Abstract: A method and apparatus for detecting rogue security software whereby a timeframe and a threshold pop-up score are defined. A user computing system is monitored/scanned for any pop-up events being presented to the user and once a pop-up event is detected, the source process, or application, associated with the pop-up event is identified. The identified source process is then monitored for at least the defined timeframe and each pop-up event associated with the identified source process in the defined timeframe is counted and used to compute a pop-up score for the identified source process. The pop-up score for the identified source process is then compared with the threshold pop-up score and if the pop-up score associated with the identified source process exceeds the threshold pop-up score, the status of the identified source process is transformed to the status of identified “suspect” source process.

Abstract: A computer-implemented method for neutralizing file-format-specific exploits contained within electronic communications may include (1) identifying an electronic communication, (2) identifying at least one file contained within the electronic communication, and then (3) neutralizing any file-format-specific exploits contained within the file. In one example, neutralizing any file-format-specific exploits contained within the file may include applying at least one file-format-conversion operation to the file. Additionally or alternatively, neutralizing any file-format-specific exploits contained within the file may include constructing a sterile version of the file that selectively omits at least a portion of any exploitable content contained within the file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, serves requests for the OCSP responses using the cache keys. For new certificates, a private CDN is pre-populated with an OCSP response for a certificate concurrent with that certificate being issued. Doing so effectively uses the PCDN as an origin server for OCSP responses, reducing CA infrastructure needs.

Abstract: Techniques are disclosed for accelerating online certificate status protocol (OCSP) response distribution to relying parties using a content delivery network (CDN). A certificate authority generates updated OCSP responses for OCSP responses cached in the CDN that are about to expire. In addition, the certificate authority pre-generates cache keys in place of CDNs generating the keys. The certificate authority sends the OCSP responses and the cache keys in one transaction, and the CDN, in turn, consumes the new OCSP responses using the cache keys.

Abstract: A computer-implemented method for applying data-loss-prevention policies. The method may include (1) maintaining a list of applications whose access to sensitive data is controlled by data-loss-prevention (DLP) policies, (2) detecting an attempt by a process to access sensitive data, (3) determining that the process has a parent-child relationship with an application within the list of applications, and (4) applying, based at least in part on the determination that the process has the parent-child relationship with the application, a DLP policy associated with the application to the process in order to prevent loss of sensitive data. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: An E-DRM remote caching system enables a user without a client side E-DRM access component to view E-DRM governed content on a variety of client devices. The user transmits inaccessible E-DRM governed content to be viewed to a the remote caching system. The remote system receives the content, temporarily stores it in a cache, and determines whether the user has sufficient rights to view the content. If the user does have sufficient access rights, the remote system transforms the content into a secure, viewable format and securely transmits it to the user. The user can view the E-DRM governed content without an E-DRM client side access component. The E-DRM remote caching system can add a unique digital marker to received content. The marker can be subsequently used to identify the origin of compromised content.

Abstract: A computer-implemented method for recovering virtual machines after disaster scenarios may include (1) identifying a request to restore a virtual machine disk backup image to a virtual machine disk, (2) in response to the request, identifying a block map of the virtual machine disk backup image, the block map identifying at least one allocated block as allocated on the virtual machine disk and at least one unused block as unused on the virtual machine disk, and then (3) restoring the allocated block from the virtual machine disk backup image to the virtual machine disk upon determining that the block map identifies the allocated block as allocated, but skipping restoration of the unused block from the virtual machine disk backup image to the virtual machine disk due to determining that the block map identifies the unused block as unused. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for injecting function calls into a virtual machine whereby a Function Call Injection (FCI) process is employed, through which a Secure Virtual Machine (SVM) is used to trigger desired function call invocations inside a Guest Virtual Machine (GVM) by externally manipulating the GVMs memory and CPU register contents using a security API. Once the triggered function is executed, control is then returned at the originating SVM invocation point. Therefore, the GVM state is manipulated to externally inject function calls, making it possible to create control appliances which do not require an in-GVM agent.

Abstract: A mobile computing device that runs a first mobile operating system scans and decodes an encoded link to a specific page in an app distribution site for a second mobile operating system. The mobile computing device can convert the link into a format usable by the first mobile operating system, and use the converted link to access and display the specific page. Rather than display the page in the app distribution site for the second mobile operating system, one or more links to corresponding apps in the format of the first mobile operating system can be located and displayed. To do so, the decoded link is used to glean relevant search terms, which are used to search an app distribution site for the first mobile operating system. The search results are displayed to the user.

Abstract: A computer-implemented method for detecting malware may include 1) identifying a file represented within a file system by a file name, 2) identifying a creation of a hard link to the file that uses an additional file name, 3) updating a database with an association between the file name and the additional file name, 4) identifying a file-closing operation within the file system and determining that the target file name of the file-closing operation was removed from the file system after the file-closing operation, 5) querying the database with the target file name and identifying an existing file name representing the file based on the association, and 6) scanning the existing file name for malware in response to the file-closing operation instead of scanning the target file name because the target file name was removed from the file system. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for replacing sensitive information stored within non-secure environments with secure references to the same may include (1) identifying sensitive information stored within a non-secure environment on a computing device, (2) removing the sensitive information from the non-secure environment, (3) storing the sensitive information within a secure environment, (4) replacing the sensitive information originally stored within the non-secure environment with a reference that identifies the sensitive information stored within the secure environment, (5) identifying a request to access at least a portion of the sensitive information identified in the reference, (6) determining that at least a portion of the request satisfies a data-loss-prevention policy, and then (7) providing access to at least a portion of the sensitive information via the secure environment. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: A computer-implemented method to protect against the release of information is described. The processor monitors for a communication with an unverified number. Upon detection of the communication with an unverified number, the processor monitors the communication for a protected string. Upon detection of a protected string, the processor performs an intervention action.

Abstract: A computer-implemented for sharing the results of computing operations among related computing systems may include: 1) identifying a need to perform a computing operation on a file, 2) identifying a unique identifier associated with the file, 3) determining, by using the unique identifier to query a shared store that is shared by a group of related computing systems, that at least one computing system within the group of related computing systems has previously performed the computing operation on an instance of the file, and then 4) retrieving the results of the computing operation from the shared store instead of performing the computing operation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for certifying client-side security for Internet sites may include 1) identifying an Internet site that is subject to a security evaluation, 2) retrieving at least one resource from the Internet site, 3) parsing the resource to determine that the resource includes at least one client-side security policy for an Internet client to enforce on the Internet site, and 4) certifying the Internet site as providing client-side security based on determining that the resource includes the client-side security policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for remedying corrupt backup images of host devices may include (1) identifying a backup image that represents a computing state of a host device at a specific point in time, (2) performing a data-corruption analysis on the backup image that represents the computing state of the host device to determine whether the backup image is corrupt, (3) determining that at least a portion of the backup image is corrupt based at least in part on the data-corruption analysis, and then (4) performing at least one remedial action to initiate remedying the corrupt portion of the backup image in response to determining that the portion of the backup image is corrupt. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques are disclosed for dynamically generating a digital certificate for a customer server. A customer server creates a certificate profile and receives an associated profile identifier from a certificate authority (CA). The customer server installs an agent application received from the CA. The agent application generates a public/private key pair and an identifier associated with the customer server. The agent application sends a signed request to the CA that includes the profile identifier, server identifier, and the public key corresponding to the key pair. Upon receiving the credentials, the CA generates a dynamically updatable certificate. Thereafter, if the customer changes information associated with the certificate (or if external conditions require a change to the certificate, such as a key compromise or change in security standards), the CA may generate an updated certificate based on the certificate profile changes and the public key.

Abstract: Techniques are disclosed for evaluating the effectiveness of a malware signature. A query tool translates a markup language malware signature definition into a database query. The query is then executed against a database of application features to identify software packages that the signature would identify as malware. The results of the query are compared with threat information stored in the database and classified as being true/false positives and true/false negatives.

Abstract: Techniques for improving performance of a backup system are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for improving performance of a backup system. The method may comprise performing a backup of a client device, tracking, using at least one computer processor, references to data segments that are located outside of a unit of storage associated with the backup, calculating utilization of the unit of storage associated with the backup based on the tracked references, determining if the calculated utilization meets a specified parameter, and determining one or more responsive actions in the event the calculated utilization meets the specified parameter.

Abstract: A method and apparatus for determining a disk array enclosure serial number comprising determining logical unit number (LUN) information regarding disk drives within a disk array of a storage system, determining port information for the storage system comprising the disk array, correlating the LUN information with the port information to uniquely identify each disk drive, and defining a disk array enclosure serial number using the LUN and port information related to each disk drive.

Abstract: The present disclosure enables remote device management. A programmatic interface is associated with each application plug-in. A web server included with the on-device agent provides access to the programmatic interfaces according to open standards such as HTML or XML. The present disclosure enables access to remote devices through existing infrastructure without the need for proprietary systems. An IT administrator or other administrator may remotely access and update software and hardware, track device data plan usage statistics, provide live support, and track current and historical device locations. An IT administrator or other user may update device settings, detect corrupt software, provide unattended installation of software, update applications while in use, and update applications sharing common files. IT administrators may employ the teachings of the present disclosure to provide customizable solutions for their own organization with features disclosed herein.