As the popularity of the Internet has grown, the proliferation of computer viruses has become more common. A computer virus is a program or piece of code that is loaded onto a computer without the knowledge or consent of the computer operator. Most viruses replicate themselves and load themselves onto other connected computers. One way in which viruses proliferate is to load themselves into a computer along with a Web page that a user of the computer has selected. Once the virus has been loaded onto the computer, it is activated and may proliferate further and/or damage the computer or other computers.
Along with the proliferation of computer viruses and other malware has come a proliferation of software to detect and remove such viruses and other malware. This software is generically known as anti-virus software or programs. In order to detect a virus or other malicious program, an anti-virus program typically scans files stored on disk in a computer system and/or data that is being transferred or downloaded to a computer system and compares the data being scanned with profiles that identify various kinds of malware. The anti-virus program may then take corrective action, such as notifying a user or administrator of the computer system of the virus, isolating the file or data, deleting the file or data, etc.
In a networked environment, anti-virus programs are typically active on the networked client systems, as well as on the server systems. Management of the anti-virus programs on the client systems is best carried out by use of network-wide anti-virus administrative applications or management tools. Such management tools typically provide the capability to deploy software, set policies for the functioning of the software, collect properties relating to the operation of the software, and execute other specified tasks on the client systems. The anti-virus programs on each client system typically function in conjunction with the agents of a collection and management program running on one or more servers. The anti-virus programs scan the client systems and based on what they find, generate events, which are transmitted to the collection and management program's agent. The collection and management application may then use the received event information to generate various enterprise-wide reports, such as reports of infections of client systems by malwares and virus profile distribution reports. These reports provide a bird's eye view of the entire network.
Typically, the agent programs report events to the collection and management application on a periodic basis, such as every hour. The period for event reporting is typically modifiable. Alternatively, the collection and management application can request event reports from agent programs as desired.
In a malware outbreak situation, waiting for the periodic event reports to be generated is not adequate, since the situation is changing rapidly and delayed reports are not sufficiently current for corrective action to be taken. However, in order to obtain real-time event reports, the collection and management application must request event reports from agent programs quite frequently. This can cause considerable network congestion and adversely affect the usability of the network.
A need arises for a technique by which real-time malware event reporting can be obtained that does not cause network congestion that adversely affects the usability of the network.