Abstract: A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one method, the method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one data element triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.
Type:
Grant
Filed:
July 10, 2014
Date of Patent:
August 25, 2015
Assignee:
SYMANTEC CORPORATION
Inventors:
Shree Raman, John Gerald Ferguson, Bruce Christopher Wootton, Timothy Michael Wyatt, Hai Chen
Abstract: Techniques for securing authentication credentials on a client device during submission in browser-based cloud applications are disclosed. In one particular embodiment, the techniques may be realized as a method for securing authentication credentials on a client device comprising: detecting, on the client device, display of an authentication form in a browser window associated with a first flow to a target server; accessing, on the client device, one or more authentication credentials associated with a user of the client device; and submitting, to the target server, the one or more authentication credentials via a second flow to the target server.
Abstract: A method and apparatus for automatically configuring and provisioning cryptographic certificates is described. A certificate management sensor receives instructions from a first computing device to analyze a second computing device to identify an application on the second computing device associated with cryptographic network traffic on the second computing device, generates an application fingerprint based on application characteristics of the application, transmits the application fingerprint and a certificate signing request (CSR) to a certificate management system (CMS), and receives second instructions from the CMS to automatically install a cryptographic certificate on the second computing device based on the application fingerprint and CSR.
Abstract: The disclosed computer-implemented method for deploying applications included in application containers may include (1) identifying an application container that includes an application and facilitates transferring the application to a deployment environment, (2) performing a reconnaissance analysis on the deployment environment by identifying one or more properties of the deployment environment, (3) determining, based at least in part on the reconnaissance analysis, that the deployment environment meets a predetermined threshold of requirements for securely executing the application, and then (4) transferring the application included in the application container to the deployment environment in response to determining that the deployment environment meets the predetermined threshold. Various other methods, systems, and computer-readable media are also disclosed.
Type:
Grant
Filed:
November 20, 2014
Date of Patent:
August 25, 2015
Assignee:
Symantec Corporation
Inventors:
Sanjay Sawhney, Petros Efstathopoulos, Daniel Marino
Abstract: A computer-implemented method for facilitating software testing using operating-system component virtualization may include 1) identifying a software product installed on a computing system comprising a base operating system; 2) selecting an operating-system-level component with which the software product is to be tested; 3) isolating the operating-system-level component in a virtualization layer that is distinct from the base operating system; 4) activating the virtualization layer such that access requests directed to the base operating system for the operating-system-level component are redirected to the virtualization layer; 5) testing the software product while the virtualization layer is active to determine how the software product would function if the operating-system-level component was part of the base operating system; and 6) after the testing is complete, deactivating the virtualization layer such that the operating-system-level component is no longer visible to the base operating system or the so
Abstract: A computer-implemented method for authenticating an application is described. In one embodiment, a software package is received and the software package may be authorized based at least in part on an evaluation of the software package. Upon authorizing the software package, a signature file is embedded in a directory of the software package. A request to use a privileged service provided by a service provider is received from a client. In some embodiments, the request includes a custom class loader, the custom class loader being configured to construct a proxy object as an interface to the privileged service.
Type:
Application
Filed:
February 14, 2014
Publication date:
August 20, 2015
Applicant:
Symantec Corporation
Inventors:
Jonathon Salehpour, Brian Witten, Bruce McCorkendale
Abstract: A computer-implemented method for applying data loss prevention policies to closed-storage portable devices may include (1) injecting a data loss prevention component into at least one application process that is running on a computing device, (2) intercepting, via the data loss prevention component, an attempt by the application process to transfer a file to a closed-storage portable device that is connected to the computing device, (3) identifying a data loss prevention policy that applies to the attempt by the application process to transfer the file, (4) determining that the attempt by the application process to transfer the file violates the data loss prevention policy, and (5) performing a security action in response to determining that the attempt by the application process to transfer the file violates the data loss prevention policy. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A method for quickly identifying data residing on a volume in a multivolume file system. The method includes generating a file location map, the file location map containing a list of the locations of files that occupy space on each of a plurality of volumes of the file system. The file system comprises least a first volume and a second volume. The file location map is updated in accordance with changes in a file change log for the file system. Data residing on the first volume of the file system is identified by scanning the file location map.
Type:
Grant
Filed:
October 30, 2009
Date of Patent:
August 18, 2015
Assignee:
Symantec Corporation
Inventors:
Murthy V. Mamidi, Kadir Ozdemir, Charles Silvers, Paul Massiglia
Abstract: A method and apparatus for detection of DLP violations with language detection are described. A DLP product may monitor data content associated with the computing system, and identify a language of the data content. Based on the identified language, the DLP product identifies from among multiple DLP policies a first set of one or more DLP policies that are applicable for the identified language (referred to herein as language-specific DLP policies). The DLP product scans the data content using the first set to detect a violation of one of the DLP policies in the data content, and performs a DLP action in response to the detected violation.
Abstract: Systems and methods for extent reference count updates are presented. In one embodiment; a reference count update method includes: receiving a plurality of data files associated with various modalities; performing an analysis on the data files including examining an impact of the plurality of data files on storage based upon a type of the modality; and forwarding resulting analysis information for presentation in a convenient user interface, including an indication of the impact of the plurality of data files on the storage based upon the type of the modality. In one embodiment the analysis includes resource consumption analysis of the storage associated with the type of modality. The analysis can include a cost analysis of the storage associated with the type of modality. The storage can be included in a cloud environment.
Type:
Grant
Filed:
September 18, 2010
Date of Patent:
August 18, 2015
Assignee:
Symantec Corporation
Inventors:
Eric Douglas, Christine Hao, Zachary Steinkamp
Abstract: A computer-implemented method for safely executing programs may include identifying an attempt to launch an executable file. The computer-implemented method may also include identifying a reputation associated with the executable file. The computer-implemented method may further include determining, based on the reputation, that the executable file is not trusted. The computer-implemented method may additionally include, in response to determining that the executable file is not trusted, fulfilling the attempt by sandboxing a process instantiated from the executable file. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for disaster recovery from binary large objects may include (1) identifying a volume of data to be protected, (2) identifying a binary large object storage system, (3) replicating the volume to the binary large object storage system by writing to a binary large object file on the binary large object storage system to be readable as a consumable virtual disk that may represent the volume and (4) mounting the consumable virtual disk directly from the binary large object file. Various other methods, systems, and computer-readable media are also disclosed.
Type:
Grant
Filed:
March 6, 2013
Date of Patent:
August 18, 2015
Assignee:
Symantec Corporation
Inventors:
Kushal Shah, Makarand Chatur, Manav Deshmukh, Jahangir Ahmad
Abstract: Various systems and methods selectively generate a point-in-time copy of less than all of the data items within a collectively-managed set of data items. One method involves detecting a modification to a first unit of data within a collectively managed set, subsequent to generation of a selective snapshot of the collectively managed set, and then accesses a first tag associated with the first unit of data. Based on a value of the first tag, the method determines whether the first unit of data is included in a subset of the collectively managed set. The subset includes at least two of the units of data and fewer than all of the units of data in the collectively managed set. Based upon whether the unit of data is included in the subset, the method selects whether to preserve an original value of the first unit of data.
Abstract: A computer-implemented method for measuring compliance with a recovery point objective for an application may include identifying a set of mount points on a primary site written to by the application. The computer-implemented method may also include identifying a second site used for asynchronous replication of the primary site. The computer-implemented method may further include periodically updating a time value on each mount point in the set of mount points on the primary site. The computer-implemented method may additionally include, for each mount point in the set of mount points, measuring a replication lag by calculating a difference between the time value on the mount point and a replication of the time value on a corresponding mount point on the secondary site. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for informing users about applications available for download may include (1) identifying, through sharing functionality provided by an operating system, shared content that identifies an application hosted by an application distribution platform, (2) in response to identifying the shared content, obtaining security information about the identified by the shared content, and (3) informing, prior to a user downloading the application, the user of the obtained security information about the application to enable the user to make an informed decision about whether to download the application. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for scanning packed programs in response to detecting suspicious behaviors may include (1) executing a packed program that may include (i) malicious code that has been obfuscated within the packed program and (ii) unpacking code that deobfuscates and executes the malicious code when the packed program is executed, (2) monitoring, while the packed program is executing, how the packed program behaves, (3) detecting, while monitoring how the packed program behaves, a suspicious behavior of the malicious code that indicates that the unpacking code has deobfuscated and executed the malicious code, and (4) performing a security operation on the packed program in response to detecting the suspicious behavior of the malicious code. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: Techniques are disclosed for authenticating users to a computing application. A mobile or tablet device is used to generate a security code. Near field communication (NFC) hardware on the mobile device is used to transfer the security code from the mobile device to a computer. To transfer the one-time value, a user simply taps an NFC enabled mobile device on an NFC enabled computing device (e.g. a laptop running a web browser used to access a web service). In one embodiment, doing so triggers a connection between the two devices and an application running on the mobile device transfers the security code to an NFC receiver application running on the computer. The receiving computer may be configured to auto-fill the received security code in the appropriate form field of the application authentication interface.
Abstract: A method and apparatus for controlling audio/video display using a policy is disclosed. In one embodiment, a method for policy-based control of audio/video display including monitoring at least one of at least one audio/video signal input or at least one power outlet using a policy, wherein the policy defines information for controlling audio/video display and in response to a detection of at least one of an audio/video signal or an electrical power, routing the at least one of the audio/video signal or the electrical power according to the policy.
Abstract: A mechanism for profiling user and group accesses to a content repository is described. The mechanism for profiling accesses may generate baseline profiles and determine if new access behavior deviates from the generated baseline profile. The deviations may be defined in terms of folder and/or user-group distances within a file-system/storage and/or organization hierarchy, respectively. The mechanism also includes an analytics engine for anomaly detection and a recommendation component for recommending access-permissions to files/folders.
Abstract: A computer-implemented method for determining whether GPUs are executing potentially malicious processes may include (1) identifying at least one GPU associated with a computing device, (2) analyzing the behavior of the GPU associated with the computing device, (3) determining that the analyzed behavior of the GPU indicates that the GPU is executing at least one potentially malicious process, and then (4) performing at least one security action on the GPU in response to determining that the analyzed behavior indicates that the GPU is executing the potentially malicious process. Various other methods, systems, and computer-readable media are also disclosed.