Abstract: Techniques for system recovery using change tracking are disclosed. In one particular exemplary embodiment, the techniques may be realized as a computer implemented method for providing system recovery using change tracking comprising receiving a request to write to electronic storage, identifying a region in the electronic storage region associated with the write request, setting a region indicator identifying the electronic storage region as dirty, and setting one or more portion indicators identifying one or more dirty portions of the electronic storage region.
Abstract: A method and apparatus for providing a secure domain name services by utilizing a hypervisor to provide an isolated execution environment in which a secure browser session can be instantiated. The secure browser session utilizes a secure DNS server to provide domain name services.
Abstract: Malware that is signed with multiple, valid credentials is detected. A central computer such as a server receives secure hashes of signed application bodies and immutable portions of corresponding digital signatures for a plurality of signed applications from a plurality of client computers. Received secure hashes of signed application bodies are compared. Multiple instances of a single signed application are identified based on the comparing of multiple received secure hashes of signed application bodies. Responsive to identifying multiple instances of the single signed application, received secure hashes of immutable portions of digital signatures corresponding to identified multiple instances of the single signed application are compared. Responsive to the results of this comparing, a potential maliciousness of the signed application is adjudicated.
Abstract: Techniques for detecting infected websites are disclosed. In one particular embodiment, the techniques may be realized as a method for detecting an infected website comprising receiving at least one redirection report from at least one security agent, receiving at least one malware report from the at least one security agent, analyzing correlation between the at least one redirection report and the at least one malware report, aggregating information from the at least one redirection report, the at least one malware report, and the correlation analysis, and detecting an infected website based on the aggregated information.
Abstract: A role based security infrastructure for data encryption that does not require a key management system is provided. For each defined role, a unique key pair is generated. To encrypt a data set, a random encryption key is generated on the fly, and used to encrypt the data. To allow a role access to an encrypted data set, the corresponding encryption key is encrypted with the public key of that role, and stored in association with the encrypted data set. To access an encrypted data set, a private key associated with a role allowed access is used to decrypt the copy of the associated encryption key, which has been encrypted using the corresponding public key and stored in association with the data set. The decrypted encryption key is then used to decrypt the encrypted data set.
Type:
Grant
Filed:
August 20, 2008
Date of Patent:
March 31, 2015
Assignee:
Symantec Corporation
Inventors:
Ynn-Pyng “Anker” Tsaur, William Troy Cochran
Abstract: A computer-implemented method for remediating a defective uninstaller during an upgrade of a product is described. A system is queried to identify the defective uninstaller. An executable application is streamed to a file in a temporary folder. The executable application is separate from the defective uninstaller. An internal database table is queried to generate a script file containing commands used to modify the defective uninstaller. The script file is executed with the executable application to modify the defective uninstaller.
Abstract: Various systems and methods for automated error recovery in workflows. For example, one method involves receiving an operation indication. The operation indication indicates an operation that is to be performed using a multi-tier application system that includes first and second applications. The first and second applications are implemented using different tiers of the multi-tier application system. The method involves accessing dependency information that indicates first data dependencies between the first and the second applications. The method further involves determining outcome of execution of the operation, where the determining is based on the dependency information but does not include executing the operation.
Abstract: An application is failed-over between containers on a single operating system instance. A container is associated with the application, and the application runs therein. An identifier of the container currently associated with the application is maintained as a member of the application group. A listing of a current state of each container is maintained, for example in a file. If the current container goes offline or faults, a separate container currently in an available state is identified, and the identifier of the current container in the application group is updated. The application is subsequently started-up in the separate, container, thereby failing-over the application between containers on the single operating system instance.
Abstract: A method for virtual disk usage transparency may include 1) identifying a secondary volume at a secondary site configured for synchronization with a primary volume at a primary site, 2) identifying a set of blocks present within the primary volume but not present within the secondary volume, 3) identifying a virtual disk file within the primary volume, the virtual disk file including at least one block within the set of blocks, 4) determining that the block represents an unused block within a guest file system configured to use the virtual disk file, 5) selecting a subset of the set of blocks to transmit from the primary site to the secondary site, where selecting the subset includes excluding the block from the subset, and 6) transmitting the subset of the set of blocks from the primary site to the secondary site. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A method and apparatus submitting information to be protected before permitting an outbound data transfer with the information is described. A DLP agent, incorporating a DLP submission tool, receives information of an outbound data transfer by the client computing system. The DLP agent can temporarily block the outbound data transfer and send a request to update a DLP policy to protect the information before permitting the outbound data transfer. The DLP agent subsequently receives receiving an indication that the DLP policy is updated to protect the information. After receiving the indication, the DLP agent permits the outbound data transfer.
Type:
Grant
Filed:
December 30, 2011
Date of Patent:
March 24, 2015
Assignee:
Symantec Corporation
Inventors:
Ajil Koshy, Milind Torney, Manish V. Pai
Abstract: Disclosed is a flood attack detection method, wherein the total number of keywords of a source packet is acquired, and the number of feature parameters corresponding to the source packet is acquired. A ratio of the number of feature parameters to the total number of keywords is compared with a preset threshold, and if the ratio is greater than or equal to the preset threshold, it is determined that a flood attack occurs.
Abstract: A computer-implemented method for performing incremental backups may include 1) identifying a volume of data previously subjected to a backup, 2) determining a time to perform an incremental backup of the volume, the incremental backup being incremental with respect to the backup, and, at the time of the incremental backup, 3) identifying a list of files changed on the volume since the backup, 4) identifying a map of blocks changed on the volume since the backup, and 5) including, in the incremental backup, each block within at least one file that is indicated as changed in the map of blocks. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for performing first failure data captures may include 1) identifying a process that has failed within an old process context and is undergoing a first failure data capture within the old process context, 2) identifying at least one resource allocated within the old process context and required for restarting the process in a new process context, 3) freeing the resource from the old process context before terminating the process within the old process context, and 4) initiating the process in the new process context before the process within the old process context has terminated. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for migrating files to tiered storage systems may include 1) identifying at least one file to migrate from a first file system to a second file system, where the second file system may include a plurality of storage tiers, 2) identifying file metadata associated with the file as stored on the first file system, 3) before writing the file to the second storage system, selecting a storage tier from the plurality of storage tiers based at least in part on the file metadata, and 4) writing the file directly to the selected storage tier within the second file system to avoid moving the file to the selected storage tier after writing the file to the second file system. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: A computer-implemented method for archiving files in distributed replication environments may include 1) identifying a distributed file system replication environment, the distributed file system replication environment including a plurality of computing systems configured to replicate changes made to files within each computing system in the plurality of computing system to each other computing system in the plurality of computing systems, 2) identifying a request to archive a file located on a computing system within the distributed file system replication environment, and, in response to the request 3) identifying a virtual storage layer mapped to a location of the file and 4) archiving the file by creating a placeholder file for the file in the virtual storage layer mapped to a location of the file on the computing system. Various other methods, systems, and computer-readable media are also disclosed.
Abstract: Techniques for providing data in dynamic account and device management are disclosed. In one particular exemplary embodiment, the techniques may be realized as a system for providing data in dynamic account and device management. The system may comprise one or more processors communicatively coupled to a network. The one or more processors may be configured to identify a user device to be managed. The one or more processors may be configured to transmit a request for delegate authority to manage the user device. The one or more processors may be configured to receive delegate authority to manage the user device. The one or more processors may be configured to provide network access to the user device. The one or more processors may also be configured to manage the user device and monitor data communicated to and from the user device.
Abstract: A computer-implemented method for identifying malware is described. Event data is received from a mobile device. The event data including events performed on the mobile device and a list of one or more applications. The list of the one or more applications is compared with at least one additional list of applications received from at least one additional mobile device. An application in common across the lists of applications is identified. The identification of the application in common to is transmitted to the mobile device.
Type:
Grant
Filed:
September 14, 2012
Date of Patent:
March 17, 2015
Assignee:
Symantec Corporation
Inventors:
Barry Laffoon, Abubakar Wawda, Jun Mao, Bruce McCorkendale
Abstract: A method and apparatus for providing a multipathing connection to a storage volume, where in one embodiment, the invention prohibits the disk driver from reading the storage parameter information (e.g., table of contents) upon initialization. The method commences with a multipathing disk driver determining at least on active port and at least on passive port for the storage volume. The disk driver then sends a request via the active port to the storage volume for the storage parameter information that is contained in the disk array. After the host computer's operating system disk driver receives the storage parameter information, it copies the information and distributes the information to the port definitions for the passive ports. Consequently, the ports are defined without causing a failover within the storage volume.
Type:
Grant
Filed:
April 26, 2004
Date of Patent:
March 17, 2015
Assignee:
Symantec Operating Corporation
Inventors:
Shiv Rajpal, Ajay P. Salpekar, Margaret Kwong
Abstract: A method and apparatus for processing a transform function and parameter information to represent data files is described. In one embodiment, the method includes processing at least one data file to identify a reference file, a transform function and parameter information and storing the transform function and the parameter information, wherein the transform function and the parameter information is applied to the reference file to create the at least one data file.
Type:
Grant
Filed:
June 30, 2008
Date of Patent:
March 17, 2015
Assignee:
Symantec Corporation
Inventors:
Deepak Tanksale, Srineet Sridharan, Basant Rajan
Abstract: A system and method for replicating a set of files from a source computer system to a target computer system are described. The underlying extent structure of the files may be preserved. For example, if an original file on the source computer system has a particular number of extents then the copy of the file created on the target computer system may have the same number of extents, where each respective extent in the copy represents the same byte range of the file as its corresponding extent in the original file. The file systems employed on the source computer system and the target computer system may support different extent types. The extent types of the original files stored on the source computer system may be preserved in the copies of the files on the target computer system.