Abstract: A client on a network includes a file system that includes various non-streamable software applications. A streaming support system in the client enables a streamable software application to be located in the file system and executed in a streaming mode without being isolated from the non-streamable software applications in the file system. Non-streamable software applications can invoke the streamable software application, and vice versa. Multiple streamable software applications can be concurrently located throughout the file system and can be executed in the client in the streaming mode without restriction to any particular portion of the main file system. Streamable applications can be located anywhere in the file system that the corresponding non-streamable versions of the applications would be able to be located. The main file system does not need to contain complete copies of the required files for any streamable applications.

Abstract: A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.

Abstract: A method for monitoring a data structure maintained by guest software within a virtual machine is disclosed. Changes to the contents of the data structure are determined, such as by placing write traces on the memory pages containing the data structure. Also, the method involves determining when memory pages containing the data structure are swapped into and/or out of guest physical memory by the guest software, such as by placing write traces on the memory pages containing the guest page table and detecting changes to the present bit of page table entries involved in mapping virtual addresses for the data structure. Information about the contents of the data structure is retained while memory pages containing the data structure are swapped out of guest physical memory.

Abstract: A software application streamed from a host system to a target system comprises the installation or configuration logic for another software application. In certain embodiments, the installation logic conforms to a well-known installation standard. The described technique allows the use and/or execution of installation logic or other related objects when these objects do not exist in their entirety on the target system. The application installation that results from this process may configure the subsequent application to be delivered only in part (in streamed mode) or in its entirety.

Abstract: A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module.

Abstract: An apparatus and method for the grouping and prioritization of data events using behavioral modeling. The number of events to be analyzed is reduced by generating a behavioral model comprising modeling events groups, by grouping similar events into event groups, by calculating and assigning priority indicators based on the characteristics of the event groups and the behavioral model.

Abstract: A client on a network includes a file system that includes various non-streamable software applications. A streaming support system in the client enables a streamable software application to be located in the file system and executed in a streaming mode without being isolated from the non-streamable software applications in the file system. Non-streamable software applications can invoke the streamable software application, and vice versa. Multiple streamable software applications can be concurrently located throughout the file system and can be executed in the client in the streaming mode without restriction to any particular portion of the main file system. Streamable applications can be located anywhere in the file system that the corresponding non-streamable versions of the applications would be able to be located. The main file system does not need to contain complete copies of the required files for any streamable applications.

Abstract: A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module.

Abstract: A method of intercepting application program interface, including dynamic installation of associated software, within the user portion of an operating system. An API interception control server in conjunction with a system call interception module loads into all active process spaces an API interception module. An initializer module within the API interception module hooks and patches all API modules in the active process address space. When called by the application programs, the API routines' flow of execution, by virtue of their patched code, is re-directed into a user-supplied code in a pre-entry routine of the API interception module. The API routine might be completely by-passed or its input parameters might be filtered and changed by the user code. During the operation, the API routine is double-patched by the API interception module to ensure that all simultaneous calls to the API routine will re-direct its flow of control into the API interception module.

Abstract: A software application streamed from a host system to a target system comprises the installation or configuration logic for another software application. In certain embodiments, the installation logic conforms to a well-known installation standard. The described technique allows the use and/or execution of installation logic or other related objects when these objects do not exist in their entirety on the target system. The application installation that results from this process may configure the subsequent application to be delivered only in part (in streamed mode) or in its entirety.

Abstract: A method for detecting and preventing unauthorized or illegal attempts to gain enhanced privileges within a computing environment by exploiting the buffer overflow-related weakness of the computer system.