Abstract: The packing manager provides an automated method that allows existing AV scanning technology to be applied to detect known malware samples packed by one or more packers that are potentially proprietary. The packing manager tracks the memory areas to which an executable binary writes and executes, and so can unpack programs packed by multiple arbitrary packers without requiring reverse-engineering of the packers or any human intervention. By tracking page modification and execution of an executable binary at run time, the packing control module can detect the instant at which the program's control is first transferred to a page whose content is dynamically generated, so AV scanning can then be invoked. Thus, code cannot be executed under the packing control manager without being scanned by an AV scanner first.

Abstract: An attempt to write to a block of data in a main volume of data is detected. An indicator associated with the block of data is accessed before a copy-on-write operation to a snapshot volume is performed for the block of data. The indicator is used to determine whether the copy-on-write operation is to be performed for the block of data.

Abstract: A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A partial replication step shot method. The method includes receiving a first snapshot at a first time from a replication source and receiving a set of data objects from the replication source that have been modified during a time period between the first time and a subsequent second time. A second snapshot is generated at the second time on the replication source by using the set of data objects. An application is mounted onto the second snapshot prior to the set of data objects being received to completion.

Abstract: A method and apparatus for managing data loss due to policy violations in temporary files is described. In one embodiment, the method includes monitoring, by a client agent, information content on a client for violations of a policy. The method further includes determining, by the client agent, that a violation of the policy has occurred for content of a temporary file of an application. In one embodiment, the policy violation of the temporary file is correlated, by the client agent, with an original file of the application.

Abstract: A method, apparatus, and system for accessing units of storage that depends at least in part on an address of the unit of storage and the time that data was written to the unit of storage. A virtual data store can be created that reflects the state of an original data store at a specified time, where the specified time is selected, for example, from a substantially continuous time interval.

Abstract: Techniques for virtualizing data are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for virtualizing data comprising identifying source data to be virtualized, intercepting an input/output (i/o) request to the source data, determining whether the input/output request is a read request or a write request, in the event the input/output request is a write request, storing one or more changes contained in the write request, and in the event the input/output request is a read request, determining whether a portion of data requested has been modified and responding to the read request. Responding to the read request may comprise providing stored data in the event a portion of the data requested has been modified, and utilizing source data in the event the data requested is unmodified.

Abstract: A method and apparatus for implementing a storage lifecycle policy based on a hierarchy of storage destinations to improve storage lifecycle management is described. In one embodiment, the method comprises specifying at least one source copy for at least one storage lifecycle operation in a storage lifecycle policy to generate a storage destination hierarchy using the at least one specified source copy and performing the at least one storage lifecycle operation using the storage destination hierarchy.

Abstract: System and method for refreshing databases. A refresh mechanism may allow a data warehouse to remain available to users while the data is being refreshed. Embodiments may be used to perform low impact off-host data loading for databases including, but not limited to, data warehouses and to reduce the data loading window. A checkpoint of the production database may be generated. A database clone may be generated from the checkpoint. In one embodiment, the generated database clone includes references to data in the production database and not the data itself, and is thus storage space-efficient. Data may be loaded to the database clone. The checkpoint may then be switched to be the entry point to the production database after the loading is complete.

Abstract: A system and method for directing query traffic. In one embodiment, the system may include a plurality of query servers, each configured to evaluate queries, and a query traffic director. The query traffic director may be configured to receive a given query formulated in a query language for evaluation, to parse the given query, to identify a dataset targeted by the given query dependent upon parsing the given query, and to convey the given query to a particular query server dependent upon the identified dataset.

Abstract: A method for implementing network security access control is provided, including: receiving and decrypting terminal identity information that is encrypted in a bi-directional encryption mode and forwarded by a switch, and authenticating the decrypted terminal identity information; returning an authentication result to the switch so that the switch controls access of a terminal to a network according to the authentication result; encrypting the decrypted terminal identity information in a solo-directional encryption mode and authenticating the encrypted terminal identity information; returning an authentication result to a security access control gateway so that the security access control gateway controls access of the terminal to network resources according to the authentication result; delivering a security policy to a security control module on the terminal so that the security control module controls the terminal according to the security policy.

Abstract: Analyzing security risk in a computer network includes receiving an event associated with a selected object in the computer network, and determining an object risk level for the selected object based at least in part on an event risk level of the event received, wherein the event risk level accounts for intrinsic risk that depends at least in part on the event that is received and source risk that depends at least in part on a source from which the event originated.

Abstract: Computer readable storage medium, computer-implemented method, and computer system for identifying substring repetition in a pass phrase. A sub-string index is generated. The number of bits required to represent each character in the pass phrase is determined. An entropy value is assigned to each character in the pass phrase in accordance with a probability function that assigns highest probabilities at boundaries of an interval for the entropy of a character, or that assigns lowest probabilities when a ratio of a number of pass phrase characters to pass phrase length is equal to a ratio of a size the interval to a sum of interval sizes. A total entropy value for the pass phrase is computed to provide an indication of pass phrase quality.

Abstract: A method, system, and computer readable medium for asynchronously processing write operation on a volume having copy-on-write snapshots. In one embodiment, the method comprises the steps of: updating a normal mirror with write data associated with a write operation for the volume; asynchronously copying the write data from an asynchronous mirror to at least one copy-on-write snapshot; and, once the at least one copy-on-write snapshot is updated, updating the asynchronous mirror with the write data from the normal mirror.

Abstract: A method involves detecting that a first storage device is inaccessible. The information stored on the first storage device is a synchronized copy of information stored on a second storage device. In response to detecting that the first storage device is inaccessible, modification logging is initiated. Modification logging involves detecting modifications to information stored on the second storage device and storing information that indicates an order in which the modifications occur to the second storage device. The stored information can indicate the order explicitly (e.g., by including a timestamp or sequence number) or indirectly (e.g., the order of entries stored in a log can indicate the order of the modifications represented by those entries). The stored information can also include the new values generated by the modifications. The stored information can then be used to resynchronize the information stored on the first and second storage devices.

Abstract: The operating system agnostic PXE network booting environment is simulated, such that the VMs boot “virtually” from a network boot image, which is actually provided by the hypervisor. More specifically, the network traffic of VMs is filtered, and PXE requests are detected. Responsive to a detected PXE request, the hypervisor simulates the PXE server, and returns an invalid IP address to the VM for PXE communication. This invalid IP address is configured for only internal communication on a virtual network. The hypervisor intercepts PXE related communication sent by the VM to the invalid address, and returns expected PXE responses to the VM, including a boot image. This allows the hypervisor to provide, inspect and/or modify the boot time environment of VMs.

Abstract: A method and apparatus for managing a lifecycle of a snapshot image using a storage lifecycle policy is described. In one embodiment, the method comprises recording a snapshot image of a volume and creating a copy of the snapshot image, wherein the copy is to be used to implement a storage lifecycle policy for the snapshot image.

Abstract: A computer-implemented method for removing unreferenced data segments from deduplicated data systems may include: 1) identifying a deduplicated data system that contains a plurality of data objects, 2) dividing the data objects within the deduplicated data system into a plurality of data object groups, 3) identifying, within the data object groups, at least one data object group that has changed subsequent to a prior garbage-collection operation that removed data segments that were not referenced by data objects within the deduplicated data system, 4) identifying at least one container within the deduplicated data system that contains data segments referenced by data objects within the changed data object group, and then, for each identified container, 5) removing data segments from the identified container that are not referenced by data objects within the deduplicated data system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method includes generating a list of shared and private memory regions of a debuggee. A thread is injected into the debuggee for generating the list and communicating with the debugger. Associated shared memory region handles are added to the list. The handles are used to map the shared memory regions of the debuggee to a debugger. New shared memory regions corresponding to the private memory regions of the debuggee are created and mapped to the debugger. Handles for the new shared memory regions are provided to map the new shared memory regions to the debuggee. The debuggee private memory regions are freed. The new shared memory regions are mapped to respective virtual addresses of the debuggee corresponding to the respective freed private memory regions. In this manner, content of debuggee memory regions is directly accessible by the debugger, and computer processing resources are conserved.

Abstract: A system and method for determining a designated boot volume of a computer system coupled to a SAN is disclosed. The computer system is configured to boot from a logical volume on the SAN using a corresponding bus interface. One or more logical volumes within the SAN are identified and have code written to them. The code is executable to determine whether or not the computer system is configured to boot from that logical volume and to determine configuration information stored on the identified logical volumes.