Abstract: There is provided a computer implemented method of vaccination of a computing device against infection by malicious code, comprising: obtaining a vaccination profile including vaccination artifact system calls indicative of a malicious code attempting to identify another instance of the malicious code executing on the computing device prior to the malicious code infecting the computing device, monitoring the computing device for an indication of execution of at least one of the vaccination artifact system calls by the malicious code, and providing a false response to the at least one of the vaccination artifact system calls for emulating an existing infection of the computing device by another instance of the malicious code according to the indication of execution of at least one of the plurality of vaccination artifact system calls, wherein the emulation of the existing infection prevents infection of the computing device by the malicious code.

Abstract: There is provided a computer implemented method of generating a vaccination profile of malicious code for vaccination against other instances of the malicious code, comprising: providing malicious code, analyzing the malicious code to identify at least one vaccination artifact system call indicative of an attempt to identify malicious code executing on a client computing device prior to another instance of the malicious code infecting the client computing device, generating according to the analysis of the malicious code, a vaccination profile including the at least one vaccination artifact system call, and providing the vaccination profile to a plurality of client computing devices for vaccination of the plurality of client computing devices uninfected by the malicious code, wherein an existing infection by the malicious code is emulated based on the vaccination profile for prevention of infection of the plurality of computing devices by another instance of the malicious code.

Abstract: A method for processing files as a preemptive measure against a ransomware activity. The method comprises scanning a plurality of file operation requests sent to an operating system (OS) executed on a computing device to detect a guarded file operation request that comprises instructions to process a file managed by a file system used by said OS, delaying an execution of said guarded file operation request, temporarily storing a copy of said file in a backup storage in response to said detection of said guarded file operation request, and stop delaying said execution of said guarded file operation request when said copy is stored in said backup storage.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: Systems, methods, and software products prevent malware attacks on networks, which include endpoint devices, by providing an environment to the endpoint device which simulates an environment, for example, a security environment, where malware is known to refrain from executing.

Abstract: A method for processing files as a preemptive measure against a ransomware activity. The method comprises scanning a plurality of file operation requests sent to an operating system (OS) executed on a computing device to detect a guarded file operation request that comprises instructions to process a file managed by a file system used by said OS, delaying an execution of said guarded file operation request, temporarily storing a copy of said file in a backup storage in response to said detection of said guarded file operation request, and stop delaying said execution of said guarded file operation request when said copy is stored in said backup storage.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.