Abstract: A computer-implemented method for restoring web parts in content management systems may include identifying a backup of a content management system. The computer-implemented method may also include identifying an instruction to restore at least one web part of the content management system. The computer-implemented method may further include retrieving the web part. The computer-implemented method may additionally include identifying at least one object referenced by the web part. The computer-implemented method may also include recreating the object within the content management system. The computer-implemented method may additionally include updating the web part to reference the recreated object. The computer-implemented method may also include restoring the web part to the content management system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malware may include 1) identifying an application configured to use a permission on a mobile computing platform, the permission enabling the application to access a feature of the mobile computing platform, 2) determining that the application is configured to use the permission while executing as a background application on the mobile computing platform, 3) determining that the use of the permission is suspect based on the application being configured to use the permission while executing as the background application, and 4) performing a remediation action in response to determining that the use of the permission is suspect. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Information is received from a set of peer clients associated with a client, the information indicating likelihoods of peer client exposure to malware threats. An environmental safety score associated with the client is determined based, at least in part, on the information received from the set of peer clients, wherein the environmental safety score indicates a likelihood that the client is exposed to malware threats. A set of malware signatures is retrieved from the server at a time determined responsive to the environmental safety score and stored.

Abstract: A method and apparatus for scanning protected files for violations of a Data Loss Prevention (DLP) policy is described. In one embodiment, a protected file scanning tool monitors protected files in a computing system, and when one of the protected files is created, opened, or saved, the protected file scanning tool obtains a running instance of a data object, corresponding the protected file, from a data store that stores information to track objects that are currently running on the computing system. The protected file scanning tool extracts the decrypted data from the obtained data object, and scans the decrypted data to detect a violation of a DLP policy.

Abstract: A method of updating a link count in a partitioned directory shared by a plurality of computers within a cluster. The partitioned directory is traversed once by a first computer to obtain a link count. The link count is stored in the first computer and broadcast to a cluster of computers. A total number of allocated links is less than a maximum limit on link count minus the link count. A respective number of links is allocated to each computer within the cluster. Delta values of each computer are updated in real-time as subdirectories are created/erased. A delta value associated with each of the plurality of computers is received. A delta value represents a net number of links created or removed by each computer. The link count is updated based on the previous link count and further based on each of the delta values and further based a delta value associated with the first computer. The updated link count is stored by the first computer and broadcast to the plurality of computers.

Abstract: A computer-implemented method for updating system-level services within read-only system images may include (1) executing, during initialization of a mobile computing device, an update service stored within a read-only system image located on the mobile computing device, (2) identifying, via the update service, a writable partition located on the mobile computing device, (3) identifying, via the update service, a digitally signed update within the writable partition for at least one system-level service stored within the read-only system image, and (4) executing, via the update service, the digitally signed update within the writable partition instead of the system-level service stored within the read-only system image. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for repairing system files may include 1) identifying a request to repair a corrupted system file in an operating system, 2) receiving file metadata describing the corrupted system file and system metadata describing the operating system, 3) identifying an uncorrupted version of the corrupted system file by i) identifying a series of matching tests for matching the corrupted system file with the uncorrupted version, the series of matching tests including at least one file metadata item from the file metadata and at least one system metadata item from the system metadata, and ii) applying the series of matching tests in a predetermined order to a database of uncorrupted system files until a matching test matches the corrupted system file with the uncorrupted version of the system file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In various embodiments, a semantic space associated with a corpus of electronically stored information (ESI) may be created and used for concept searches. Documents (and any other objects in the ESI, in general) may be represented as vectors in the semantic space. Vectors may correspond to identifiers, such as, for example, indexed terms. The semantic space for a corpus of ESI can be used in information filtering, information retrieval, indexing, and relevancy rankings.

Abstract: Techniques are disclosed for detecting online fraud initiated by a host infected with a malicious software application that would otherwise remain undetected by many current fraud detection systems, e.g., for detecting man-in-the-browser Trojans. A fraud detection system operates in conjunction with an IPS system to identify online transactions that have a high probability of being fraudulent or initiated by a legitimate, but compromised host.

Abstract: A technique for providing computer security is described. The technique comprises providing network configuration information on a dynamic network; determining whether the network configuration information meets a criterion; and in the event the configuration information meets the criterion, configuring a decoy associated with the network.

Abstract: A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Methods, apparati, and computer-readable media for updating proxy executable code. An apparatus embodiment of the present invention comprises generic universal proxy executable code that can be instantiated multiple times, with each instance being driven by a different set of files comprising a protocol specification file and a proxy activity code file, to control protocol decomposition and proxy functions, respectively. In a method embodiment of the present invention, a protocol specification is created or updated; proxy activity code, separate from the protocol specification, is created or updated; and the proxy executable code is executed using the protocol specification and the proxy activity code.

Abstract: A method for simultaneously configuring multiple independent backups. The method may include (1) identifying a backup environment managed by a backup system, (2) identifying a request from a user to configure a plurality of backups within the backup environment, wherein each backup within the plurality of backups specifies, independent of any other backup, a backup operation to be performed by the backup system on a computing resource within the backup environment, (3) providing a graphical user interface that allows the user to simultaneously configure each backup within the plurality of backups, (4) receiving a request, from the user via the graphical user interface, to simultaneously configure each backup within the plurality of backups, and (5) in response to the request to simultaneously configure each backup within the plurality of backups, independently configuring each backup within the plurality of backups so as to maintain the independence of each backup.

Abstract: A system and method for restoring multiple content databases of a web application are disclosed. A restoration GUI may indicate one or more available recovery times. User input selecting a particular recovery time may be received. The selected recovery time may correspond to a first time when a first database was backed up. The system may determine that the web application also included one or more other databases in addition to the first database at the first time. Information indicating the first database together with the one or more other databases may be displayed in association with the selected recovery time in the graphical user interface.

Abstract: A system and method for efficient transfer of encrypted data over a low-bandwidth network. A backup server and a client computer are coupled to one another via a first network. The backup server is coupled to a remote data storage via another network, such as the Internet, also referred to as a cloud. The backup server encrypts received data for backup from the client computer. Cryptography segment and sub-segment sizes may be chosen that are aligned on a byte boundary with one another and with selected backup segment and sub-segment sizes used by backup software on the remote data storage. A selected cryptography algorithm has a property of allowing a given protected sub-segment with the cryptography sub-segment size to be decrypted by initially decrypting an immediate prior protected sub-segment that has the same cryptography sub-segment size. Therefore, the size of data transmitted via the cloud may be smaller than the cryptography segment size.

Abstract: A computer-implemented method may include identifying a request to restore an image to a target disk while a first operating system is running on the target disk and creating a file in a first file system of the first operating system. The method may also include mapping a position in the file to a location on the target disk to provide a map that associates the position in the file with the location on the target disk. The method may further include using the map to write at least a portion of the image to the target disk to provide a restored operating system on the target disk. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for escalating a level of backup protection for a cluster of nodes are described. A backup software application may be configured to backup application data used by the cluster of nodes according to a first level of backup protection. In response to detecting a failure of a node in the cluster, the backup software application may be reconfigured to backup the application data used by the cluster of nodes according to an escalated level of backup protection. For example, reconfiguring the backup software application to backup the application data according to the escalated level of backup protection may cause the backup software application to increase a frequency at which backup operations for backing up the application data are performed.

Abstract: A method and apparatus for detecting an intermittent path to a storage system comprising accessing path statistics comprising indicia of path state of a path to a storage system, determining whether the path state has changed during a predefined period and, if the path state has changed at least a predefined number of times during the predefined period, identifying the path as intermittent. Once a path is deemed intermittent, the path is aged until either the path is no longer intermittent or the path is deemed dead.

Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.

Abstract: Techniques for identifying optimized malicious search engine results are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying optimized malicious search engine results comprising receiving a search item result, analyzing, using a computer processor, the search item result in a secure environment to detect malicious content hidden using network redirection, determining that the search item result is associated with malware, and providing an indicator that the search item result is associated with malware.