Abstract: A computerized method of preemptive event handling, The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, detecting, in run time, a first event of the plurality of events, the first event being performed by a first process of the plurality of processes on the computing device, classifying, in run time, the first process as a malware in response to the detection of the first event, and preventing, in run time, the first process from running on the computing device before the first event is processed by the OS.

Abstract: A computerized method of reverting system data affected by a malware. The method comprises monitoring, in run time, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, logging in an event log, in run time, the plurality of events, classifying, in run time, a first process of the plurality of processes as a malware, identifying a set of events of the first process from the plurality of events using the event log, and reverting, in response to the classification, at least one system object hosted in the computing device to remove an effect of the set of events on the OS.

Abstract: A computerized method of preemptive event handling, The method comprises monitoring, in run time at kernel level, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, detecting, in run time, a first event of the plurality of events, the first event being performed by a first process of the plurality of processes on the computing device, classifying, in run time, the first process as a malware in response to the detection of the first event, and preventing, in run time, the first process from running on the computing device before the first event is processed by the OS.

Abstract: A method of queuing network traffic events on a client terminal. The method comprises monitoring, in run time, a plurality of network traffic events triggered by a plurality of applications executed on a client terminal, extracting a plurality of network traffic event characteristics of each of the plurality of network traffic events, classifying each one of the plurality of network traffic events according to a respective the plurality of network traffic event characteristics, clustering the plurality of network traffic events in a plurality of clusters according to the classifying, and managing an opening a plurality data connections between the client terminal and a network such that the content of each cluster of the plurality of clusters is transmitted in another of the plurality data connections.

Abstract: A computerized method of reverting system data affected by a malware. The method comprises monitoring, in run time, a plurality of events of a plurality of processes executed by an operating system (OS) running on a computing device, logging in an event log, in run time, the plurality of events, classifying, in run time, a first process of the plurality of processes as a malware, identifying a set of events of the first process from the plurality of events using the event log, and reverting, in response to the classification, at least one system object hosted in the computing device to remove an effect of the set of events on the OS.

Abstract: A method of queuing network traffic events on a client terminal. The method comprises monitoring, in run time, a plurality of network traffic events triggered by a plurality of applications executed on a client terminal, extracting a plurality of network traffic event characteristics of each of the plurality of network traffic events, classifying each one of the plurality of network traffic events according to a respective the plurality of network traffic event characteristics, clustering the plurality of network traffic events in a plurality of clusters according to the classifying, and managing an opening a plurality data connections between the client terminal and a network such that the content of each cluster of the plurality of clusters is transmitted in another of the plurality data connections.

Abstract: A method of identifying one or more malicious threats in a computing device. The device comprises monitoring a plurality of events occurring on a computing device in run time, a plurality of processes executed on the computing device in run time, and a plurality of host activities of the computing device in run time, identifying a compliance of at least some of the plurality of events, the plurality of processes, and the plurality of host activities with a plurality of rules, generating a rule compliance status dataset generated according to the compliance, identifying a match between the rule compliance status dataset and at least one of a plurality of reference profiles each indicative of a computing device operation under a malicious threat activity, and detecting a malicious threat according to the match.

Abstract: A method of identifying one or more malicious threats in a computing device. The device comprises monitoring a plurality of events occurring on a computing device in run time, a plurality of processes executed on the computing device in run time, and a plurality of host activities of the computing device in run time, identifying a compliance of at least some of the plurality of events, the plurality of processes, and the plurality of host activities with a plurality of rules, generating a rule compliance status dataset generated according to the compliance, identifying a match between the rule compliance status dataset and at least one of a plurality of reference profiles each indicative of a computing device operation under a malicious threat activity, and detecting a malicious threat according to the match.