Abstract: The present disclosure discloses configuring a device to receive, from a transmitting source application, a transmission packet to be transmitted to a destination application; configuring the device to determine connection information included in the transmission packet, the connection information indicating one or more parameters to be utilized by the destination application to connect with the transmitting source application; configuring the device to determine a fingerprint based at least in part on the connection information; configuring the device to compare the determined fingerprint with a trusted fingerprint stored in correlation with an identity of a trusted source application that is known to be unaffected by malware; and configuring the device to process the transmission packet based at least in part on a result of comparing the determined fingerprint with the stored fingerprint is disclosed. Various other aspects are contemplated.

Abstract: A method for controlling access to process data includes encrypting process data of a process; receiving a request to access the process data; requesting a security code to access the encrypted process data; receiving the security code; authenticating the received security code; and granting access to the encrypted process data if the received security code is successfully authenticated and denying access to the encrypted process data if the received security code is not successfully authenticated.

Abstract: A method including receiving, by a responding device, verification information including a current fingerprint associated with a first instance of a source application stored on a transmitting device; determining, by the responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and transmitting, by the responding device based at least in part on the comparing, a result indicating whether a transmission packet to be transmitted utilizing the first instance of the source application potentially includes malicious content. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; determining, by a responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on a result of the comparing. Various other aspects are contemplated.

Abstract: A method including configuring a security device to store, in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; configuring the security device to determine a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; configuring the security device to compare the current fingerprint with the trusted fingerprint; and configuring the security device to process the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.

Abstract: A method including transmitting, by an infrastructure device, a current fingerprint associated with a first instance of a source application; receiving, by the infrastructure device, respective results associated with comparing the current fingerprint with respective verification fingerprints, which are associated with instances of the source application other than the first instance; determining, by the infrastructure device based at least in part on the respective results, a determination result indicating whether the first instance of the source application is to be utilized for transmitting a transmission packet; and transmitting, by the infrastructure device, the determination result to indicate whether the first instance of the source application is to be utilized for transmitting the transmission packet. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; receiving, by the transmitting device, a determination result determined based at least in part on a comparison of the current fingerprint with a verification fingerprint associated with a second instance of the source application stored on another device; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on the determination result. Various other aspects are contemplated.

Abstract: A method including storing, by a device in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; determining, by the device, a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; comparing, by the device, the current fingerprint with the trusted fingerprint; and processing, by the device, the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.

Abstract: A method including configuring a security device to store, in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; configuring the security device to determine a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; configuring the security device to compare the current fingerprint with the trusted fingerprint; and configuring the security device to process the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: A method including storing, by a device in a database, a trusted fingerprint determined based at least in part on encrypting trusted connection information included in a trusted transmission packet received from a trusted source application; determining, by the device, a current fingerprint based at least in part on encrypting current connection information included in a current transmission packet received from a current source application; comparing, by the device, the current fingerprint with the trusted fingerprint; and processing, by the device, the current transmission packet based at least in part on a result of comparing the current fingerprint with the trusted fingerprint. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; receiving, by the transmitting device, a determination result determined based at least in part on a comparison of the current fingerprint with a verification fingerprint associated with a second instance of the source application stored on another device; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on the determination result. Various other aspects are contemplated.

Abstract: A method including transmitting, by a transmitting device, verification information including a current fingerprint associated with a first instance of a source application stored on the transmitting device; determining, by a responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and selectively transmitting, by the transmitting device, transmission data utilizing the first instance of the source application based at least in part on a result of the comparing. Various other aspects are contemplated.

Abstract: A method including receiving, by a responding device, verification information including a current fingerprint associated with a first instance of a source application stored on a transmitting device; determining, by the responding device based at least in part on the verification information, a verification fingerprint associated with a second instance of the source application stored on the responding device; comparing, by the responding device, the verification fingerprint with the current fingerprint; and transmitting, by the responding device based at least in part on the comparing, a result indicating whether a transmission packet to be transmitted utilizing the first instance of the source application potentially includes malicious content. Various other aspects are contemplated.

Abstract: A method including transmitting, by an infrastructure device, a current fingerprint associated with a first instance of a source application; receiving, by the infrastructure device, respective results associated with comparing the current fingerprint with respective verification fingerprints, which are associated with instances of the source application other than the first instance; determining, by the infrastructure device based at least in part on the respective results, a determination result indicating whether the first instance of the source application is to be utilized for transmitting a transmission packet; and transmitting, by the infrastructure device, the determination result to indicate whether the first instance of the source application is to be utilized for transmitting the transmission packet. Various other aspects are contemplated.

Abstract: Systems and methods for using a kernel module to provide computer security are provided herein. In some embodiments, a method for providing computer security may include launching a kernel module at the kernel-level of a computing device, redirecting, using the kernel module, communications traffic away from a browser executing on the computing device, decoding, using the kernel module, the received traffic to create decoded traffic, analyzing the decoded traffic, using the kernel module, for content having particular characteristics and create analyzed traffic, encoding, using the kernel module, at least a portion of the analyzed traffic to create encrypted traffic, and directing the encrypted traffic to the browser.

Abstract: A method for controlling access to process data includes encrypting process data of a process; receiving a request to access the process data; requesting a security code to access the encrypted process data; receiving the security code; authenticating the received security code; and granting access to the encrypted process data if the received security code is successfully authenticated and denying access to the encrypted process data if the received security code is not successfully authenticated.

Abstract: A method and apparatus for providing IP address filtering. The method identifies one or more suspicious Uniform Resource Locators (URLs) and resolves the one or more suspicious URLs to one or more suspicious IP addresses. A suspicious IP address list is created containing the one or more suspicious IP addresses. The suspicious IP address list may be used to facilitate a security response to filter one or more of the IP addresses in the suspicious IP address list.

Abstract: Systems and methods for archive scanning are provided herein. In some embodiments, a method includes: selecting an archive; reading a metadata representing a plurality of files within the archive; reading a plurality of hash strings from the archive; comparing the plurality of hash strings with a database of hash strings; and determining, based on the comparing, if the plurality of files within the archive represent a security threat based on the plurality of hash strings.