The interconnected nature of modern day computer systems which often use insecure means of transferring data across global public networks such as the Internet has provided potential exposure for misuse of computers connected to such public networks through the installation of malicious software (also known as “malware”) on computers in the network. In general, malware is intrusive or unwanted software or program code that is installed on a computer without the user of the computer's consent and includes computer viruses, worms, trojan horses, spyware, etc. Installation of malware on a computer may in some instances result in severe performance degradation, infection of critical computer files, digital information theft, or can be used as a portal for committing various other computer crimes by users of remotely connected computers.
Anti-malware programs have been developed to detect and remove malware from computers. These types of anti-malware programs typically scan computer memory to search for suspicious files that may be malware and provide the list of suspicious files to a user or administrator to determine which files to remove. Alternatively, files or program code with known malware signatures may be automatically deleted from a computer system in an attempt to “clean” the system of malware. Other anti-malware programs attempt to block the installation of malware in real-time by, for example, scanning all incoming network data for malware signatures and blocking any suspicious data from being installed.
The problem of malware may be exacerbated if it is installed on computers in an enterprise network which is configured to enable users in an organization to access shared data and computing resources. That is, because users in an enterprise network often freely exchange data and resources between computers in the network, the spread of malware from computer to computer in the network is more likely to occur, resulting in significant time and expense required by information technology personnel to clean the infected computers.
Organizations that use an enterprise network often install anti-malware software on individual client computers in the network to detect malware on the client computers. In some enterprise networks, the results of the malware detection may be transmitted to an administrator of the network to enable the administrator to determine which computers are infected and need servicing. For example, the results may be transmitted to the administrator as one or more detection logs that identify all of the infections in the enterprise network. Often malware reporting not only identifies which computers are infected, but also identifies the severity of the malware that was detected on each of the infected computers. Administrators can then use information in the detection logs, including the severity information, to determine how to service the infected computers in the network.