Abstract: The disclosed computer-implemented method for identifying malicious files may include (1) identifying different instances of a file that is subject to a security evaluation, (2) identifying, within a field for each of the different instances, an attribute of the different instance that associates the different instance with a respective application, (3) determining that the respective applications to which the different instances of the file are associated are distinct applications and are known to be safe, (4) adjusting a security policy for the file, by increasing an estimation that the file is malicious, based on the determination that the respective applications are distinct applications and are known to be safe, and (5) classifying, in a software security system, the file as malicious based on the adjusted security policy that increased the estimation that the file is malicious. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The virtualization of file system placeholders is described. In one embodiment, a method for virtualizing placeholders includes monitoring placeholder creation initiated by at least one archival operation, generating placeholder data in a separate data store from a file system, wherein the placeholder data comprises a plurality of placeholders that correspond with a plurality of archived files, and servicing access requests for at least one archived file of the plurality of archived files using the placeholder data.

Abstract: A method for performing storage system de-duplication. The method includes accessing a plurality of initial partitions of files of a storage system and performing a de-duplication on each of the initial partitions. For each duplicate found, an indicator comprising the metadata that is similar across said each duplicate is determined. For each indicator, indicators are determined that infer a likelihood that data objects with said indicators contain duplicate data is high. Optimized partitions are generated in accordance with the chosen indicators. A de-duplication process is subsequently performed on each of the optimized partitions.

Abstract: Techniques for identifying misleading applications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for identifying misleading applications comprising receiving a request for network data, parsing the request for network data, using a processor, to determine if one or more portions of the request match a suspicious indicator, identifying the suspicious indicator without using a known malware domain or a known malware signature, and performing a specified action in the event one or more portions of the request match a suspicious indicator.

Abstract: A hybrid authentication device that has a keypad, a display, an electronic communications interface and a processor and memory that can be removable, such as a Subscriber Identity Module. The device can operate in a stand-alone mode, in which a user enters a personal identification number and challenge using the keypad, and the device generates a response. The device can also function as a smartcard, and can be electronically coupled to an external device using the communications interface.

Abstract: Techniques for evicting cached files may be realized as a method including: maintaining a file system cache storing selected files from a file storage; for files that are above a threshold size, selectively storing chunks of the files; for each file that is stored, associating an access bit and a size bit with that file; for each file that is stored selectively as file chunks, associating an access bitmap to the file having an access bit associated with each file chunk; when a file is accessed, setting the access bit associated with the file and file chunk to indicate recent access; at set intervals, periodically clearing the access bits to not indicate recent access; and carrying out a cache eviction process comprising evicting at least one file or file chunk associated with an access bit that does not indicate recent access.

Abstract: Techniques for spare storage pool management are disclosed. In one particular embodiment, the techniques may be realized as a method for spare storage pool management comprising receiving spare storage configuration information for a storage drive pool comprising a plurality of storage drives, maintaining spare storage mapping information to spare storage within the storage drive pool based at least in part on the spare storage configuration information, monitoring spare storage within the storage drive pool for detecting block failures within the storage drive pool, detecting a failure of a block in a first storage drive of the plurality of storage drives, and updating the spare storage mapping information associated with the failed block in the first storage drive to map to a spare block in a second storage drive of the plurality of storage drives.

Abstract: Techniques for providing incremental backup restoration are disclosed. In one particular exemplary embodiment, the techniques may be realized as a computer implemented method for providing incremental backup restoration comprising setting one or more allocated electronic storage indicators each indicating an allocated portion of electronic storage, comparing the one or more allocated electronic storage indicators with one or more prior backups in reverse chronological order starting from a most recent backup and proceeding until all of the one or more allocated electronic storage indicators have been identified in the one or more prior backups, and restoring the one or more prior backups corresponding to the one or more allocated electronic storage indicators.

Abstract: The popularity of various application features is tracked, and applications are compiled or otherwise configured for optimization based on the use of the more popular features. More specifically, application features are mapped to corresponding sections of underlying code, and compiler directives are generated to direct a compiler to optimize the application for the performance of specific, application features, based on their popularity. This way, the application is compiled for use at an application feature level, rather than for size or speed generally. In another embodiment, the optimization is performed after compile time, by rearranging object code pages of an executable image, based on corresponding application feature popularity.

Abstract: Various embodiments of a system and method for archiving data items to one or more archival storage devices are described. According to some embodiments of the method, an archival software application may implement a plurality of producer agents, where each of the producer agents is executable to produce items of a different type. The archival software application may also implement a plurality of archiving agents for archiving the items produced by the producer agents to one or more archival storage devices. In some embodiments each of the archiving agents may be executable to archive any item of any type produced by the producer agents. The archival software application may also implement a plurality of indexing agents executable to create a searchable index of the items archived to the one or more storage devices.

Abstract: A method and apparatus for automatically correlating policy violation incidents. In one embodiment, the method includes receiving user input identifying one of policy violation incidents stored in a data repository, where each policy violation incident is associated with one or more attributes. The method further includes automatically correlating the identified policy violation incident with other policy violation incidents that have in common at least one attribute with the identified policy violation incident, and presenting the resulting correlation information to a user.

Abstract: A computer-implemented method for protecting deduplicated data may include (1) identifying a deduplicated data system, (2) identifying a tiered storage system for storing deduplicated objects of the deduplicated data system, (3) assigning a level of priority to at least one deduplicated object within the deduplicated data system based on at least one property of the deduplicated object, (4) selecting a storage tier within the tiered storage system for storing the deduplicated object based on the level of priority, and then (5) storing the deduplicated object within the selected storage tier. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for information storage replication are presented. In one embodiment, a namespace conversion process is performed. Node information regarding a file systems operation change is received. A changed node to pathname object conversion process is performed. An unchanged node to pathname object conversion process is performed. In one exemplary implementation, the changed node to pathname object conversion process and the unchanged node to pathname object conversion process utilize data structures that return the object indications and parent node indications. An object indication is inserted in a pathname.

Abstract: A computer-implemented method for transparent data loss prevention classifications may include 1) identifying a document that received a classification by a machine learning classifier for data loss prevention, 2) identifying at least one linguistic constituent within the document that contributed to the classification, 3) identifying a relevant passage of the document that contextualizes the linguistic constituent, and 4) displaying a user interface including the linguistic constituent in context of the relevant passage. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for virtual archiving are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for performing virtual archiving comprising applying archiving rules to a backup catalog, generating a virtual archive catalog based at least in part on a result of applying archiving rules to the backup catalog, determining a backup image associated with the virtual archive catalog becoming expired and converting the backup image into an archive image.

Abstract: A computer-implemented method for predictive responses to internet object queries may include receiving a query from a client to evaluate a first internet object. The computer-implemented method may also include analyzing the query to predict a set of additional internet objects for which the client may subsequently request an evaluation. The computer-implemented method may further include transmitting an evaluation of the first internet object and of each additional internet object in the set of additional internet objects to the client. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Telemetry data concerning web pages that users attempt to access containing fields prompting entry of personal information is received from many client computers over time. Based on the telemetry data, it is determined which fields prompting entry of personal information are expected to be present on specific web pages. The fields prompting entry of personal information on web pages users attempt to access are compared to the fields expected to be present. When a specific user attempts to access a specific web page in real-time, it can be adjudicated on-the-fly that the web page is suspicious, based on the web page containing at least one unexpected field. Correlations between web pages containing specific unexpected fields and the hygiene ratings of the users attempting to access the web pages when the unexpected fields are encountered can be tracked and taken into account in the adjudication of web pages.

Abstract: Power consumption on a mobile computing device is reduced, by identifying and managing apps that prevent the mobile device from sleeping while the screen is off. It is detected when the screen is turned off and when it is subsequently turned back on. During the ensuing period of time, it is determined which specific apps prevent the mobile device from sleeping. This can take the form of identifying each specific app on the mobile device that has an unreleased wake lock at any point during the given period of time while the screen is off. The prevention of the device from sleeping while the screen was off is quantified by app according to power consumption, based on factors such as duration. Any apps for which the quantified prevention of the mobile device from sleeping while the screen was off meets a specific threshold are identified and managed.

Abstract: A data loss prevention (DLP) manager running on a security virtual machine manages DLP policies for a plurality of guest virtual machines. The DLP manager identifies a startup event of a guest virtual machine, and installs a DLP component in the guest virtual machine. The DLP component communicates with the DLP manager operating within the security virtual machine. The DLP manager also receives file system events from the DLP component, and enforces a response rule associated with the guest virtual machine if the file system event violates a DLP policy.

Abstract: Attacks are simulated to a user, by performing the steps of the attacks without actually performing any malicious activity. Educational security information is displayed to the user, based on the user's response to simulated attacks. If the user responds to a simulated attack in a manner indicating that the user is vulnerable, educational security information can be displayed that educates the user as to how to avoid being victimized. One or more security settings for protecting the user's computer from malware can be adjusted, based on the user's response to the simulating of attacks. Additionally, other factors can be adjusted based on the user's response to the simulating of attacks, such as a security hygiene rating and/or a level of monitoring activity concerning the user.