Abstract: The present disclosure describes systems and methods for efficient reporting of data which includes personally identifiable information (PII) and which is collected and processed by a security awareness system. The data may be stored in a data storage system. The data may include a time stamp and queries of an historical nature may be supported.

Abstract: A malware infection prediction method predicts a likelihood that a client device is to be infected with in a period of time based on state and behavior telemetry data. A malware infection prediction system receives telemetry data associated with use (i.e. behavior data) and configuration (i.e. state data) of a client device. By using a trained model, the system predicts a likelihood of the client device becoming infected within a given time frame. Based on the predicted likelihood, the system generates recommendations including recommended actions for reducing the likelihood of the client device becoming infected. The system then generates notifications including the recommendations and sends the notifications to the client device or to an administrative account associated with the client device.

Abstract: A computer security system includes a test management system and associated communication architecture that enables creation of customized tests of computer security application features. A server stores a test script in a custom scripting language. The test script includes a set of control statements that may be organized in a decision tree to control facilitation of the test. Clients poll the server to independently obtain and execute the control statements. Execution of the control statements control which clients participate in a test, which feature will be tested in the test, and what telemetry data will be collected from the clients to evaluate the test. The server evaluates the telemetry data to determine an outcome of the test and determines whether to further distribute or roll back the tested feature based on the test outcome. The testing can be utilized to rapidly and robustly deploy features that will enhance computer security.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: A computer security system includes a test management system and associated communication architecture that enables creation of customized tests of computer security application features. A server stores a test script in a custom scripting language. The test script includes a set of control statements that may be organized in a decision tree to control facilitation of the test. Clients poll the server to independently obtain and execute the control statements. Execution of the control statements control which clients participate in a test, which feature will be tested in the test, and what telemetry data will be collected from the clients to evaluate the test. The server evaluates the telemetry data to determine an outcome of the test and determines whether to further distribute or roll back the tested feature based on the test outcome. The testing can be utilized to rapidly and robustly deploy features that will enhance computer security.

Abstract: A malware infection prediction method predicts a likelihood that a client device is to be infected with in a period of time based on state and behavior telemetry data. A malware infection prediction system receives telemetry data associated with use (i.e. behavior data) and configuration (i.e. state data) of a client device. By using a trained model, the system predicts a likelihood of the client device becoming infected within a given time frame. Based on the predicted likelihood, the system generates recommendations including recommended actions for reducing the likelihood of the client device becoming infected. The system then generates notifications including the recommendations and sends the notifications to the client device or to an administrative account associated with the client device.

Abstract: A security server assigns users sessions to a provider that provides virtual private networks. The security server trains a machine-learned model to identify a provider from a set of providers. The security server obtains connection parameters associated with a requested VPN connection. Connection parameters comprise a location of a computing device that requested the VPN connection, a time of the requested VPN connection, a current and/or historical state of VPN performance data, and user preferences. The security server applies the machine-learned model to the connection parameters to identify a provider. The security server provisions a user session based on the provider and establishes a connection through the provider.

Abstract: A system manages the rate of false positive detections of malware by controlling release of malware definition updates. The system determines a cohort of target devices for distributing an initial release of an update of malware definitions and sends the update exclusively to the target devices. The system then obtains telemetry data which include information associated with usage of the target devices following the update. The system analyzes the telemetry data for instances of false positive detections of malware arising from the update to the malware definitions. Based on the analysis of the telemetry data, the system determines whether to further distribute the update outside of the cohort of target client devices or to roll back the update provided to the cohort. The system executes the decision to further distribute the update or to roll back the update.

Abstract: A computer security system includes a test management system and associated communication architecture that enables creation of customized tests of computer security application features. A server stores a test script in a custom scripting language. The test script includes a set of control statements that may be organized in a decision tree to control facilitation of the test. Clients poll the server to independently obtain and execute the control statements. Execution of the control statements control which clients participate in a test, which feature will be tested in the test, and what telemetry data will be collected from the clients to evaluate the test. The server evaluates the telemetry data to determine an outcome of the test and determines whether to further distribute or roll back the tested feature based on the test outcome. The testing can be utilized to rapidly and robustly deploy features that will enhance computer security.

Abstract: A malware infection prediction method predicts a likelihood that a client device is to be infected with in a period of time based on state and behavior telemetry data. A malware infection prediction system receives telemetry data associated with use (i.e. behavior data) and configuration (i.e. state data) of a client device. By using a trained model, the system predicts a likelihood of the client device becoming infected within a given time frame. Based on the predicted likelihood, the system generates recommendations including recommended actions for reducing the likelihood of the client device becoming infected. The system then generates notifications including the recommendations and sends the notifications to the client device or to an administrative account associated with the client device.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: An approach for standardizing access to user registries, the approach involving providing a first schema extension to an identity management system and a bridge component to an identity management application wherein the bridge component comprises a second schema extension to the identity management application, receiving a request in a first data format associated with the identity management system, converting the request into a second data format associated with the identity management application and executing the request in the identity management application, receiving a response to the request in the second data format, converting the response into the first data format and returning the response to an end user via the identity management system.

Abstract: Client devices detect malware based on a ruleset received from a security server. To evaluate a current ruleset, an administrative client device initiates a ruleset evaluation of the malware detection ruleset. A security server partitions stored malware samples into a group of evaluation lists based on an evaluation policy. The security server then creates scanning nodes on an evaluation server according to the evaluation policy. The scanning nodes scan the malware samples of the evaluation lists using the rulesets and associate each malware sample with a rule of the ruleset based on the detections, if any. The security server analyzes the associations and optimizes the ruleset and stored malware samples. The security server sends the optimized ruleset to client devices such that they more efficiently detect malware samples.

Abstract: An approach for standardizing access to user registries, the approach involving providing a first schema extension to an identity management system and a bridge component to an identity management application wherein the bridge component comprises a second schema extension to the identity management application, receiving a request in a first data format associated with the identity management system, converting the request into a second data format associated with the identity management application and executing the request in the identity management application, receiving a response to the request in the second data format, converting the response into the first data format and returning the response to an end user via the identity management system.

Abstract: An approach for standardizing access to user registries, the approach involving providing a first schema extension to an identity management system and a bridge component to an identity management application wherein the bridge component comprises a second schema extension to the identity management application, receiving a request in a first data format associated with the identity management system, converting the request into a second data format associated with the identity management application and executing the request in the identity management application, receiving a response to the request in the second data format, converting the response into the first data format and returning the response to an end user via the identity management system.

Abstract: A seal assembly can be incorporated into a track joint assembly of an undercarriage of a track-type machine. The track joint can have a first member pivotable about a rotational axis relative to a second member thereof. The first member includes a seal member engagement surface defining, at least in part, an axially-extending seal cavity about the rotational axis and within which the seal assembly is disposed. The seal assembly can include a thrust ring and a seal member mounted to the thrust ring. The seal member includes a first member engagement surface, a second member engagement surface, a frusto-conical inner relief surface, a thrust ring engagement surface, and an outer relief surface.