Patent attributes
A computer-implemented method for detecting malware may include 1) identifying a file represented within a file system by a file name, 2) identifying a creation of a hard link to the file that uses an additional file name, 3) updating a database with an association between the file name and the additional file name, 4) identifying a file-closing operation within the file system and determining that the target file name of the file-closing operation was removed from the file system after the file-closing operation, 5) querying the database with the target file name and identifying an existing file name representing the file based on the association, and 6) scanning the existing file name for malware in response to the file-closing operation instead of scanning the target file name because the target file name was removed from the file system. Various other methods, systems, and computer-readable media are also disclosed.