Abstract: Systems and methods monitor a system including a remote desktop, a trusted mobile instance, and a delivery handler. The delivery handler can determine if the system is overloaded and to take the appropriate measures to maintain a negotiated minimal QoS and adapt as necessary when the conditions vary. Additionally, the systems and method can address security issues by separating privileges that are typically bundled together in conventional systems, and by applying isolation mechanisms to exposed areas of the system.

Abstract: A system and method is provided for sharing mobile device location information. The method includes receiving signals by a mobile device and determining by the mobile device a first location of the mobile device at a first time based on the signals received by the mobile device. Time data is accessed by the mobile device and the mobile device determines based on the time data that the first time is in a first time window. The first location is transmitted to a particular user device at least responsive to the first time being in the first time window. The mobile device determines a second location of the mobile device at a second time based on the signals received by the mobile device. A first error is applied to the second location at least responsive to the determining of the second location at the second time, and the second location is transmitted including the first error to the particular user device.

Abstract: A method and apparatus for an automated classification and reset of browser settings is provided. A set of disreputable browser setting values is maintained based on statistics associated with the browser setting values. In response to determining that an attempt is made to set a browser setting to a value in the set of disreputable browser setting values, a notification can be presented to the user. The notification can include options in a set of reputable browser settings.

Abstract: A password manager injects credentials into a web browser request. A user can browse to a form provided by a server that includes a password field. A plug-in requests a password for the field from a password manager. The actual password is not provided to the plug-in or the browser. The password manager provides a proxy password that is not the actual password for the field. A request interceptor in a separate process from the browser intercepts the completed request as it is sent to the server and replaces the proxy password with the actual password.

Abstract: Systems and methods authenticate with application extensions. An application extension requests a token from a local application. The local application generates a token and either inserts the token into a protected storage accessible only by the application extension being run by the current user or returns the token back to the application extension after being confirmed by the legitimate user. The application extension uses the token to authenticate itself with the local application.

Abstract: Systems and methods automatically determine rules for detecting malware. A fingerprint representing a file is received. A set of nearest neighbor fingerprints from at least a set of malware fingerprints that are nearest neighbors are determined. The set of malware fingerprints are analyzed to determine a representative fingerprint. A malicious file detection rule is generated based, at least in part, on the representative fingerprint.

Abstract: Systems and method classify a file using filters. A file event can be determined for the file. In response to the file event, metadata is received for the file. In response to receiving the metadata, a filter of a plurality of filters is selected based on the metadata. One or more rules in the selected filter can classify the file to determine an action to be performed with respect to the file.

Abstract: Systems and method identify potentially mislabeled file samples. A graph is created from a plurality of sample files. The graph includes nodes associated with the sample files and behavior nodes associated with behavior signatures. Phantom nodes are created in the graph for those sample files having a known label. During a label propagation operation, a node receives data indicating a label distribution of a neighbor node in the graph. In response to determining that the current label for the node is known, a neighborhood opinion is determined for the associated phantom node, based at least in part on the label distribution of the neighboring nodes. After the label propagation operation has completed, differences between the neighborhood opinion and the current label distribution for nodes are determined. If the difference exceeds a threshold, then the current label may be incorrect.

Abstract: Systems and methods analyze input files to automatically determine malware signatures. A set of input files known to contain a particular type of malware can be provided to a file analyzer. The file analyzer can analyze the file using a sliding window to create vectors from values that are provided by multiple filters that process each window. The vectors created for a file define a response matrix. The response matrices for a set of input files can be analyzed by a classifier to determine useful vector components that can define a signature for the malware.

Abstract: Loading a guest virtual machine from a snapshot includes determining a plurality of executable modules loaded in a guest operating system. Hash values for pages of guest physical memory in the snapshot file are determined. Hash values for pages of the executable modules executing in the guest operating system are determined. Matches to the pages in the guest physical memory and the pages of the executable modules are searched for using the hash values. Context information associated with the matching pages in the guest physical memory and the pages of the executable modules is written to the snapshot. The snapshot is modified to link the guest physical memory to the pages of the executable modules.

Abstract: Systems and methods enable initializing and accessing page metadata stored in the last level of a multi-level page table, wherein an effort is made to reduce the number of metadata initializations and the number of page table walks for sequential accesses in comparison with a naïve method realized by a sequence of random accesses.

Abstract: Methods and systems for administering a browser store for computing device web browser applications, particularly browsers featuring tabbed viewing of web pages. A qualifying trigger event, such as a change in the current active tab of the browser, or a navigation to a URL in the active tab, is detected by an exemplary system. The system, having been monitoring user interaction with the browser's tabs, regulates the browser store such that, upon detecting a trigger event, only data (e.g., cookies) pertaining to the web site whose web page is presently displayed in the browser's active tab is retained. Any other data unrelated to the web site is copied to a virtual memory for future reference and purged from the browser store. Additionally, any data pertaining to the web site that may have been previously transferred to the virtual memory is retrieved therefrom and relocated to the browser store. Moreover, any such data retrieved from the virtual memory that require updating, e.g.

Abstract: Systems and methods create virtual disks for access by a virtual machine. The virtual disk can be created from marked folders such that files and folders containing sensitive data or data not necessary for the purpose of a virtual machine using the virtual disk can be omitted from the virtual disk.

Abstract: Systems and methods create partial snapshot for a volume. Files and folders are identified for inclusion in the partial snapshot. In response to writing updated data to the volume, a volume snapshot layer can determine of the updated data is associated with a file or folder in the partial snapshot. If the file or folder is included in the partial snapshot, original data at the volume location is read from the volume and written to the partial snapshot.

Abstract: Systems and methods for rebooting a UEFI based system, for example from Microsoft Windows, to any UEFI application, include modifying boot configuration data by inserting a boot entry into the UEFI firmware boot manager to cause execution of a non-Windows UEFI application.

Abstract: Systems and methods generate a perceptual image hash of an image. The perceptual image hash can be generated from multiple features extracted from a DCT transformation of the image. The perceptual image hash can be compared to other perceptual image hash values using a weighted Hamming distance function.

Abstract: Systems and methods provide a security function for a device or applications running on a device. A lock tap sequence is entered by a user when the device is to be locked. When the user desires to unlock the device, the user enters a unlock tap sequence. If the lock tap sequence matches the unlock tap sequence, the device is unlocked.