Abstract: The disclosed computer-implemented method for preventing display of blocked content may include (i) displaying, by the computing device, content to a user, (ii) receiving, from a user, an indication to block the content, (iii) adding the content to a block list, (iv) receiving, at a later time, the content to display to the user, (v) determining the content is on the block list, and (vi) in response to determining the content is on the block list, performing a security action to prevent display of the content. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting and protecting against malicious software may include loading an untrusted application having a defined entry point into an emulated computing environment, executing a first instance of the untrusted application in the emulated computing environment beginning at the defined entry point, executing a second instance of the untrusted application beginning at a second entry point downstream from the defined entry point so as to bypass at least a portion of the untrusted application executed in the first instance, identifying the untrusted application as a potential threat based on information extracted from the second instance of the untrusted application, and performing a security action to protect against the untrusted application identified as a threat. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods and systems are provided for preventing the installation of malicious applications using system-level messages. One example method generally includes intercepting a request sent via an operating system of the computing device; determining the request is to access an application in a remote application repository; obtaining information associated with the application from the request; transmitting, over a network, the information to a security server; and receiving, over the network, a security recommendation for the application from the security server.

Abstract: The disclosed computer-implemented method for protecting against outgoing calls to malicious phone numbers may include (1) intercepting, at a computing device, an attempt to initiate an outgoing phone call, (2) disabling, at the computing device and at least temporarily, the attempt, (3) querying a reputation server for a reputation of an outgoing phone number associated with the attempt, (4) receiving, at the computing device, reputation results from the reputation server, and (5) performing a security action comprising displaying, on a user display of the computing device and prior to enabling the attempt, at least a portion of the reputation results. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed to predict whether a current location of a mobile device corresponds to a user of that mobile device. To do so, the mobile device may evaluate information from sensors that indicate a current state of the device or device surroundings. Based on the probability, the mobile device may send the current location and the probability to a user of the mobile device, an application on the device, or another party.

Abstract: The disclosed computer-implemented method for performing reputation-based identification of applications on unmanaged mobile devices may include (i) receiving screen content displayed on an unmanaged mobile device, (ii) analyzing, by a machine-learning algorithm, the screen content to identify a set of applications stored on the unmanaged mobile device, (iii) querying a reputation service for reputation data associated with each of the applications, the reputation data including a security classification describing potential threats against the unmanaged mobile device, (iv) associating the reputation data with each of the applications, and (v) generating a notification comprising a list of the applications and the associated reputation data for utilization by the unmanaged mobile device to perform one or more protective actions against the potential threats. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for validating a user's physical location may include (i) identifying a plurality of sensor-equipped devices that are connected to a local network, wherein the local network is associated with a physical location, (ii) receiving a request to validate that a user is present at the physical location that is associated with the local network, (iii) instructing, in response to receiving the request, the user to interact with at least one sensor-equipped device in the plurality of sensor-equipped devices, (iv) confirming, based on observing a response of the sensor-equipped device, that the user has interacted with the at least one sensor-equipped device, and (v) validating, in response to confirming that the user has interacted with the at least one sensor-equipped device, that the user is present at the physical location. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Backup metrics are received from multiple endpoints. Backup baselines are established, based on backup metrics received over a period of time. Each established backup baseline specifies an empirically determined baseline level of backup activity according to specific criteria. Changes in backup behavior are detected, as measured against established backup baselines, based on analyzing received backup metrics. Such changes can be detected by applying a non-supervised machine learning technique to backup metrics. Detected backup behavior changes that meet a corresponding threshold are further analyzed to determine whether to alter corresponding backup activity in response. Backup activity on endpoints can be modified, in response to the analysis. This can take the form of omitting specific files or folders from corresponding backups, or changing default backup configuration(s). For example, a new or modified default backup configuration can be transmitted to one or more endpoints.

Abstract: The disclosed computer-implemented method for certifying geolocation coordinates of computing devices may include (i) receiving, from a client computing device, a set of geolocation coordinates that purport to identify the physical location of the client computing device, (ii) identifying, in response to receiving the geolocation coordinates, at least one cooperating geolocation device that is within physical proximity to the geolocation coordinates provided by the client computing device, (iii) performing a proximity validation check that demonstrates that the client computing device is within physical proximity to the cooperating geolocation device, and (iv) certifying, based on the proximity validation check, the geolocation coordinates as valid geolocation coordinates. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method of dynamic backup policy generation based upon a user's behavior is provided. The method may include detecting a user's usage pattern of files within a computing system based upon the user's backup or restore activities. In some embodiments, the backup system may identify the files that have been modified and calculate the percentage of modification away from a predetermined baseline or another previously stored version. The system may generate a list of the identified files along with these percentages to form the user's usage pattern. The method may further include generating a user's profile including files having high access rates in accordance with this usage pattern and adjusting a backup policy based upon the user's profile such that these files are backed-up more frequently. The backup policy may also be adjusted based upon a detected level of risk associated with the user.

Abstract: The disclosed computer-implemented method for executing application launchers may include (i) creating a security sandbox within an operating system environment, (ii) executing an original application launcher within the security sandbox, and (iii) registering the security sandbox as a new application launcher within the operating system environment such that the original application launcher is still available to a user through the security sandbox and the security sandbox supplements the original application launcher by providing a layer of protection for the user. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for protecting users may include (i) detecting, by a sensor component, an electromagnetic signal radiating from an eavesdropping device, (ii) receiving, by a mobile computing device, information identifying the electromagnetic signal, and (iii) displaying, by the mobile computing device, an augmented reality display that overlays a visual indication of a location of the eavesdropping device on an image captured by a camera of the mobile computing device to enable a user to locate the eavesdropping device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for preventing sensitive data sharing may include a computing device determining that a content item is to be shared with an application. The content idem may be intercepted before the content item is shared with the application. The data of the content item may be analyzed. In response to analyzing the data of the content item, a security action may be performed to protect the computing device from computer malware or prevent sharing of sensitive data of the computing device. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include accessing an actual data value, generating a perturbed data value by adding noise to the actual data value, aggregating the perturbed data values to at least partially cancel out aggregate noise of the aggregated perturbed data values at a population level, analyzing, using CLDP, the aggregated perturbed data values to identify a computer security threat, and in response, protecting against the computer security threat by performing a remedial action. The amount of noise added to each actual data value may be probabilistically computed such that a probability of noise being added decreases as an amount of added noise increases. The perturbed data values may preserve privacy of the actual data values.

Abstract: The disclosed computer-implemented method for automatically adjusting parental controls of computing devices to accommodate holidays may include (i) identifying, at a computing device, a geolocation of the computing device from geolocation information and (ii) performing, at the computing device, a security action. The security action may include (a) identifying holiday information associated with the geolocation of the computing device, (b) determining at least a portion of a current day is a holiday by comparing a current date to the holiday information, (c) determining a level of parental controls to impose on operation of the computing device in response to at least a portion of the current day being a holiday, and (d) imposing the level of parental controls on the computing device during the at least a portion of the current day. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for generating passwords may include (i) accessing a vault of confidential information describing a user, (ii) extracting, from the vault, a set of multiple items of confidential information describing the user, (iii) executing a programmed heuristic on the set of multiple items of confidential information to generate multiple candidate passwords that each derives from a respective semirandom permutation of the multiple items of confidential information, and (iv) displaying electronically the multiple candidate passwords to the user to enable the user to select a password from the multiple candidate passwords as a specific password for accessing a protected computing resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Remotely controlling access to a digital camera. In some embodiments, a method may include defining at least one parameter associated with a capture of media by a camera coupled to a monitored computer device, determining that the camera is capturing media, determining that the at least one parameter is present in the captured media; determining that the presence of the at least one parameter is not approved, and sending an instruction to the monitored computer device to disable use of the camera coupled to the monitored computer device for a pre-determined period of time based on determining that the presence of the at least one parameter is not approved.

Abstract: Identifying and protecting against computer security threats while preserving privacy of individual client devices using condensed local differential privacy (CLDP). In one embodiment, a method may include mapping non-ordinal data values to ordinal data values, generating a first ordering scheme for the ordinal data values, accessing actual non-ordinal data values, converting the actual non-ordinal data values to actual ordinal data values according to the mapping, generating first perturbed ordinal data values by adding noise, and aggregating the first perturbed ordinal data values.

Abstract: The disclosed computer-implemented method for securing Universal Plug and Play connections may include (1) detecting, by a network device within a local network, an attempt by a remote device to establish a connection with a client device within the local network via a UPnP protocol, (2) identifying a forwarding rule applied by the network device on the client device based at least in part on an identity of the client device, (3) determining at least one restriction placed on UPnP connections between the client device and remote devices by the forwarding rule, and then in response to determining the restriction placed on UPnP connections between the client device and remote devices by the forwarding rule, (4) enforcing the restriction on the connection attempted by the remote device with the client device via the UPnP protocol. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for preventing sensitive information exposure based on a surrounding audience may include (1) detecting, from one or more communication devices, surrounding audience data associated with an audience presentation on a presentation device, the audience presentation including sensitive information and non-sensitive information, (2) determining an audience profile based on the surrounding audience data, the audience profile identifying one or more unintended audience members in the surrounding audience, (3) assigning an information exposure policy to the audience presentation based on the audience profile, and (4) performing a security action to enforce the information exposure policy on the presentation device such that the sensitive information is prevented from being exposed to the surrounding audience during the audience presentation. Various other methods, systems, and computer-readable media are also disclosed.