The paper proposes approach to use new tools for malware detection in corporate networks, which are distributed systems with partial centralization. To make decision about malware presence, the components which includes specified decision-making for the system's center are defined as a decentralized subsystem. To determine the states of the system components, characteristic indicators are proposed, and generalized analytical expressions for their calculation are developed. Such calculations make it possible to assess the state of the components in the system in order to determine its further steps. As a result, the system is the basis for usage of different malware detection methods in combination with the system components as an integral sensor. To test the system, a worm-virus detection method was implemented and experiments were conducted. The results of experimental studies approved the efficiency of the proposed solution.