Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: In some implementations, a computing device may configure a new device based on a current state of an old device, including settings, preferences, and other user data. The data may be transferred from the old device to the new device, and then relocated according to a manifest that details positions of the data on the old device. The destination device may be rebooted into a configuration mode to allow for the relocation of the transferred data, and then rebooted again to configure the destination device to provide access to the data in its respective relative locations on the destination device.

Abstract: Systems, methods and computer program products are disclosed for associating unique identifiers to files of a file system to indicate that the contents of the files have changed. In some implementations, a counter value associated with a file is incremented or decremented each time the file contents are changed. The unique identifier may be stored with the file contents and file metadata in the cache. When a process requests access to the cached file contents, the process requests the unique identifier from a system component and compares the unique identifier with the unique identifier returned by the system component. If the two unique identifiers are the same, the cached file contents are deemed valid and can be used by the process. If the two unique identifiers are different, the cached file contents are deemed invalid.

Abstract: An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.

Abstract: The present invention is directed toward a system, method, and a computer-readable medium for efficiently loading data into memory in order to scan the data for malware. The logic provided in the present invention improves the experience of a user when operating a computer protected with antivirus software. One aspect of the present invention is a method that identifies a pattern in which data in a file is loaded into memory from a computer-readable medium. Then the method identifies a pattern in which data in the file may be loaded into memory in a way that minimizes the time required to read data in the file. When a subsequent scan of the file is scheduled to occur, the method causes data in the file to be loaded in memory using the pattern that minimizes the time required to read data in the file.

Abstract: The present invention is directed toward a system, method, and computer-readable medium that scan a file for malware that maintains a restrictive access attribute that limits access to the file. In accordance with one aspect of the present invention, a method for performing a scan for malware is provided when antivirus software on a computer encounters a file with a restrictive access attribute that prevents the file from being scanned. More specifically, the method includes identifying the restrictive access attribute that limits access to the file; bypassing the restrictive access attribute to access data in the file; and using a scan engine to scan the data in the file for malware.

Abstract: An arrangement for scanning and patching injected malware code that is executing in otherwise legitimate processes running on a computer system is provided in which malware code is located in the memory of processes by extracting the start addresses of processes' threads and then searching near these addresses. Additional blocks of code in memory that are invoked by the code identified by each start address are also identified and the blocks are then matched against scanning signatures associated with known malware threads. If the entire signature can be matched against a subset of the blocks, then the thread is determined to be infected. The infected thread is suspended and in-memory modifications are performed to patch the injected code to render it harmless. The thread can be resumed or terminated to disable the protection mechanisms of the malware without causing any harm to the process in which the thread is injected.