Abstract: A method, system, and computer program product for providing monitoring and interception of malwares in Internet Relay Chat (IRC), which is secure, does not require significant system resources, and is capable of monitoring multiple IRC networks and servers. A method of detecting a computer malware comprises the steps of joining an Internet Relay Chat server, retrieving a list of channels of the Internet Relay Chat server, monitoring at least one channel in the list of retrieved channels, accepting data received from the monitored channel, and storing and logging the data received from the monitored channel.

Abstract: A method, system, and computer program product that provides multiple names of a given malware in a quick and automated fashion. A method of providing names of computer malwares comprises the steps of receiving a sample of a computer malware, scanning the computer malware using a plurality of anti-virus scanners, at least some of the anti-virus scanners generating information identifying the computer malware, and compiling the generated information identifying the computer malware. The information identifying the computer malware may.

Abstract: A method, system, and computer program product provides on-access anti-virus scanning of data files, which can be performed without introducing significant performance degradation and provides delayed file write operation scanning upon interception of a file write operation. A method of detecting a malware comprises the steps of monitoring file access operations of a process, intercepting a file access operation of the process to a file, waiting a time interval, and scanning the file for a malware.

Abstract: A scan of computer files for predefined properties indicative of such things as viruses is disclosed. The scan is performed in a circular manner, such that when all of the files to be scanned have been scanned it starts again from the first file. The ability to update the data defining the properties to be scanned for during a scan is provided.

Abstract: A system and method using inheritance for the configuration, management, and/or monitoring of computer applications and devices via a computer network are disclosed. The method generally comprises calculating control settings to be enforced by an end node corresponding to a device of the network of devices, the control settings being calculated by the corresponding device. The control settings to be enforced by the end node are applicable to the device and the resources of the device. The calculation is performed by the end node or device by accessing data stored in a network directory defining a hierarchical tree structure containing nodes corresponding to the network of devices and defining control settings corresponding to and to be enforced upon the resources available to the devices. The control settings corresponding to the resources of each device are selectively inherited down the hierarchical tree structure of the network directory.

Abstract: A system, method and computer program product are provided for affording network security features. A plurality of network objects are identified. Rule sets associated with one or more of the identified network objects are retrieved. Each rule set includes a plurality of policy rules that govern actions relating to the identified network objects. Overlapping policy rules of the rule sets are reconciled amongst the network objects. The reconciled rule sets are executed. A computer program product and a method are also provided for establishing network security. A plurality of network objects of a network and a plurality of rule sets are provided. The network objects are associated with the rule sets. The rule sets include a plurality of policy rules that govern actions relating to the identified network objects during operation of the network.

Abstract: A system, method and computer program product are provided for translating protocol decode objects. Initially, a plurality of frames is received. Next, the frames are decoded in order to generate protocol decode objects each with a numerical identifier associated therewith. Still yet, the numerical identifier is translated to a textual identifier. The textual identifier associated with the protocol decode objects are then displayed for facilitating the use of the protocol decode objects during network analysis.

Abstract: A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module.

Abstract: A system, method and computer program product are provided for organizing objects associated with a voice application call in a tree representation. Initially, a voice application call is identified. Next, a plurality of connection objects is generated associated with the voice application call. Further, a plurality of session objects associated with the voice application call is identified, along with a plurality of application objects associated with the voice application call. In use, the connection objects, the session objects, and the application objects are organized in a tree representation.

Abstract: A graphical user interface is provided for displaying network analysis. Included is a plurality of tabs selectable by a user. Also included is a plurality of windows each associated with one of the tabs and adapted for displaying a different aspect of a network analysis. In use, the windows are each displayed upon the selection of the associated tab.

Abstract: A system, method, and computer program product are provided for expert application performance analysis. An application is monitored. Performance data is gathered during the monitoring. A set of metrics is generated based on the performance data. A performance of the application is measured from at least one of a client perspective, a server perspective, and a network perspective using the metrics.

Abstract: A system for scanning computer files for unwanted properties, such as containing computer viruses or being spam e-mail, allocates a priority to pending scan requests based upon the identity of a computer user associated with the scan request. In the case of a normal file access request, the computer user associated with the scan request may be the file access request or in the case of an on-demand scan, then the computer user associated with a particular scan request for a computer file may be the owner or creator of that computer file. In the case of scan requests associated with e-mails, the sender or recipient computer user may be used in the allocation of a priority level for the scan request.

Abstract: Aspects of the invention are found in an apparatus for monitoring data on a wireless network. The data is transmitted according to a wireless data network protocol across the network. The apparatus is contained on a portable wireless network analysis device. The portable wireless network analysis device has a wireless network interface that communicatively couples the portable wireless network analysis device to the wireless network. This allows the portable wireless network analysis device to receive data from the wireless network. The portable wireless network analysis device also has a network traffic analyzer. The network traffic analyzer is communicatively coupled to the wireless network interface. The analyzer receives and analyzes the data received from the wireless network. The portable wireless network analysis device is capable of being operated by user at one location and transported to second location.

Abstract: A secure method and system for administering to software on a plurality of client computers is disclosed. One or more pre-set policies for one or more client computers may be stored on and transmitted in a secure manner from a central server that is under the control of a system administrator to the client computers over a public network or e-mail systems. The central server is preferably an HTTP server containing software for creating packages of information and for protecting the integrity of the packages during transmission over a virtual secured pipe. The packages may contain policy for the various clients that are to be maintained. The policy may comprise software configurations for software that resides on the clients, software to be installed on one or more clients, or any other information and data that is needed to maintain and manage the clients.

Abstract: A system, method and article of manufacture are provided for programmable scanning for malicious content on a wireless client device. Initially, an anti-virus program having an instruction set is assembled in a programmable computing language. The anti-virus program is implemented in a wireless client device. A scan for malicious code is performed on the wireless client device utilizing the anti-virus program. A method for programmable scanning for malicious content on a thin client device is also provided. An anti-virus engine is assembled in a programmable computing language. The anti-virus engine is installed on a thin client device. A signature file is also assembled in a programmable computing language, the signature file containing an identifier uniquely identifying a computer virus and a virus detection section comprising object code providing operations to detect the identified computer virus on the thin client device. The signature file is also installed on the thin client device.

Abstract: A system, method and computer program product are provided for affording virus-related services utilizing a network browser toolbar. Initially, a request for virus-related services is received over a network from a network browser associated with a computer. In response thereto, virus-related information is transmitted to the computer for being used in conjunction with the network browser to provide virus-related services. In use, the virus-related services are administered utilizing the virus-related information and a toolbar associated with the network browser.

Abstract: One embodiment of the present invention provides a providing policy-driven intrusion detection system for a networked computer system. This system operates by receiving a global policy for intrusion detection for the networked computer system. This global policy specifies rules in the form of a global security condition for the networked computer system and a global response to be performed in response to the global security condition. The system compiles the global policy into local policies for local regions of the networked computer system. Each local policy specifies at least one rule in the form of a local security condition for an associated local region of the networked computer system and a local response to be performed in response to the local security condition. The system communicates the local policies to local analyzers that control security for the local regions. A local analyzer compiles a local policy into specifiers for local sensors in a local region associated with the local analyzer.

Abstract: A system, method, and computer program product are provided for analyzing a network utilizing an agent/host controller interface. Initially, an agent is sent an interval setting from a host controller. Such agent is adapted to transmit network traffic information based on the interval setting. Such network traffic information is then received from the agent in accordance with the interval setting.

Abstract: One embodiment of the present invention provides a system that facilitates fast network management protocol replies in large tables. The system operates by first receiving a request for a next row from a network management protocol table. The system then compares the object identifier in the request with a pre-calculated object identifier. If the object identifier matches the pre-calculated object identifier, the system responds to the request with a pre-calculated response. If the object identifier does not match the pre-calculated object identifier, the system searches a management information base for the next row in the network management protocol table. Next, the system calculates a response, which includes data from requested columns of the next row. The system then responds to the request.

Abstract: A system, method and computer program product are provided for updating security software on a client. Initially, a parameter indicating a difference between a security update file and a previous security update file is identified. Next, a security program is conditionally updated with the security update file based on the parameter.