Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.

Abstract: There is provided a method including generating, by a security application executed in a processing device, an application list including one or more applications which are currently running in the processing device; identifying at least one network address fulfilling predetermined criteria; determining which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within a predefined time period; and providing a post-processing entity with the application list and an indication on which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within the predefined time period.

Abstract: A method and apparatus for providing information to a security application at a client device. A server receives a request from the client device for information of an object at the client device. The request includes the signature information required by the server to identify the object. The server queries a database to determine the required information of the object and to determine information of at least one further object, and a response is sent to the client device. The response includes the information relating to the object, an identity of the at least one further object, and the information relating to the at least one further object.

Abstract: The present invention relates to a method for synchronizing files between devices between two devices. The method includes creating a rule to control the synchronization of the file. The rule includes at least one condition for synchronization which is dependent upon a property of a device.

Abstract: A method and apparatus for detecting malware in which a computer device that has an operating system and a memory executes an untrusted computer program. In the event that the untrusted program directly accesses a region of the memory used to store information relating to the operating system, a determination is made that the untrusted program is likely to be malware.

Abstract: There is provided a method including generating, by a security application executed in a processing device, an application list including one or more applications which are currently running in the processing device; identifying at least one network address fulfilling predetermined criteria; determining which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within a predefined time period; and providing a post-processing entity with the application list and an indication on which of the at least one network address fulfilling the predetermined criteria has been connected to by the processing device within the predefined time period.

Abstract: The present invention relates to a method for synchronising files between devices between two devices. The method includes creating a rule to control the synchronisation of the file. The rule includes at least one condition for synchronisation which is dependent upon a property of a device.

Abstract: A method and apparatus for detecting malware in which a computer device that has an operating system and a memory executes an untrusted computer program. In the event that the untrusted program directly accesses a region of the memory used to store information relating to the operating system, a determination is made that the untrusted program is likely to be malware.

Abstract: A method and apparatus for providing information to a security application at a client device. A server receives a request from the client device for information of an object at the client device. The request includes the signature information required by the server to identify the object. The server queries a database to determine the required information of the object and to determine information of at least one further object, and a response is sent to the client device. The response includes the information relating to the object, an identity of the at least one further object, and the information relating to the at least one further object.

Abstract: A method of performing an anti-virus scan on an electronic file. An anti-virus application running at a computer device determines that an electronic file requires scanning. The electronic file is placed in a queue for analysis, and the state of the electronic file is altered such that it can be written to a memory but not accessed before analysis is complete. An icon associated with the electronic file is altered to indicate that the analysis is not yet complete, the icon being displayable on a display device. Once the electronic file has been analysed, the icon associated with the electronic file is altered again to indicate that it has been analysed.

Abstract: A method and apparatus for scanning for or removing malware from a computer device. Under normal circumstances, the computer device is controlled by a first operating system installed in a memory of the device. In order to scan for or remove the malware from the computer device, control of the computer device is passed from the first operating system to a second operating system and, under the control of the second operating system, the device is either scanned for malware or the malware is removed. This allows malware to be detected or removed, even if it has affected the first operating system in some way in order to evade detection or removal.