Abstract: Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.

Abstract: Controlling code execution on a computing device may prevent malicious code from executing. In order to control code execution, context information for code packages on the computing device can be maintained. The context information may be generated upon initialization of the computing device or if changes to the code package are made. The context information may be used in conjunction with access control lists (ACLs) and/or execution control lists (ECLs) in order to quickly evaluate whether a code package should be allowed to execute.

Abstract: Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.

Abstract: A roaming domain name system (DNS) firewall is provided for execution by an endpoint agent provided on a mobile computing device. The increase of the mobile workforce presents security challenges as mobile computer devices are regularly connecting to unknown, untrusted or unverified networks. These networks can present security risks to organizations by routing URL resolutions requests to malicious DNS servers that may be utilized for redirecting traffic to unsafe hosts. A roaming DNS firewall on the mobile computing device monitors access to networks to determine if the network is deemed safe or unsafe based upon associated network parameters. In response to the determination of an unsafe network the DNS identifiers are modified or trusted to a trusted DNS to ensure DNS requests are not processed by a malicious DNS host.

Abstract: A network monitoring, reporting and risk mitigation system collects events at a computing device within the local network to provide improved network security. The events are aggregated into alerts, which may be processed according to triggering definitions in order to create ARO (action, recommendations and observations) reports providing required or recommended actions to take or observations to a network administrator. The ARO reports may be processed by a remote server in order to generate contextual feedback for updating the triggering definitions.

Abstract: Ransomware attacks may be prevented by monitoring file access requests. When a process requests a directory listing, the results provided may be modified based on whether the process is trusted or not. For trusted processes, the results provided are the actual directory listing, while the results provided to processes that aren't trusted may be modified to include seeded files. Access to the seeded files may be monitored to determine if the process is associated with a ransomware attack, and steps taken to mitigate an attempted ransomware attack. Ransomware may also be prevented by ensuring that only trusted processed are allowed to access certain files. In order to provide an improved user experience, the processes can be determined automatically from a system structure and their trustworthiness determined.