Abstract: A security system with methodology for computing a machine independent unique identifier for an executable file across different machines is described. In response to a request to uniquely identify an executable file that has been installed on a given machine, portions of the executable file modified as a result of installation of the executable file on the given machine are identified. A machine independent unique identifier is determined by performing a calculation on the executable file. The calculation is performed by excluding at least the identified portions of the executable file modified as a result of installation of the executable file on the given machine.

Abstract: A system providing methods for anti-virus cooperative enforcement is described. In response to a request from a device for access to protected resources, such as a network or protected data, a determination is made as to whether an anti-virus policy applies to the request for access made by the device. If an anti-virus policy is applicable, information pertaining to virus protection available on the device is collected. The virus protection information that is collected is evaluated to determine whether the device is in compliance with the anti-virus policy. If the device is determined to be in compliance with the anti-virus policy, the device is allowed to access the protected resources.

Abstract: A system providing methods for indirect access control is described. When an attempt to access a network by a first application is detected, a determination is made as to whether at least one other application is attempting indirect network access through the first application. If at least one other application is determined to be attempting indirect network access, each such other application is evaluated to determine if it is approved for network access. If each such other application is approved for network access, access to the network is permitted. Otherwise, access to the network is denied.