Abstract: Disclosed are systems and methods for providing access to computer files, including receiving, by a hardware processor, from a remote computer, a request to access a file; determining one or more parameters of at least one of the requested file, the remote computer and a user of the remote computer; determining, based on the one or more parameters, access rules for the requested file, wherein the access rules specify at least encryption requirements for the requested file, and applying, by the hardware processor, the access rules to the requested file.

Abstract: Disclosed are systems and methods for ensuring confidentiality of information of a user of a service. One example method includes receiving a request to carry out an operation control procedure for the service; identifying the user of the service; selecting a trusted device associated with the identified user of the service; sending, to the selected trusted device, a request for confidential information of the user, wherein the confidential information is used to carry out the operation control procedure; receiving the confidential information from the selected trusted device; and carrying out the operation control procedure using the received confidential information.

Abstract: Disclosed are systems and methods for providing access to computer files, including receiving, by a hardware processor, from a remote computer, a request to access a file; determining one or more parameters of at least one of the requested file, the remote computer and a user of the remote computer; determining, based on the one or more parameters, access rules for the requested file, wherein the access rules specify at least encryption requirements for the requested file, and applying, by the hardware processor, the access rules to the requested file.

Abstract: A method, system and computer program product for blocking access to restricted elements of application interface and covering the restricted elements by trusted interface elements. The system includes an analyzer module, a database of restricted elements and a blocking module. The analyzer module is configured to detect interface elements of an active application rendered on a computer or a mobile device. The analyzer module determines if an application interface element is restricted by comparing the application interface element against the known restricted interface elements from the database. If the restricted element is detected, the analyzer module sends the data about the restricted element to the blocking module. The blocking module covers the restricted interface element by a trusted interface element or by an image.

Abstract: Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest.

Abstract: An initial trust status is assigned to a first object, the trust status representing one of either a relatively higher trust level or a relatively lower trust level. Based on the trust status, the first object is associated with an event type to be monitored, where the event type is selected from among: essential events, occurrence of which is informative as to trust status evaluating for an object, and critical events, including the essential events, and additional events, occurrence of which is informative as to execution of suspicious code. Occurrences of events relating to the first object are monitored. In response to the first object being assigned the relatively higher trust level, only the essential events are monitored. In response to the first object being assigned the relatively lower trust level, the critical events are monitored. A need for performing malware analysis is determined based on the trust status of the first object and the event type.

Abstract: Disclosed are systems, methods and computer program products for detection of malicious executable files based on the similarity of various types of extractable resources of the executable files. In one aspect, the system determines a type of an executable file being analyzed and determines types of extractable resources of the executable file based on the type of the executable file. The system then extracts the identified extractable resources of the executable file and compares the extracted resources to known resources of malicious executable files. The system then determines a degree of similarity between the compared resources. The system then determines whether the executable file is malicious based on a degree of similarity of the one or more compared resources.

Abstract: Disclosed are systems, methods and computer program products for control of applications using preliminary file filtering. An example method includes intercepting, by a processor, an operation on a file performed by an application; selecting at least a part of the file; applying one or more file filters to the selected part of the file; determining a set of file characteristics based on outcomes of the file filters; determining a decision, based on the set of file characteristics, whether to exclude the file from further analysis by a client of an application control system; and based on the decision, excluding the file from the further analysis by the client of the application control system or providing the file to the client of the application control system for further analysis whether to allow or prohibit the operation on the file.

Abstract: Disclosed are systems and methods for valuating compliance of computer resources, including valuating compliance of a hardware or software resource of a computer system with requirements for the computer system; valuating compliance of one or more objects of interest associated with the hardware or software resource with requirements for the objects of interest; and valuating overall compliance of the hardware or software resource based on the compliance of said hardware or software resource with the requirements for the computer system and the compliance of the one or more objects of interest associated with said hardware or software resource with the requirements for the objects of interest.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts.

Abstract: Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file.

Abstract: Disclosed are systems, methods, and computer program products for preserving and subsequently restoring a state of a program emulator. In one aspect, the system loads a file into an emulator of the computer system and determines whether an emulation is being performed for the first time. When the emulation is performed for the first time, the system loads into the emulator an initial image of the emulator state and emulates the file using the loaded initial image of the emulator state. During emulation, the system creates and stores new images of the emulator state upon occurrence of predefined conditions. When the emulation is not performed for the first time, the system identifies new images of the emulator state created during initial emulation of the file, loads into the emulator the identified images, and resume emulating the file using the new images of the emulator state.

Abstract: Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules.

Abstract: Methods, systems, and computer program are provided for managing access to computer resources by receiving a request, from a client, for performing one or more operations on a computer resource; determining functions of a resource manager that are required to perform the requested one or more operations on the resource; obtaining metadata of the resource, security policies for the client to perform the requested one or more operations on the resource, and data about other operations requested by other clients on the resource; and performing the requested one or more operations on the resource when the requested one or more operations do not result in altering the metadata or violating the isolation of the resource by the requested one or more operations, do not result in violating the rights of the client, and do not result in distorting the results of the other operations requested by the other clients.

Abstract: Transparent proxy services are provided reliably. A TCP/IP input stream is received that includes data and control packets directed to a destination address that is different from a network address of the proxy. Incoming TCP data packets and control packets are intercepted. Intercepted data packets are processed asynchronously with respect to reception of other TCP data packets. At the start of the processing, an indicator is set to represent an active state of the processing; at the conclusion of the processing an output of the processing is sent to a determined destination for the first TCP data packet, and the indicator is set to represent a non-active state of the processing. In response to the state of the indicator representing the active state of the processing, control packets are delayed by the proxy.

Abstract: Among a plurality of virtual machines running on a host system are a set of virtual machines that provide an operating system, a lightweight agent module, and user applications to be executed. Also, a special-purpose virtual machine executes a central security module. The central security module performs security-related tasks on behalf of individual ones of the other virtual machines, and includes a malware remediation module that generates malware remediation instructions to be executed by the respective virtual machines.

Abstract: A system and method for capturing and re-calling an application function. The method of function re-call during anti-virus check includes the following steps: function intercept (capture); anti-virus analysis of the parameters used to call the function; preparing of an application stack for function re-call (when the analysis did not detect any malicious functionality); and calling the function again. The exemplary method can be used with browsers and other applications.

Abstract: Aspect of the invention are directed to antivirus scanning, by a proxy server, of data downloaded from the network onto a PC workstation. The antivirus scanning is optimized for each scan by selecting an algorithm for that scan based on a determined overall likelihood that the downloaded data contains malicious code. Determination of the overall likelihood is augmented by the strength, or confidence, of statistical data relating to malware screening of results of previous downloads having similar parameters to the instant download.

Abstract: A mobile device and associated method and computer-readable medium, wherein the device is configurable for data protection readiness. A preparation module is configured to perform preprocessing to prepare the mobile device for data protection readiness, the preprocessing includes: indicating certain items of data stored in the data storage arrangement which are of personal importance to an owner of the mobile device; indicating criteria that defines a situation for which the items of data of personal importance are to be secured; and indicating a set of actions to be carried out to secure the items of data of personal importance. A protection module is configured to monitor for an occurrence of the situation for which the items of data of personal importance are to be secured based on the criteria indicated by the preparation module, and to execute the set of actions indicated by the preparation module in response to a detection of the occurrence of the situation.

Abstract: Computer-implemented process and apparatus for screening data for malware. Received data stored in at least one data store includes at least: (i) a first protected item of data containing contents that are generally inaccessible without specific access credential information, and (ii) specific access credential information corresponding to the first protected item of data. The received data is analyzed to detect any protected items of data therein based on predetermined protected data item identification criteria and to detect any access credential information contained therein based on predetermined access credential identification criteria. In response to a detection of the specific access credential information in the at least one data store, the specific access credential information is stored in the at least one data store in a grouping arrangement with other access credential information.