Abstract: Methods and computer program products that provide for extracting a portion of a file system for use as an independent file system and merging a file system into another file system are presented. One or more storage objects containing data from a multi-volume file system can be extracted from the multi-volume file system. One or more storage objects containing a first file system can be merged with one or more other storage objects containing a second file system, thus forming a merged file system.

Abstract: Hardware independent performance metrics for application tasks are assembled and submitted to a central repository from multiple installations in the field. These metrics are requested by and provided to specific computing devices, and used to calculate expected performance times for given application tasks on specific hardware configurations. Computing devices can automatically identify performance problems by comparing actual performance times of application tasks to calculated expected performance times. Events that take longer than expected to execute indicate a computing device performance issue.

Abstract: Techniques are disclosed for implementing dynamic endpoint compliance policy configuration. In one embodiment, a security service is provided that automates endpoint compliance policy configuration. A customer identifies its deployed client security products, and specifies the desired level of security. This security product and level information is used by the security service to generate endpoint compliance policies tailored to that customer's current network and/or security scheme. The security service can incorporate data obtained from early warning services that deliver timely and actionable security alerts into its policy generation process. In this way, the security service can provide endpoint compliance policies that protect its customers' machines from the very latest threats at any moment in time.

Abstract: A system and method for instrumenting program instructions. A processing system includes a compiler and a profiler. The compiler is configured to notify the profiler of a compilation event corresponding to first program instructions. In response to detecting the event, the profiler is configured to intercept compilation of the first program instructions, determine whether an instrumented version of the first program instructions is currently available, instruct the compiler to compile the instrumented version of the first program instructions if available, and retrieve and instrument the first program instructions if not available. The profiler may maintain an instrumentation cache for storing instrumented versions of program instructions. The instrumentation cache may further include metadata which identifies portions of program code which have been instrumented and their location. The profiler may generally instrument program instructions once during the resident life of a corresponding application.

Abstract: Restoring of content of data blocks to non-volatile storage as the content existed at a particular instant in time. After accessing the last backup representing the most recent backup of the plurality of data blocks prior to the particular instant in time, the content of each data block represented in the last backup is written to a corresponding position in the non-volatile storage. This last backup may be an incremental backup in which only those data blocks that had changed since the immediate prior backup were actually backed up. Then, restoration occurs through each prior backup in reverse chronologic order until the full backup is encountered and restored. When restoring a backup, a data block is not restored if the data block had already been restored proceeding in reverse chronological order.

Abstract: A scanning manager scans the file systems of virtual machines running on a base computer. In order to scan a virtual machine, the scanning manager identifies the file on the base machine that represents the virtual machine, freezes the virtual machine, and creates a snapshot thereof. The scanning manager restarts the frozen machine, and starts the snapshot. The files of the snapshot are mapped at a virtual machine level, and the resulting file mapping information is used to scan the files of the virtual machine at a base machine level. The scanning can comprise scanning for malicious code, such as virus signatures. The scanning manager can scan one, multiple or all virtual machine(s) running on the base computer, in conjunction with a full or partial scan of the base computer, or independently.

Abstract: A method, system, computer program product, and/or computer readable medium of instructions for identifying a malicious entity in a processing system, comprising determining an entity threat value for an entity, the entity threat value being indicative of a level of threat that the entity represents to the processing system, wherein the entity threat value is determined based on one or more characteristics of the entity; and compare the entity threat value to an entity threat threshold to identify if the entity is malicious. In another form, there is provided a method, system, computer program product, and/or computer readable medium of instructions for identifying a malicious entity in a processing system, comprising determining one or more input values indicative of an entity; and performing a fuzzy logic analysis in relation to the one or more input values to identify if the entity is malicious.

Abstract: A computer-implemented method may intercept a file-system call associated with a media file. The computer-implemented method may determine an attribute of the media file. The computer-implemented method may also identify a parental-control policy associated with the attribute of the media file. The computer-implemented method may further apply the parental-control policy to the media file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A client computer system of a cluster may send a request to create a file in a cluster file system. A server may create a file in response to the information and allocate space in a storage to the file. If a request to write to the file is received within a predetermined amount of time, the write may complete without requiring that additional operations be performed to allocate space to the file. If a write to the file is not received within the predetermined amount of time, the space allocated to the file when it was created may be de-allocated. The file system may additionally or alternatively perform a method for opening a file while delaying an associated truncation of space allocated to the file. If a request to write to the file is received within a predetermined amount of time, the write may be performed in the space already allocated to the file.

Abstract: Method and apparatus for restoring backup data to a computer is described. In one example, selected resources of within the backup data to be restored are specified. An installation package is generated that provides a hierarchical archive of the selected resources and is configured for execution by an operating system of the computer. The installation package is provided to the computer for execution thereon to effect a restoration of the selected resources onto the computer.

Abstract: A service manager (101) monitors and controls services (111), thereby providing protection against associated security vulnerabilities. The service manager (101) intercepts calls (105) to service related operations made by acting applications (103) and determines which acting application (103) made a specific intercepted call (105) to which target service (111). The service manager (101) then determines and executes an appropriate action based on a system policy (113). The appropriate action can comprise blocking the call (105), thereby preventing execution of service (111) based operations that conflict with the system policy (113).

Abstract: Subsets of non-paged pool unused pages entries are flushed from a translation lookaside buffer (TLB). An attempt to access malicious code within a not present page within the non-paged pool unused pages is made, e.g., by malicious code. The attempt to access the page generates a page fault, which is detected. The page is scanned for malicious code and a determination is made that the page contains malicious code. Protective action is taken to protect a host computer system from the malicious code. Accordingly, malicious code in a page marked not present, i.e., in a page that ordinarily would not be scanned for malicious code, is detected and defeated.

Abstract: A method and system for generating ranking criteria used to rank items in a computer system. The ranking criteria is based, at least in part, on storage information related to each of the items to be ranked. The storage information includes a storage parameter and/or a backup parameter. In one embodiment, a list of items is received in which storage information associated with each of the items is gathered. The items are ranked according to a relationship between the determined ranking criteria and at least the storage information associated with each of the items.

Abstract: A system or network may provide for communication between two or more applications. The communication is achieved by initiating communication between a first and second application. The communication is directed from the first application to a second virtual address of the second application. An actual address associated with the second application is determined. A first data channel is established between a first computer associated with the first application and a second computer associated with the second application over a control channel, to coordinate the communication over the first data channel. The communication is then directed to the actual address associated with the second application over the data channel. Further, the first data channel is taken down and a second data channel is established to maintain communication without the knowledge of the first and second applications.

Abstract: A legitimate process utilizes thread local storage (TLS) functionality to prevent a malicious thread from executing in its address space. The legitimate process includes a thread white list that identifies the entry point addresses of threads executed by the process. When executed on a computer, the process interacts with the TLS functionality provided by the computer's operating system. The operating system sends the process a message each time a new thread is executed in the process's address space. Upon receiving the message, the process determines the entry point address of the new thread and checks to see if the address is in the white list. If the thread entry point address is not in the white list, the thread is probably malicious and the process therefore terminates the thread's execution.

Abstract: A system and method for performing a granular restore of data objects from a directory service is disclosed. In one embodiment, at the time a backup of the directory services database is performed, a metadata file with index values for some data objects is created. The metadata file may include an index of the name and an object identifier for each included data object. During granular restore of one or more data objects selected for restoration, the corresponding object identifier is retrieved from the metadata file using the name of the data object. The object identifier is then used to restore the data object in the directory service.

Abstract: Systems and methods consistent with embodiments of the present invention provide a method for forwarding packets between VLAN groups served by segmented ports on a network switching device. A request from a source in a VLAN group to a destination in another VLAN group is identified. Information needed to route packets to the destination is obtained by re-broadcasting the request for destination information to all VLAN groups, which do not include the source, that are served by the network switching device. Information needed to route packets to the source is also obtained. In some embodiments, source and destination routing information obtained, is stored in tables in a memory cache on the network switching device. Information stored in the tables is used to relay additional packets between the segmented ports on the device serving the source and destination.

Abstract: A method for configuring a new server with a server configuration, such as a storage configuration, backup configuration, etc. The method may automatically detect presence of a new server coupled to a network and then automatically determine one or more attributes, such as available storage, of the new server. The method may then automatically determine one or more server configurations for the new server. For example, software may examine existing server configurations stored in a repository or database to determine if one or more of the existing server configurations are usable for configuring the server, e.g., based at least in part on the determined attributes of the new server. If the user accepts a server configuration, software may then operate to automatically configure the new server accordingly. Embodiments are included for adding server configurations to the repository. A global server configuration repository is also contemplated.

Abstract: Various methods and systems for maintaining a communication protocol connection during a failover are disclosed. One method involves obtaining a first value of a parameter associated with a communication protocol connection between a primary node and a client and sending a flow control message to the client, in response to detecting that the primary node is failed. The flow control message includes the parameter.

Abstract: A system and method of characterizing a logical storage object. Information associated with the logical storage object is stored. The information includes information characterizing quiesce capabilities and split characteristics for the logical storage object. That information is transmitted to a processor and is used to characterize the logical storage object.