Morgan Stanley
File collection method for subsequent malware detection

Abstract:

A computer-implemented method for collecting files transmitted on a network for subsequent malware analysis is disclosed. The method comprises determining, by a sensor, that a file has been transmitted on the network; transmitting, from the sensor to an intermediate agent, the file; storing, by the intermediate agent, the file, pending a determination whether metadata of the file indicates an identical copy of the file has likely already been stored by a source collection subsystem; responsive to a determination that the file has not likely already been stored by the source collection subsystem, transmitting the file from the intermediate agent to the source collection subsystem; verifying, by the source collection subsystem, that the file has not likely already been stored by the source collection subsystem; and storing the file for future analysis.