Patent attributes
A computer-implemented method for identifying potential malware may include (1) identifying a file that is subject to a reputation evaluation, (2) identifying at least one client submission received from at least one computing system that identifies (a) an instance of the file created on the computing system and (b) at least one additional file created on the computing system at substantially the same time as the instance of the file and within the same file path as the instance of the file, (3) identifying a reputation associated with the additional file(s), and then (4) generating a reputation rating for the file based at least in part on the reputation associated with the additional file(s). Various other methods, systems, and computer-readable media are also disclosed.