Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: Minimizing the latency of on-device detection of malicious executable files, without sacrificing accuracy, by applying a machine learning model to an executable file in quantized steps. Allowing a threshold confidence level to be set to different values enables controlling the tradeoff between accuracy and latency in generating a confidence level indicative of whether the executable file includes malware.

Abstract: A method of generating a synthetic user profile to protect the user's privacy includes generating a synthetic profile comprising a plurality of profile elements and selecting a network egress point for use with the synthetic profile. The synthetic profile elements and egress point have a consistent geographic location, or the synthetic profile elements are consistent with other external information.

Abstract: A method of controlling use of network-connectable devices is provided. The method includes monitoring by a first computational process, operating at a first processor utilization level, communication on a user device operated by a particular user and determining based on the monitoring by the first computational process a trigger event. The method further includes monitoring by a second computational process, operating at a second processor utilization level higher than the first processor utilization level, the communication on the user device responsive to determining the trigger event. Use of the user device is restricted based at least on the monitoring by the second computational process of the communication.

Abstract: Systems and methods obtain personal identity information, identify a user's personal documents containing sensitive information, and can optionally protect the sensitive documents. A user's personal identity information can be obtained from various sources such as operating system, email clients, web browsers, Active Directory or from user's documents. The user's documents on hard drives, cloud storage etc. can be searched. Sensitive documents with personal identities are identified and optionally protected against misuse and theft.

Abstract: An electronic messaging method is provided, the method implemented by one or more processors. The method includes launching a textual communication application by a user device including a user interface. In the user interface a data entry interface is enabled including language elements in a particular language determined based on an international calling code of a stored textual communication involving a user of the user device or a language of a stored textual communication involving a user of the user device, the stored textual communication comprising text transmitted by the user of the user device or text received by the user of the user device from a particular party. Textual input is received via the data entry interface including the language elements in the particular language.

Abstract: Systems and methods for normalizing entry point instructions include receiving a scope of instructions starting at an entry point of executable code. For each instruction in the scope of instructions, a determination is made if the instruction performs an ineffective operation or if the instruction, in combination with another instruction, renders either or both instructions ineffective. Ineffective instructions are filtered such that they do not appear in an output buffer.

Abstract: Analyzing a large number of files to identify malicious software including evaluating a multigraph including determining a graph having a plurality of nodes, including a source node and target nodes from a data set and merging the graph into a multigraph in response to a node score above a threshold level, for each target node; determining one or more specificity indexes for target node and determining a node score for the target node based, at least in part, on a specificity index.

Abstract: A method of controlling use of network-connectable devices is provided. First network requests from a first user device executing a first operating system are monitored, and applications operating in the foreground on the first user device during the first network requests are monitored. A model is trained based on the first network requests and based on the applications respectively operating in the foreground on the first user device during the first network requests. Second network requests from a second user device executing a second operating system are monitored, and the model is applied to the second network requests from the second user device to determine a particular application operating in the foreground on the second user device. A function of the second user device is restricted based on the determining of the particular application operating in the foreground on the second user device.

Abstract: A method of controlling use of network-connectable devices is provided. The method includes monitoring by a first computational process, operating at a first processor utilization level, communication on a user device operated by a particular user and determining based on the monitoring by the first computational process a trigger event. The method further includes monitoring by a second computational process, operating at a second processor utilization level higher than the first processor utilization level, the communication on the user device responsive to determining the trigger event. Use of the user device is restricted based at least on the monitoring by the second computational process of the communication.

Abstract: A device identification module identifies devices on a remote network, where the remote network may use Network Address Translation techniques. The device identification module can receive a list of devices on the remote network. The devices in the remote network can be identified by the device classification module based, at least in part, on the device classification and one or more of Dynamic Host Configuration Protocol (DHCP) information for the remote network, port sequences used in Network Address Translation on the remote network, and a live Uniform Resource Locator (URL) check performed on the remote network.

Abstract: A content filter setting method includes enabling a user to choose a setting of a filter for a particular application in a user interface of a user device. The setting of the filter is received from the user via the user interface, and a model is applied to determine a plurality of default settings of a plurality of filters of the particular application based on the setting of the filter and the identifying information of the user. The plurality of default settings is displayed in the user interface, and modified settings of the default settings are received via the user interface.

Abstract: Systems and methods detect suspicious application overlays on a device. An overlay detection unit can detect if a first foreground application has been replaced, within a threshold amount of time, by a second foreground application. If the replacement time is below a threshold amount of time, a suspicious overlay detection can be triggered to alert the user to a possible phishing attempt by the second foreground application.

Abstract: A system persistently presents consistent properties of devices on a local network based on observed values for the network devices, and values derived from the observed values. The observed values may be received from an agent based on scans of the local network. Even though some scans may be faulty resulting in missing or incorrect data, a user can be consistently presented with properties of the device, even when the missing or incorrect data would otherwise cause a change to the property. For instance, the system may replace a data value that is either missing or determined to be incorrect with a value that is determined, based on historical or lab observations, to be the likely correct value based on the assumed state or likely state of the observed device.

Abstract: Systems and methods provide real-time feedback of the effect of changes in router placement and physical configuration on the overall quality of device connections. This feedback assists a user to improve placement and physical configuration, until an optimal positioning or configuration is found.

Abstract: A method includes monitoring data security events on mobile computing devices and positions of the mobile computing devices when the plurality of data security events occurred. A plurality of demographic information of the plurality of geographic positions are determined and a classifier is trained based on the data security events and demographic information. A particular mobile computing device is determined to be located at a particular geographic location and particular demographic information of the particular geographic location is determined. The classifier is applied to the particular demographic information and a particular security risk prediction of the particular geographic location is generated. A particular security measure is activated on the particular mobile computing device based on the particular security risk prediction.

Abstract: Dynamic binary instrumentation (DBI) or dynamic binary translation (DBT) of an examined process can be postponed until a point of interest is reached. Portions of the examined process can be run in native mode until the point of interest is reached. Upon reaching the point of interest, DBI and/or DBT can be performed.

Abstract: Phone numbers can be identified as being associated with spam callers. Data associated with previously identified spammer phone numbers is analyzed to obtain one or more input parameters for a classification engine. The classification engine uses the input parameters to identify one or more phone numbers in data associated with currently active phone numbers as being associated with spam callers. The one or more phone numbers identified as being associated with spam callers can be provided to call blockers of end-user telephone devices.

Abstract: A device control method includes monitoring location of a first user device of a first user and receiving an indication of a location of a second user device. The method further includes monitoring use of the second user device and determining a first time of use on the second user device. The first time of use on the second user device is allocated to a use time of a second user based on the location of the first user device relative to the location of the second user device, and a functional component of a third user device of the second user is disabled based at least on the use time of the second user.

Abstract: A similarity fingerprint for a data object such as a file can be automatically determined using one or more anchor values. The one or more anchor values can be provided or determined. For each anchor value, a set of distances between each instance of the anchor value in the data object is determined. The set of distances for the instance of the anchor value is aggregated into a single value. The single value is added as a component of the similarity fingerprint. Thus, if there are N anchor values, there can be N components of the similarity fingerprint. The similarity fingerprints of different data objects can be compared and the results of the comparison can be used to determine how similar the data objects are.