Abstract: This disclosure relates to a method, article of manufacture, and apparatus of performing backup in a failover cluster. In some embodiments, this includes determining whether a repository is part of a failover cluster, based on a determination that the repository is part of the failover cluster, analyzing a role associated with the repository, upon a determination that the role indicates the repository is a failover candidate within the failover cluster, triggering a secondary backup of the repository, and upon a determination that the role indicates the repository is a primary repository within the failover cluster, triggering a primary backup of the repository.

Abstract: Particular embodiments described herein provide for an electronic device that can be configured to receive untrusted input data at an enclave in an electronic device, isolate the untrusted input data from at least a portion of the enclave, communicate at least a portion of the untrusted data to an integrity verification module using an attestation channel, and receive data integrity verification of the untrusted input data from the integrity verification module. The integrity verification module can perform data integrity attestation functions to verify the untrusted data and the data integrity attestation functions include a data attestation policy and a whitelist.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: In one example, a method for detecting failover in a database mirroring system that begins when a determination is made as to the time of the most recent backup of the principal database. Next, the time of the most recent backup of the mirror database is determined. Then, the time of the most recent backup of the principal database is compared to the time of the most recent backup of the mirror database to determine if the principal database was backed up most recently. Finally, if the mirror database is the database that was backed up most recently, it is established that failover has occurred.

Abstract: A database management system add-in for third party backup and restore applications is described. An opportunity to select from multiple backup and restore applications is enabled via a user interface of a database management system. A selection of a backup and restore application of the multiple backup and restore applications is received. Multiple options offered by the backup and restore application are displayed. A selection of an option of the multiple options is received. Execution of the option is enabled, wherein the option is unavailable via a native backup and restore application offered by the database management system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying and processing malicious threads In one aspect, a method includes identifying a memory heap block; identifying threads that reside in the memory heap block; determining whether at least one of the identified threads in the memory heap block is a malicious thread; and in response to determining that at least one of the identified threads is a malicious thread, terminating each of the identified threads.

Abstract: Displaying configuration test results by leveraged data protection software is described. A memory location is read where a display file is stored for a software installer. A configuration checker is executed for the computer. Results are read from executing the configuration checker. The results are written to the memory location. A leveraged software creation tool is prompted to display the display file via an output device. The leveraged software creation tool lacks the capability to dynamically load the display file.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: Systems and methods to provide a generic framework for application specific data exchange are shown. In example embodiments a data container is received. The data container includes data saved to a master data system. The data container is buffered. At least one backup data system is determined based on attributes of the data container. A determination is made as to whether the at least one backup data system is available. When the at least one backup data system is available, the data container is forwarded to the at least one backup data system.

Abstract: A method for securing an electronic device includes, at a level below all of the operating systems of an electronic device, trapping a first attempt and second attempt to access sensitive system resources of the electronic device. The method also includes identifying the first attempt and second attempt as representing a potential malware attack, comparing the sequence of the first attempt and second attempt against a first anti-malware rule, and, based on the comparison of the sequence of the first attempt and second attempt against the first anti-malware rule, allowing the second attempt. The first attempt and second attempt originate from code of the same operating entity. The first anti-malware rule includes a requirement of a sequence of attempts including the first attempt followed by the second attempt.

Abstract: A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware.

Abstract: A method for detecting malware includes determining one or more object-oriented components of an electronic device, trapping at a level below all of the operating systems of the electronic device an attempt to access an object-oriented component of the electronic device, determining an entity causing the attempt, accessing one or more security rules, and, based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware.

Abstract: A system, method, and computer program product are provided for detecting hidden or modified data objects. In use, a first set of data objects stored in a device is enumerated, where the enumeration of the first set of data objects is performed within an operating system of the device. Additionally, a second set of data objects stored in the device is enumerated, where the enumeration of the second set of data objects is performed outside of the operating system of the device. Further, the first set of data objects and the second set of data objects are compared for identifying hidden or modified data objects.

Abstract: A rootkit scanning system, method, and computer program product are provided. In use, at least one hook is traversed. Further, code is identified based on the traversal of the at least one hook. In addition, the code is scanned for at least one rootkit.

Abstract: A security data structure, method and computer program product are provided. In use, computer code is received. Furthermore, functions in the computer code that control a behavior of the computer code when executed are statically identified.

Abstract: A method, article of manufacture, and apparatus for protecting data, comprising receiving information about objects stored on a plurality of hosts, determining whether an object needs to be backed up, and if the object needs to be backed up, requesting each host having the object to provide a portion of the object to a target. Information about the objects and backup may be stored in an index. A requesting host may request an object to be restored to a target. It is determined whether the object is available at the backup and at other hosts, and the backup and hosts having the object may be requested to provide portions of the object to the target, which may be the requesting host. The index may be used to determine availability of the object at the backup and other hosts.

Abstract: Systems and methods to provide a generic framework for application specific data exchange are shown. In example embodiments a data container is received. The data container includes data saved to a master data system. The data container is buffered. At least one backup data system is determined based on attributes of the data container. A determination is made as to whether the at least one backup data system is available. When the at least one backup data system is available, the data container is forwarded to the at least one backup data system.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for identifying and processing malicious threads In one aspect, a method includes identifying a memory heap block; identifying threads that reside in the memory heap block; determining whether at least one of the identified threads in the memory heap block is a malicious thread; and in response to determining that at least one of the identified threads is a malicious thread, terminating each of the identified threads

Abstract: A security data structure, method and computer program product are provided. In use, computer code is received. Furthermore, functions in the computer code that control a behavior of the computer code when executed are statically identified.

Abstract: A security data structure, method and computer program product are provided. In use, computer code is received. Furthermore, functions in the computer code that control a behavior of the computer code when executed are statically identified.