Abstract: Encrypting data on an originating computer and prevent access to this data if the computer is stolen or otherwise unauthorized for use. Access to the encrypted data is granted based on the originating computer's ability to successfully send the data encryption keys, via an electronic connection, to a remote computer and have the remote computer decrypt the encryption keys and transmit them back to the he originating computer. When originating computer receives the decrypt encryption keys, it can then successfully decrypt the encrypted hard drive using the encryption key provided by the remote computer.

Abstract: A method for managing file access history information is described. An application opening a file is identified. Access rights used to open the file are determined. A time parameter associated with the opening of the file is recorded. An access frequency parameter for the file over a predetermined period of time is calculated. File access history information associated with the file is stored.

Abstract: A method for restoring deduplicated data may include receiving a request to restore a set of deduplicated data segments to a client system, where each data segment in the set of deduplicated data segments is referred to by one or more deduplication references. The method may also include procuring reference data that indicates, for each data segment in the set of deduplicated data segments, the number of deduplication references that point to the data segment. The method may further include using the reference data to select one or more data segments from the set of deduplicated data segments for client-side caching, caching the one or more data segments in a cache on the client system, and restoring the one or more data segments from the cache on the client system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for analyzing an unverified executable file within an antivirus engine in order to identify the executable file as being obfuscated by an unknown obfuscator program is described. An unverified executable file comprising obfuscated library strings is received. A list of pre-verified library strings is accessed. A determination is made as to whether the unverified executable file comprises one or more of the pre-verified library strings. The unverified executable file is identified as being obfuscated by an unknown obfuscator program if the file does not comprise one or more of the pre-verified library strings.

Abstract: A method and system for improving performance with single-instance-storage volumes by leveraging data locality is provided. A client provides a set of fingerprints generated from data segments to be saved to a single-instance storage volume and receives the information on whether a data segment exists on the single-instance storage volume and where it is stored if a data segment exists. Based on its received information, the client determines if a number of non-sequential accesses of a computer-readable medium for the set of segments from the single-instance-storage volume exceeds a predetermined threshold. If so, the client provides the whole set of data segments for storage within the single-instance storage volume regardless of whether or not the data segments are duplicate data segments. These sent data segments will be stored contiguously within the single-instance storage volume while the duplicates will be removed from their previous stored locations.

Abstract: Various embodiments of a system and method for providing protection against malicious software programs are disclosed. The system and method may be operable to detect that a first window of a legitimate software program has been replaced by a second window of a malicious software program, e.g., where the second window includes features to mimic the first window in an effort to fool the user into inputting sensitive information into the second window. The method may operate to alert the user when the window replacement is detected.

Abstract: Determining a security policy to apply to access requests to network sites that have not been classified for security risks is accomplished according to user behavior. Past behavior of users and requests to access network sites that are known security risks is recorded. When a user requests access to a site that is not classified for security purposes, a security policy is selected based on one or more users' past behavior. When a user has a history of not accessing sites that pose security risks, a more permissive security policy is set, and when a user has a history of requesting access to sites that do pose security risks a more restrictive security policy is set. Access requests are tracked, and security policy may be set at a name server that is remote from a user or user's computing system.

Abstract: Systems and methods for configuring a specific-use computing system are disclosed. A computing system may comprise a first set of predetermined application programs and a processor limited to executing the first set of predetermined application programs and pre-approved application programs received from a pre-approved computing device. The computing system may also include a communication interface configured to enable communication between the first computing system and the pre-approved computing device. Exemplary methods and computer-readable media are also enclosed.

Abstract: A computer-implemented method to display a dynamic list of virtual objects is described. An activity relating to a management object is detected. A dynamic list of virtual objects is displayed on a screen. The virtual objects are possible recipients of the management object. A determination is made as to whether the activity relating to the management object is terminated. The display of the dynamic list of virtual objects on the screen is terminated when the activity relating to the management object is terminated.

Abstract: A method and system for implementing network proxy are provided. The method includes: establishing a first connection between a client and a server through a proxy adapter, so as to enable the client to acquire status information of the server through the first connection; and if the status information of the server shows that the server is in a turn-on state, establishing a second connection between the client and the server, so as to enable the client and the server to transmit a data packet through the second connection. Through the method for implementing network proxy, the client acquires the status information of the server through the first connection, and only when the status information of the server is the turn-on state, could the second connection between the client and the server be established, thereby ensuring the reliability of establishing the second connection, and improving the user experience.

Abstract: Registry information systems and methods are presented. In one embodiment, an application dedicated registry hive method comprises: performing application dedicated registry hive agent operations, including: an online initiation phase in which a system independent application dedicated registry hive from a shared resource is loaded into the system namespace; a monitoring phase in which status of the system independent application dedicated registry hive is monitored; and an offline initiation phase in which the system independent application dedicated registry hive is unloaded from the system namespace; and performing an application dedicated registry hive driver filter process, including redirecting read and write operations to the system independent application dedicated registry hive. The system independent application dedicated registry hive can include a registry content file and a corresponding transaction log file.

Abstract: Embodiments of the present invention are directed to a method and system for optimizing replication within a storage system utilizing multiple tiers by using tier-specific replication modes. The method includes receiving, within an electronic system having a plurality of tiers, an access request for a portion of storage associated with a first tier of the plurality of tiers and accessing a replication attribute corresponding to the first tier and also corresponding to a replication mode. The method further includes sending the access request to the portion of storage; and replicating the access request to a remote storage wherein the replicating is based on the replication mode and wherein each of the plurality of tiers have associated therewith a respective replication attribute defining a respective replication mode.

Abstract: Techniques for providing improved perpetrator imaging are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing improved perpetrator imaging comprising identifying a client device as at least one of lost and stolen, detecting, on the client device, a difference in first pixel data associated with a first frame of a visual image and second pixel data associated with a second frame of the visual image, and capturing, on the client device, a plurality of photographs in response to detecting the difference.

Abstract: A computer-implemented method may include creating a first full backup of a set of data units at a first time. The computer-implemented method may also include identifying one or more data units in the set of data units that have been modified since the first time. The computer-implemented method may further include creating a second full backup of the set of data units by providing copies of the one or more data units that have been modified since the first time and storing references to copies of one or more data units in the set of data units that have not been modified since the first time. The references may be configured such that the second full backup is a standalone backup that is independent of any other backups.

Abstract: A plurality of queuing components each monitor an incoming email stream, and identify incoming email messages with suspicious attachments. Each queuing component generates signatures of the suspicious attachments, and submits periodic reports to a correlation component. The reports list signatures and receipt times for suspicious attachments received since a last submitted report. The queuing component queues the suspicious attachments for a specified hold time, and further processes queued attachments based upon information concerning attachment acceleration rates received from the correlation component. The correlation component receives reports from the plurality of queuing components, and uses information in the submitted reports to maintain a system wide receipt history for each suspicious attachment.

Abstract: A system and method for creating a backup image from a volume including a plurality of files are described. Information specifying a subset of the files, but not all of the files, to backup may be received. The volume may include a plurality of blocks, where the plurality of blocks includes a respective set of data blocks for each file of the volume and blocks of file system metadata structures for the volume. The method may comprise identifying a subset of, but not all of, the plurality of blocks to copy into the backup image. The subset of blocks may include each data block for each file of the subset of files, and may also include blocks of one or more file system metadata structures needed for accessing the subset of files. The method may further comprise copying each block of the subset of blocks into the backup image. In some embodiments the subset of blocks may be copied into the backup image without copying data blocks for files not in the specified subset of files.

Abstract: A method of creating backup files having less redundancy. The method creates a backup file by creating an overhead segment for each file that is to be backed up and creating a data segment containing the data that is to be backed up for each file. After creating the overhead segment and the data segment, the overhead segment is placed into an overhead stream data segment is stored in memory. The overhead segment is also positioned in the overhead stream with a pointer that identifies the data segment within the memory. For backups of subsequent servers or the same server at a later time, the backup software will create a separate overhead stream. However, a plurality of overhead streams may contain pointers to the same data segments such that redundant data segments do not need to be stored in a backup server.

Abstract: A hygiene-based determination of legitimacy of activities performed by applications on clients is performed. A receiving module receives, from a client, information regarding an application that is performing an activity on the client. A hygiene score module determines a score distribution for hygiene scores of other clients on which the same type of application has performed the same activity. A correlation module correlates the activity being performed by the application on the client with the score distribution for hygiene scores. A reputation computation module computes, based on the correlation, a reputation score for the activity with respect to the application performing the activity. Finally, a legitimacy identification module identifies, based on the reputation score, whether the activity is an illegitimate activity for the application.

Abstract: Various embodiments of a system and method for performing a file system operation on a specified storage tier are disclosed. Input specifying a file system operation and a pathname may be received. The pathname may include a plurality of components, including one or more directory components and a storage tier component. The pathname may be analyzed to determine a directory specified by the one or more directory components and a storage tier specified by the storage tier component. The file system operation may be performed, where the file system operation operates on the first directory and the first storage tier. In a further embodiment, the components of the pathname may also include a filename component. Thus, the pathname may be further analyzed to determine a filename specified by the filename component. The file system operation may operate on the first filename, the first directory, and the first storage tier.

Abstract: A computer-implemented method for temporarily adjusting control settings on computing devices. The method may comprise: 1) receiving a set of permissions for adjusting a set of control settings on a computing device, 2) identifying the set of control settings to be adjusted, and then 3) temporarily adjusting, based on the set of permissions, the set of control settings. The method may further comprise saving a base state of the set of control settings and restoring the set of control settings to the base state. Corresponding systems and computer-readable media are also disclosed.