Management of a computer network, even a relatively small one, can be daunting. A network manager or administrator is often responsible for ensuring that users' computers are operating properly in order to maximize productivity and minimize downtime. When a computer begins to function erratically, or ceases to function altogether, a user will often contact a system administrator for assistance. As explained in U.S. Pat. No. 7,593,936, entitled “Systems and Methods for Automated Computer Support,” there are significant labor costs associated with investigating, diagnosing, and resolving problems associated with individual computers on a computer network.
There may be any number of reasons why a given computer is not working properly, including missing or corrupted file(s) or registry key(s), “malware” (including viruses and the like), as well as user-error. Unfortunately, it is not uncommon that an information technology (IT) department of a typical organization lacks the resources or ability to receive notice of a reported problem regarding a given computer, thereafter investigate the same to identify a root cause of the problem, and then implement an appropriate fix/repair/correction for the given computer. As a result, instead of delving into the details of most reported computer problems, network managers and IT departments often resort to three common “brute force” methodologies to address reported problems:
Backups, wherein a full system or application is replaced with a previously stored backed-up version;
Golden Image, wherein all applications and data are reset back to a baseline configuration; and/or
Re-imaging, wherein, perhaps, the latest versions of software are (re-)installed, anew, on the computer.
The foregoing “brute force” approaches to computer problem remediation, as those skilled in the art will appreciate, amount to blanket data replacement methodologies that are not responsive to fixing, e.g., a singular, specific problem on a given computer and, moreover, often result in many undesirable side effects for the computer user. For example, the user may experience loss of user customized settings, may have to work through a lengthy downtime period, or may wind up losing user data.
Among the reasons why a selected computer might not be operating properly, malware is increasingly becoming the culprit. As computer users spend more time using the Internet and downloading files, programs, and other materials, malware increasingly finds its way onto the computers. Particularly troubling is the fact that malware is always a “moving target” in that unscrupulous people are continually changing and modifying malware functionality and how the troublesome applications present themselves to those trying to detect them.
Because of the “moving target” nature of malware, the dominant detection approach, namely signature analysis, is not particularly effective. Signature analysis works by having an agent scan incoming files for sequences of bytes that match known malware. The weaknesses of this technology include the following:                Prior knowledge of the malware is required to create a signature. If the malware is new, then the technology can be entirely ineffective. Widespread availability of automated toolkits for creating malware is increasing the frequency of new malware types;        
The time from initial discovery to a deployed signature can be many days depending on the responsiveness of the anti-virus vendor and the speed of deployment; and
The number of signatures is currently growing exponentially, eroding the resources and performance of the computer being detected.
In light of the often critical importance of maintaining user data and avoiding unnecessary downtime, and the increasingly ineffectiveness of signature based approaches, there is a need to provide tools for computer anomaly detection, and particularly malware detection, and remediation.