Abstract: A computer-implemented method to identify the spreading of sensitive data from a suspicious application is described. At least one security attribute for an application programming interface (API) is defined. Sensitive data passed through the at least one security attribute to the suspicious application are marked. The marked sensitive data being passed through the at least one security attribute from the suspicious application are detected. A notification is generated regarding the spreading of the sensitive data by the suspicious application.

Abstract: Application profiles for applications stored on the endpoint are defined. An application profile identifies components on the endpoint associated with an application with which the application profile is associated. Applications on the endpoint accessed by a user to perform a task are monitored. A task profile associated with the task is created and stored, the task profile associated with the application profiles for the applications accessed by the user to perform the task.

Abstract: Recoverable file information and file content are maintained for a plurality of files. Responsive to detecting a damaged file on a computer system, the recoverable file information is used to identify a specific instantiation of the file to be restored. The computer is searched for a non-damaged, local copy of the file. If a non-damaged, local copy is found, it is used to replace the damaged file. Otherwise, a difference file is created which identifies the sections of the damaged file that differ from a non-damaged specific instantiation thereof. Using the difference file and appropriate maintained file content, the relevant sections of the damaged file are rebuilt, thereby restoring it to its original condition.

Abstract: A system and method for controlling interaction among environments including virtualized environments and a system environment. A process issues a request to perform an action on a resource or a second process. A virtualization environment manager operating in the system environment detects the request and in response, retrieves data associated with the request identifying the first process, a base environment corresponding to the process, and the resource, and retrieves a first rule from a programmable database of rules. A base environment of a process is an environment in which a process is running. The first rule corresponds to at least one of the first process, the base environment, and the resource and identifies a target environment in which to process the request. The target environment is different from the base environment of the process. The virtualization environment manager directs the request to the target environment.

Abstract: Various systems and methods for tracking changes in a storage device. For example, one method can involve receiving a request to perform an incremental backup of a storage device and backing up locations in the storage device that are identified as having been changed. The method also involves receiving information from each of the nodes, where the information identifies locations that have been changed by the nodes. The locations that have been changed include both data and metadata.

Abstract: A system and method for avoiding duplicate backups of data in a volume backup image. A cluster of nodes is coupled to a data storage medium configured to store data corresponding to a shared volume. A node receives a request for the backup of the shared volume. In response to this request, the node queries all other nodes in the cluster for identification of a subset of the shared volume data that should be excluded from the backup. The identified subset of the data may correspond to at least a file under control of a database application or other particular application. It may be known that this identified subset of the data will be backed up by a subsequent agent-based backup operation after the volume backup. In response to receiving all query responses, the node initiates a backup corresponding to the data in the shared volume excluding the identified subset of the data.

Abstract: The enrollment process for purchasing multiple digital certificates configured using different cryptographic algorithms or hashing algorithms is streamlined. A certificate purchaser wishing to purchase two or more certificates is prompted to provide answers to common enrollment questions, such as the purchaser's contact information, payment details, web server software, and the like, using a simplified and streamlined enrollment process. Each certificate is optionally configured using a different hashing algorithm.

Abstract: Methods for utilizing a locality table when performing data deduplication are disclosed. One method involves accessing a locality table stored in memory. The locality table includes several signatures, each of which identifies one of a several data units that were consecutively added to a deduplicated data store on a persistent storage device. The method then involves searching the locality table for a new signature of a new data unit, in order to determine whether a copy of the new data unit is already present in the deduplicated data store. If the new signature is not found in the locality table, a pointer table is accessed. The pointer table indicates a subset of a set of signatures stored on the persistent storage device. In response to accessing the pointer table, the subset of the set of signatures, indicated by the pointer table, is searched for the new signature.

Abstract: A DRM server parses a request received from a client for a content identifier and client classification information. The content identifier identifies the requested content and client classification information describes the capabilities of the client. The DRM server determines a policy for the requested content. The policy specifies rules for determining access rights for the content responsive to the capabilities of the client. The DRM server determines access rights for the requested content responsive to the capabilities of the client and the policy. The DRM manager then provides the requested content and the determined access rights to the client.

Abstract: A computer-implemented method for restoring application data may include (1) receiving a request to restore resource data for a resource to a selected state, (2) identifying a plurality of backup datasets, each backup dataset within the plurality of backup datasets including at least a portion of backed up data for the resource, (3) determining an order in which to restore the plurality of backup datasets in order to restore the resource data to the selected state, and (4) restoring the resource data for the resource to the selected state by restoring the plurality of backup datasets in the order as determined. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Archive systems and methods are presented. In one embodiment, an archival information storage configuration method comprises: performing an information accessing process including determining if the information is associated with an archive process; and performing an archive storage boundary determination process including establishing archive storage boundaries based upon characteristics indicating potential sharing of the information and potential impacts on performance of archival storage operations. In one exemplary implementation, the archive storage boundary determination process comprises: performing an information mining process including identifying an indication the information is potentially shared; and performing an archival boundary selection process including selecting an archive storage boundary based in at least part upon results of the information mining process.

Abstract: Data blocks are copied from a source (e.g., a source virtual disk) to a target (e.g., a target virtual disk). The source virtual disk format is preserved on the target virtual disk. Offsets for extents stored in the target virtual disk are converted to offsets for corresponding extents in the source virtual disk. A map of the extents for the source virtual disk can therefore be used to create, for deduplication, segments of data that are aligned to boundaries of the extents in the target virtual disk.

Abstract: A behavioral signature for detecting malware is generated. A computer is used to collect behavior traces of malware in a malware dataset. The behavior traces describe sequential behaviors performed by the malware. The behavior traces are normalized to produce malware behavior sequences. Similar malware behavior sequences are clustered together. The malware behavior sequences in a cluster describe behaviors of a malware family. The cluster is analyzed to identify a behavior subsequence common to the cluster's malware family. A behavior signature for the malware family is generated using the behavior subsequence. A trace of new malware is normalized and aligned with an existing cluster, if possible. The behavioral signature for that cluster is generated based on the behavior sequence of the new malware and the other sequences in the cluster.

Abstract: A method for gesture-based distribution of files may include 1) receiving, at a first computing device, input that identifies a file for gesture-based distribution to one or more other computing devices; 2) detecting a plurality of additional computing devices in physical proximity of the first computing device; 3) for each computing device in the plurality of additional computing devices, determining a physical location of the additional computing device; 4) detecting, on the first computing device, a gesture of a user of the first computing device; 5) determining, based on one or more of the physical locations of the additional computing devices, that the gesture of the user was directed toward one or more of the additional computing devices; 6) distributing the file to the one or more additional computing devices toward which the user gestured. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Various systems and methods for monitoring an application or service group within one cluster as a resource of another cluster are disclosed. In one embodiment, a method involves detecting an error indication generated by a first cluster (e.g., the error indication can be generated by a cluster controller or service group within the first cluster). The first cluster is implemented on a cluster resource (e.g., a virtual machine) of a second cluster. In response to detecting the error indication, restart of the cluster resource is initiated.

Abstract: A computer-implemented method for providing security information about quick response codes may include (1) identifying a matrix barcode, (2) determining that the matrix barcode includes a link to an internet resource, (3) determining the trustworthiness of the internet resource referenced by the matrix barcode, and then (4) augmenting the matrix barcode with a visual augmentation that is based at least in part on the trustworthiness of the internet resource. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Attempts to communicate telephonically by a mobile phone are detected. When an attempt is detected, an associated phone number is identified and transmitted to a server in order to glean corresponding security information. On the server, a database is maintained containing 1) phone numbers known to present potential security concerns and 2) descriptive security information concerning each of these phone numbers. The server receives phone numbers from mobile phones to check for security information, searches the database for received phone numbers, and transmits corresponding security information to the originating mobile phones. Security information concerning identified telephone numbers is received from the server by mobile phones. Responsive to the contents of the received security information, detected attempts to communicate telephonically are allowed to processed, blocked or otherwise processed.

Abstract: Techniques relating to tracking storage operations performed by a guest virtual machine executing on a computer system are disclosed. The guest virtual machine may include a filter driver that provides an indication to a storage tracking virtual machine executing on the computer system that the guest virtual machine is performing a write operation to a production storage device. The storage tracking virtual machine then communicates information about the write operation to a backup storage device (e.g., one that provides continuous data production (CDP) to the computer system). In another embodiment, the storage tracking virtual machine may insert breakpoints into a guest virtual machine. When a first breakpoint triggers, the storage tracking virtual machine captures an I/O buffer of the guest virtual machine. After a second breakpoint triggers, the storage tracking virtual machine communicates information about the write operation to a backup storage device.

Abstract: A method of creating backup files having less redundancy. The method creates a backup file by creating an overhead segment for each file that is to be backed up and creating a data segment containing the data that is to be backed up for each file. After creating the overhead segment and the data segment, the overhead segment is placed into an overhead stream data segment is stored in memory. The overhead segment is also positioned in the overhead stream with a pointer that identifies the data segment within the memory. For backups of subsequent servers or the same server at a later time, the backup software will create a separate overhead stream. However, a plurality of overhead streams may contain pointers to the same data segments such that redundant data segments do not need to be stored in a backup server.

Abstract: A method of provisioning a first digital certificate and a second digital certificate based on an existing digital certificate includes receiving information related to the existing digital certificate. The existing digital certificate includes a first name listed in a Subject field and a second name listed in a SubjectAltName extension. The method also includes receiving an indication from a user to split the existing digital certificate and extracting the first name from the Subject field and the second name from the SubjectAltName extension of the existing digital certificate. The method further includes extracting the public key from the existing digital certificate, provisioning the first digital certificate with the first name listed in a Subject field of the first digital certificate and the public key, and provisioning the second digital certificate with the second name listed in a Subject field of the second digital certificate and the public key.