w, n, U1, U2 is set according to the quantity of client by the programming personnel.
4. the file screening system that is used for the killing rogue program according to claim 3 is characterized in that,
M=0.001, b=0.01, w=0.02, n=0.1, U1 are 1/2 minutes, U2 was 1/2 seconds.
5. according to any described file screening system that is used for the killing rogue program among the claim 1-4, it is characterized in that,
Client judges whether this characteristic information sent before sending file feature information, and for the characteristic information that had sent, client no longer repeats to send.
6. use the document screening method of the described file screening system of claim 1, it is characterized in that, comprise following process:
A. a plurality of clients are installed in respectively on each computing machine, server end is connected by network with a plurality of clients;
B. the file feature information of All Files on its place computing machine of the continuous circle collection of file characteristic acquisition module of client, and send to server end by the communication module of client;
If c. there is this characteristic information in server end, then the distributed quantity information with this feature institute respective file adds 1, will be recorded as the last triggered time of this document simultaneously the current time; If there is not this characteristic information in server end, then the distributed quantity information with this feature institute respective file is made as 1, will be recorded as the start time and the last triggered time of this document simultaneously the current time;
When d. the last triggered time of the distributed quantity information of certain file and file changes in the file logging table, the screening module is calculated the distribution range and the rate of propagation of this document, if this document meets and imposes a condition then put into the file collection storehouse, otherwise wouldn't collect this file.
7. document screening method according to claim 6, it is characterized in that, file feature information is described in two ways, first is file MD5 value, if the MD5 value is identical, it then is same file, if the MD5 value is different, further adopt the second way, file is divided into 10 zones, calculate the HASH value in these 10 zones respectively, any two values of choosing these 10 HASH values are an eigenwert, and every group is a feature, if the file of different MD5 has any one feature identical, then be considered as identical file, otherwise be different files.
8. document screening method according to claim 7 is characterized in that,
Described impose a condition into:
The file distribution range is during greater than m% and less than w%, if the rate of propagation of file less than U1, then screens this document and puts into the file collection storehouse;
The file distribution range is higher than b% and during less than n%, if the rate of propagation of file greater than U2, then screens this document and puts into the file collection storehouse;
When the file distribution range is higher than n%, then this document is screened and put into the file collection storehouse;
Wherein, m<b<w<n; The numerical value of described m, b, w, n, U1, U2 is set according to the quantity of client by the programming personnel.
9. document screening method according to claim 8 is characterized in that,
M=0.001, b=0.01, w=0.02, n=0.1, U1 are 2 minutes/, U2 be 2 the second/.
10. according to any described document screening method among the claim 6-9, it is characterized in that,
Client judges whether this characteristic information sent before sending file feature information, and for the characteristic information that had sent, client no longer repeats to send.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100386097A CN101859349B (en) | 2009-04-13 | 2009-04-13 | File screening system and file screening method for searching and killing malicious programs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100386097A CN101859349B (en) | 2009-04-13 | 2009-04-13 | File screening system and file screening method for searching and killing malicious programs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101859349A true CN101859349A (en) | 2010-10-13 |
| CN101859349B CN101859349B (en) | 2012-05-09 |
Family
ID=42945254
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100386097A Active CN101859349B (en) | 2009-04-13 | 2009-04-13 | File screening system and file screening method for searching and killing malicious programs |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101859349B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480483A (en) * | 2010-11-22 | 2012-05-30 | 财团法人资讯工业策进会 | Server, user device and malware detection methods for server and user device |
| CN103729593A (en) * | 2013-12-31 | 2014-04-16 | 安一恒通(北京)科技有限公司 | Method and system for recognizing file safety |
| CN104680064A (en) * | 2013-12-03 | 2015-06-03 | 国际商业机器公司 | Method and system for optimizing virus scanning of files using file fingerprints |
| CN107196916A (en) * | 2017-04-25 | 2017-09-22 | 中移互联网有限公司 | A kind of method, network side equipment and the terminal of virus document detection |
| CN108038223A (en) * | 2017-12-21 | 2018-05-15 | 珠海市君天电子科技有限公司 | Garbage files information bank method for building up, garbage files recognition methods and device |
| CN116662990A (en) * | 2022-11-23 | 2023-08-29 | 荣耀终端有限公司 | Malicious application identification method, electronic device, storage medium and program product |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100414540C (en) * | 2005-04-25 | 2008-08-27 | 北京拓普极客技术有限公司 | System and method for analyzing and abstracting data evidence |
| CN101039177A (en) * | 2007-04-27 | 2007-09-19 | 珠海金山软件股份有限公司 | Apparatus and method for on-line searching virus |
-
2009
- 2009-04-13 CN CN2009100386097A patent/CN101859349B/en active Active
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102480483A (en) * | 2010-11-22 | 2012-05-30 | 财团法人资讯工业策进会 | Server, user device and malware detection methods for server and user device |
| CN104680064A (en) * | 2013-12-03 | 2015-06-03 | 国际商业机器公司 | Method and system for optimizing virus scanning of files using file fingerprints |
| CN103729593A (en) * | 2013-12-31 | 2014-04-16 | 安一恒通(北京)科技有限公司 | Method and system for recognizing file safety |
| CN107196916A (en) * | 2017-04-25 | 2017-09-22 | 中移互联网有限公司 | A kind of method, network side equipment and the terminal of virus document detection |
| CN108038223A (en) * | 2017-12-21 | 2018-05-15 | 珠海市君天电子科技有限公司 | Garbage files information bank method for building up, garbage files recognition methods and device |
| CN116662990A (en) * | 2022-11-23 | 2023-08-29 | 荣耀终端有限公司 | Malicious application identification method, electronic device, storage medium and program product |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101859349B (en) | 2012-05-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101859349B (en) | File screening system and file screening method for searching and killing malicious programs | |
| US10187408B1 (en) | Detecting attacks against a server computer based on characterizing user interactions with the client computing device | |
| CN101923617B (en) | Cloud-based sample database dynamic maintaining method | |
| Yang et al. | Empirically analyzing ethereum's gas mechanism | |
| CN103336737B (en) | Information handling systems and the method for enforcement thereof | |
| CN102592103B (en) | Secure file processing method, equipment and system | |
| CN103593376A (en) | Method and device for collecting user behavior data | |
| CN100485703C (en) | Method and system for processing computer malicious code | |
| CN105589782B (en) | User behavior acquisition method based on browser | |
| CN103186600B (en) | The specific analysis method and apparatus of internet public feelings | |
| US20100235910A1 (en) | Systems and methods for detecting false code | |
| CN104317740B (en) | The method for cleaning and device of the CACHE DIRECTORY/file based on sandbox technology | |
| CN102195992A (en) | System and method for performing anti-virus scanning for the data downloaded from network | |
| CN109478132A (en) | Entropy is collected from different sources | |
| DE112012002106T5 (en) | Predictive malware scanning | |
| CN104320448B (en) | A kind of caching of the calculating equipment based on big data and prefetch acceleration method and device | |
| CN103530365A (en) | Method and system for acquiring downloading link of resources | |
| CN103605714A (en) | Method and device for identifying abnormal data of websites | |
| CN104871171A (en) | Distributed pattern discovery | |
| CN104899510A (en) | Virus detecting and killing method for removable storage devices | |
| CN106921713A (en) | A kind of resource caching method and device | |
| CN103455597A (en) | Distributed information hiding detection method facing mass web images | |
| CN109344137A (en) | A kind of log storing method and system | |
| CN102831153B (en) | A kind of method and apparatus choosing sample | |
| CN103365963A (en) | Method for quickly testing compliance by database auditing system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: KINGSOFT CORPORATION LIMITED Free format text: FORMER OWNER: ZHUHAI KINGSOFT SOFTWARE CO., LTD. Effective date: 20140901 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 519015 ZHUHAI, GUANGDONG PROVINCE TO: 100085 HAIDIAN, BEIJING |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20140901 Address after: Kingsoft No. 33 building, 100085 Beijing city Haidian District Xiaoying Road Patentee after: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Address before: Jinshan computer Building No. 8 Jingshan Hill Road, Lane 519015 Zhuhai Jida Lianshan Guangdong city of Zhuhai Province Patentee before: Zhuhai Kingsoft Software Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20101013 Assignee: Zhuhai Kingsoft Software Co.,Ltd. Assignor: BEIJING KINGSOFT INTERNET SECURITY SOFTWARE Co.,Ltd. Contract record no.: 2014990000778 Denomination of invention: File screening system and file screening method for searching and killing malicious programs Granted publication date: 20120509 License type: Common License Record date: 20140926 |
|
| LICC | Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model |