Abstract: A computer-implemented method for detecting scam campaigns is described. A plurality of web pages that are pre-filtered according to predetermined criteria is identified. Pattern detection is performed on the pre-filtered web pages. A pattern is detected among the pre-filtered web pages. The detected pattern is compared to a user input.

Abstract: A computer-implemented method for managing sub-clusters within dependent clustered computing systems subsequent to partition events may include (1) identifying a first computing cluster and a second computing cluster, (2) determining that the first computing cluster depends on the second computing cluster, (3) detecting a partition event that partitions the first computing cluster into multiple sub-clusters, (4) determining, in response to detecting the partition event, whether the second computing cluster is partitioned into multiple sub-clusters, and (5) making, based at least in part on determining whether the second computing cluster is partitioned into multiple sub-clusters, a fencing decision for the multiple sub-clusters of the first computing cluster. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A client sends a file information request to a security server, where the file information request identifies a URL from which the client is attempting to download a file. Upon receiving the request, the security server determines the stability information of the identified URL and provides the requested file information for the file provided by the URL. The security server determines the stability information of a URL by analyzing the file identifiers and URLs identified in downloaded file reports received from multiple clients. The determination of the stability information of a URL may be based on a variety of factors, such as stability of a URL over time, a textual analysis of the URL, and the set of files provided by the URL. A user of the client can review the file information and decide whether to expend the resources to download the file.

Abstract: A computer-implemented method for enhancing electronic discovery searches may include (1) receiving a search query for at least one instance of a user being identified within a backup image of a volume of data, the search query being conducted for electronic discovery, (2) identifying metadata associated with the backup image specifying at least one action performed by the user on a computing system while the volume of data was mounted for use on the computing system, (3) performing the search query on the backup image and receiving a result of the search query in response to performing the search query, (4) enhancing the result of the search query with contextual information relating to the search query based on the metadata, the contextual information facilitating further electronic discovery, and (5) providing the enhanced result of the search query. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for implementing non-native file attributes on file systems may include receiving at least one extended attribute to apply to at least one file within a file system that does not natively implement the extended attribute, identifying an index file that indexes extended attributes of files within the file system by file identifiers of the files, determining a file identifier that uniquely identifies the file within the file system, and applying the extended attribute to the file by indexing the extended attribute by the file identifier within the index file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for reducing file-system fragmentation when restoring block-level backups may include (1) identifying a block-level backup stored on a backup storage device, (2) determining, by analyzing metadata contained within the block-level backup, that data contained within the block-level backup was physically arranged in a non-optimized manner on the volume from which the block-level backup was originally created due to file-system fragmentation, (3) identifying a request to restore the block-level backup to a target storage device in a block-by-block manner, (4) determining an optimized physical layout within a file system on the target storage device for the data contained within the block-level backup, and then (5) restoring the block-level backup to the target storage device block-by-block in accordance with the determined optimized physical layout in order to reduce the file-system fragmentation identified in the block-level backup.

Abstract: A client on a network includes a file system that includes various non-streamable software applications. A streaming support system in the client enables a streamable software application to be located in the file system and executed in a streaming mode without being isolated from the non-streamable software applications in the file system. Non-streamable software applications can invoke the streamable software application, and vice versa. Multiple streamable software applications can be concurrently located throughout the file system and can be executed in the client in the streaming mode without restriction to any particular portion of the main file system. Streamable applications can be located anywhere in the file system that the corresponding non-streamable versions of the applications would be able to be located. The main file system does not need to contain complete copies of the required files for any streamable applications.

Abstract: A first computer system calculates a first value as a function of a data block. A second computer system compares the calculated first value with each of a plurality of values in a plurality of entries, respectively. The plurality of entries include a plurality of storage location pointers, respectively, that correspond to a plurality of data blocks, respectively, that were transmitted to a storage system before the first computer system calculated the first value. If the first value compares equally to a value contained in one of the plurality of entries, a storage location pointer of the one entry is transmitted to the storage system, wherein the storage location pointer corresponds to a copy of the data block that was sent to the storage system before the first computer system calculated the first value. If the calculated first value does not compare equally with any value contained in the plurality of entries, the first computer system transmits the data block to the storage system.

Abstract: Techniques are disclosed for evenly distributing certificate status validity messages across multiple response servers. A certificate authority (CA) may partition subsets of online certificate status protocol (OCSP) responses to each be handled by OCSP response servers. The partitions are based on serial numbers of the underlying digital certificates of the OCSP responses. For example, to determine which OCSP response server is assigned to distribute a particular OCSP response, a modulo operation may be performed between the last octet value of the underlying certificate serial number and the total number of available OCSP response servers of the CA. The result yields a partition number that may be used to identify the corresponding OCSP response server.

Abstract: A computer-implemented method for optimizing scans of pre-installed applications may include (1) identifying, on a client device, a plurality of applications that are subject to scan-based assessments, (2) determining that the plurality of applications were pre-installed on the client device via a system image for the client device, (3) generating a fingerprint that represents the system image, and (4) fulfilling the scan-based assessments for the plurality of applications by transmitting the fingerprint that represents the system image to an assessment server and receiving, in response, an assessment of the system image. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for securing authentication credentials on a client device during submission in browser-based cloud applications are disclosed. In one particular embodiment, the techniques may be realized as a method for securing authentication credentials on a client device comprising: detecting, on the client device, display of an authentication form in a browser window associated with a first flow to a target server; accessing, on the client device, one or more authentication credentials associated with a user of the client device; and submitting, to the target server, the one or more authentication credentials via a second flow to the target server.

Abstract: A computer-implemented method for facilitating software testing using operating-system component virtualization may include 1) identifying a software product installed on a computing system comprising a base operating system; 2) selecting an operating-system-level component with which the software product is to be tested; 3) isolating the operating-system-level component in a virtualization layer that is distinct from the base operating system; 4) activating the virtualization layer such that access requests directed to the base operating system for the operating-system-level component are redirected to the virtualization layer; 5) testing the software product while the virtualization layer is active to determine how the software product would function if the operating-system-level component was part of the base operating system; and 6) after the testing is complete, deactivating the virtualization layer such that the operating-system-level component is no longer visible to the base operating system or the so

Abstract: A cloud data protection system protects cloud data of an enterprise. A protection policy for the enterprise is established by an administrator of the enterprise. The protection policy describes one or more types of cloud data protection to provide to the enterprise's cloud data. The cloud data protection system examines the protection policy to identify cloud data associated with the enterprise to access in order to implement the policy, and uses a personality object to retrieve the identified cloud data from one or more cloud services. The cloud data protection system performs one or more protection actions on the retrieved cloud data. The protection actions can include scanning the cloud data for malicious software, for compliance with a data loss prevention policy, or for data matching a discovery specification. The protection actions can also include archiving or backing up the cloud data.

Abstract: A system and method for improving data loss prevention (DLP) using multiple references to a file in a deduplication backup system is described. In one embodiment, a deduplication backup system generates multiple references to a file. A detection system, operating in the deduplication system or in a data loss prevention (DLP) system coupled to the deduplication system, detects the multiple references, generated by the deduplication system, determines whether the file of at least one of the multiple references is stored outside a domain as specified by a DLP policy, and detects a violation of the DLP policy when the file is stored at a location outside of the specified domain.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one method, the method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one data element triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.

Abstract: Various systems and methods for placing a virtual machine on one of a plurality of candidate physical machines. For example, one method can involve generating a list that comprises entries for a virtual machine. Each entry in the list indicates a portion of data that is associated with the virtual machine. The method then involves calculating a number of common entries between the list and each of a plurality of candidate lists, where a common entry is an entry that is included in the respective candidate list and in the list. Each candidate list is associated with a computing device. In response to detecting which candidate list has the most common entries, the method involves assigning the virtual machine to the computing device associated with that candidate list.

Abstract: The disclosed computer-implemented method for deploying applications included in application containers may include (1) identifying an application container that includes an application and facilitates transferring the application to a deployment environment, (2) performing a reconnaissance analysis on the deployment environment by identifying one or more properties of the deployment environment, (3) determining, based at least in part on the reconnaissance analysis, that the deployment environment meets a predetermined threshold of requirements for securely executing the application, and then (4) transferring the application included in the application container to the deployment environment in response to determining that the deployment environment meets the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for monitoring application resource usage on mobile computing systems may include 1) identifying a mobile computing system that is configured to execute one application at a time as a foreground application, 2) identifying a request to determine a resource consumption level of an application on the mobile computing system, 3) identifying, in response to the request, at least one frequency level at which a processor of the mobile computing system operates while the application executes as the foreground application, and 4) determining, based on the identified frequency level, the resource consumption level of the application. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service.