Abstract: Systems and methods for backup test restore are presented. In one embodiment a backup restore test method includes performing a backup process; performing a test restore virtual environment creation process, the test restore virtual environment including a plurality of virtual machines; and performing a test of the backup on the test restore virtual environment. The backup process can include backing up information associated with an application; identifying prerequisites associated with running the application; and backing up information associated with the prerequisites. The test restore virtual environment creation process can include gathering information identifying the prerequisites associated with the application; creating the plurality of virtual machines, wherein the plurality of virtual machines includes virtual machines corresponding to physical machines the application and perquisites run on; and bringing up the plurality of virtual machines utilizing the information from the backup process.

Abstract: A computer-implemented method for individually managing the power usage of software applications may include: 1) identifying at least one software application installed on a computing device, 2) determining the power usage of the software application, 3) identifying a power-management policy for managing the power usage of the software application independent of the overall power usage of the computing device, and then 4) managing the power usage of the software application independent of the overall power usage of the computing device in accordance with the power-management policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method, apparatus, and computer-readable storage medium for managing operations within virtual machines are provided. According to one embodiment, a virtual machine manager monitors the internal operations of the virtual machines by redirecting a reference from a first address to a second address. The first address is an address of a function to be executed by the virtual machine. The second address is an address of a memory location in the memory page. The virtual machine manager installs an execution event at the memory location. In response to a request resulting in the memory location being accessed, an execution event is triggered. In response to the triggering of the execution event, a message is sent to the hypervisor. The message indicates that the memory location has been accessed.

Abstract: A method for providing a secret that is provisioned to a first device to a second device includes generating a One-Time Password at the first device using the secret and obtaining an identifier of the secret. The method also includes providing the One-Time Password and the identifier to the second device and sending the One-Time Password and the identifier to a remote provisioning service. The method also includes verifying that the One-Time Password corresponds to the secret, and sending to the second device an encrypted secret and a decryption key for decrypting the encrypted secret. The encrypted secret and the decryption key may be sent using different communications methods. The method also includes decrypting the encrypted secret using the decryption key to provide the secret and storing the secret at the second device.

Abstract: A system, method, and medium for performing multi-level and multi-mode deduplication in a cloud based backup storage system. Fingerprints are generated for data segments from individual clients at a first level, with a separate fingerprint index for each individual client. The fingerprints are compared to their respective fingerprint indexes, and if the fingerprints are unique, then their associated data segments may be deduplicated across data segments from a plurality of clients at a second level. The fingerprints are compared to a common fingerprint index and deduplicated at a second level. The common fingerprint index contains fingerprints generated from data segments from a plurality of clients connected to the backup storage system.

Abstract: A DNS security system collects and uses aggregated DNS information originating from a plurality of client computers to detect anomalous DNS name resolutions. A server DNS security component receives multiple transmissions of DNS information from a plurality of client computers, each transmission of DNS information concerning a specific instance of a resolution of a specific DNS name. The server component aggregates the DNS information from the multiple client computers. The server component compares DNS information received from a specific client computer concerning a specific DNS name to aggregated DNS information received from multiple client computers concerning the same DNS name to identify anomalous DNS name resolutions. Where an anomaly concerning received DNS information is identified, a warning can be transmitted to the specific client computer from which the anomalous DNS information was received.

Abstract: Methods and systems for searching e-mails are disclosed. In one embodiment, a method for displaying information associated with electronic messages includes receiving information associated with a plurality of e-mails in response to a search query. Each e-mail in the plurality of e-mails is categorized according to a set of categories. Relevance is determined of each e-mail in the plurality of e-mails. The plurality of e-mails are then displayed using a graphical user interface according to the set of categories and the relevance of each e-mail. Input may be received from a user indicative of a tag. The tag may be associated with at least one of the plurality of e-mails and displayed to assist in review.

Abstract: A method and apparatus for optimizing storage space allocations, using at least one processor, for computer data in distributed file systems is described. In one embodiment, the method includes processing input/output activity that is associated with computer data to determine a current state of at least one file in a distributed file system, at flush time, combining various storage space allocation decisions applied over at least one network protocol to determine a plurality of file system operations that define storage space, based on the current state of the at least one file, for the computer data and executing the plurality of file system operations on the computer data stored in the storage space.

Abstract: A computer-implemented client-side method for protecting enterprise rights management keys from being compromised by untrusted client devices may comprise: 1) detecting a request on a client device to access protected data, 2) dynamically instantiating a processor-based secure virtual machine on the client device, 3) establishing a secure communication channel between the secure virtual machine and a policy server, 4) receiving, via the secure communication channel, a content key from the policy server, and then 5) decrypting, using the content key, the protected data using the secure virtual machine. Server-side methods, along with corresponding systems and computer-readable media, are also disclosed.

Abstract: A system and method for managing a resource reclamation reference list at a coarse level. A storage device is configured to store a plurality of storage objects in a plurality of storage containers, each of said storage containers being configured to store a plurality of said storage objects. A storage container reference list is maintained, wherein for each of the storage containers the storage container reference list identifies which files of a plurality of files reference a storage object within a given storage container. In response to detecting deletion of a given file that references an object within a particular storage container of the storage containers, a server is configured to update the storage container reference list by removing from the storage container reference list an identification of the given file. A reference list associating segment objects with files that reference those segment objects may not be updated response to the deletion.

Abstract: A system, method, and medium for dynamically scaling the size of a fingerprint index in a deduplication storage system. Fingerprints are stored as entries in a fingerprint index, and the fingerprint index is scaled to fit into an in-memory cache to enable fast accesses to the index. A persistent copy of the full fingerprint index is stored on a non-volatile memory. The cached fingerprint index uses binary sampling to categorize half of the fingerprint entries as samples and protected, and the other half of the entries as non-samples and replaceable. When a search of the cached index results in a hit on a sample entry, all of the non-sample entries associated with the same container are copied from the persistent index to the cached index.

Abstract: A computer-implemented method for retaining an executable environment during a data archive process is described. An executable file that is associated with an archived data file is identified. The executable file is part of a virtualization application layer. An identifier is archived that identifies the virtualization application layer. The identifier is associated with the archived data file. The virtualization application layer is provided when the archived data file is restored. The restored data file is accessed with the executable file.

Abstract: A method, system, computer program product and/or a computer readable medium of instructions for detecting one or more entities which are able to reinfect a processing system with malicious software. The method includes: monitoring, in the processing system, activity indicative of the malicious software reinfecting the processing system; in response to detecting the activity, storing a record of the activity and one or more entities associated with the activity; determining if the malicious software has reinfected the processing system; and in response to determining that the malicious software has reinfected the processing system, analysing the record to detect the one or more entities which were associated with the activity that caused and/or assisted in reinfecting the processing system with the malicious software. There is also disclosed a method, system, computer program product and/or a computer readable medium of instructions for detecting a variant of malicious software in a processing system.

Abstract: A method of maintaining and providing information relating to file deduplication. A first portion of a first file and a second portion of a second file that contain a first content are identified. A first header associated with the first portion is created. The first header identifies the first portion and the second portion containing the first content. The first header is appended to a storage location of the first content of the first portion to form a first data structure for the first file. The first data structure is stored. The first data structure is provided to an application requesting the first file so that duplicate data processing can be avoided by the application. The first data structure is updated when the first file or the second file are altered. A similar process may occur to generate a data structure for the second file.

Abstract: A computer-implemented method for delaying termination of a process to capture data relating to a potential threat is described. A process that executes an event that indicates a threat is monitored. The event is allowed to execute on the process until a predetermined indicator is triggered. Data associated with the execution of the event is recorded when the predetermined indicator is triggered. The recorded data is transmitted to a processing system for analysis. The process is terminated from continuing to execute the event.

Abstract: A method and apparatus for preventing sensitive data leakage due to input focus misappropriation is described. In one embodiment, a method for restricting a change in an input focus to protect sensitive data comprising identifying a visual representation component used to receive sensitive data, wherein the virtual representation component having an input focus of a computer and preventing a change in the input focus from the visual representation component.

Abstract: A method of reading data from a partitioned directory incident to a serialized process. A first read and an offset value are received. A first data block in a modeled fully partitioned directory is identified based on the offset value and a predetermined number of entries associated with a buffer. It is determined whether the first data block in the fully partitioned directory is present in the actual partitioned directory. Zeros are written in the buffer if the first data block in the fully partitioned directory is not present in the actual partitioned directory otherwise the first data block associated with the actual partitioned directory is written to the buffer. A second data block is similarly read by a second read operation and written. The second data block is associated with a second subdirectory, selected based on a horizontal node traversal at a node level of said first subdirectory.

Abstract: A method and apparatus for preventing data leakage facilitated by steganography is provided. In one embodiment, the method for preventing data leakage caused by steganography without perceptual quality degradation comprises processing content being transmitted from a computer, wherein the content comprises steganographic data; and before the transmission, modifying the steganographic data to corrupt hidden information within the content without perceptual quality degradation.

Abstract: Techniques for providing instant disaster recovery are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing instant disaster recovery comprising, maintaining, in a data store, data associated with a first host system, wherein the data comprises a first data portion and a second data portion, storing, in the first data portion, a disaster recovery agent, and exposing, to a second host system, the first data portion and the second data portion, wherein the disaster recovery agent is configured to initiate, on the second host system, a disaster recovery process, boot the second host system using the first data portion, and copy, from the data store, the second data portion in accordance with a first copy procedure and a second copy procedure.

Abstract: Controlling identity disclosures is disclosed. A difference between a site policy as received at a first time and the site policy as received at a second time is detected through at least partially automated processing. The existence of the difference is indicated before disclosing to a relying party associated with the site policy, at or subsequent to the second time, an identity information.