US Patent 11949698 Dynamically remote tuning of a malware content detection system

According to one embodiment, an non-transitory storage medium is configured to store a plurality of engines, which operate to conduct an analysis of a received object to determine if the object is associated with a malicious attack. The plurality of engines includes a first engine and a second engine. The first engine is configured to conduct a first analysis of the received object for anomalous behaviors including anomalous actions or omissions during virtual processing of the object that indicate the received object is malicious. The second engine is configured to conduct a second analysis corresponding to a classification of the object as being associated with a malicious attack. The analysis schemes conducted by the first engine and the second engine may be altered via configuration files, which adjusts (i) parameter value(s) or (ii) operation rules(s) to alter the analysis conducted by the first engine and/or second engine.