Abstract: A method and apparatus for examining network traffic and automatically detecting anomalous activity to secure a computer is described. In one embodiment, the method includes examining network traffic that is directed to at least one endpoint computer, accessing profile information associated with the at least one endpoint computer to determine confidence indicia associated with each portion of the network traffic, comparing the confidence indicia with heuristic information to identify anomalous activity for the at least one endpoint computer and communicating indicia of detection as to the anomalous activity to the at least one endpoint computer.

Abstract: An unlabeled sample is classified using clustering. A set of samples containing labeled and unlabeled samples is established. Values of features are gathered from the samples contained in the datasets and a subset of features are selected. The labeled and unlabeled samples are clustered together based on similarity of the gathered values for the selected subset of features to produce a set of clusters, each cluster having a subset of samples from the set of samples. The selecting and clustering steps are recursively iterated on the subset of samples in each cluster in the set of clusters until at least one stopping condition is reached. The iterations produce a cluster having a labeled sample and an unlabeled sample. A label is propagated from the labeled sample in the cluster to the unlabeled sample in the cluster to classify the unlabeled sample.

Abstract: A computer-implemented method for providing access to data accounts within user profiles via cloud-based storage services may include (1) identifying a user profile associated with a user of a cloud-based storage service, (2) identifying a plurality of data accounts within the user profile associated with the user of the cloud-based storage service, (3) detecting a request from a client-based application associated with the user of the cloud-based storage service to access at least a portion of data stored in a data account within the user profile, (4) locating a unique account name that identifies the data account in the request, and then (5) satisfying the request from the client-based application associated with the user to access the portion of data stored in the data account via the cloud-based storage service. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Method and apparatus for securing confidential data related to a user in a computer is described. In one example, rules are obtained that provide a representation of the confidential data. A storage system in the computer is searched using the rules to detect a file having at least a portion of the confidential data. The file is encrypted the in-place within the storage system using symmetric encryption based on a secret associated with the user.

Abstract: A computer-implemented method for archiving and displaying lengthy documents based on content priority levels may include (1) identifying a document that is to be archived, (2) identifying at least one section of content within the document, (3) identifying a priority level associated with the section of content within the document that prioritizes access to the section of content relative to at least one other section of content within the document, (4) archiving the document based at least in part on the priority level associated with the section of content, and (5) providing prioritized access to content within the archived document in accordance with the priority level associated with the section of content in order to allow a user to access a portion of the archived document without having to access the entire archived document. Various additional methods, systems, and encoded computer-readable media are also disclosed.

Abstract: A computer-implemented method for detecting malware on mobile platforms may include (1) identifying an application on a mobile computing platform subject to a malware evaluation, (2) transmitting the application to a security server, (3) providing emulation information to the security server, the emulation information relating to emulating the mobile computing platform, (4) receiving a result of the malware evaluation as performed by the security server, the malware evaluation including the security server using the emulation information to execute the application within an emulation of the mobile computing platform, and (5) performing a security action based on the result of the malware evaluation. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Systems and methods for computer virus detection are presented. In one embodiment; an computer virus detection method includes: receiving an indication of a change to a file; performing a virus analysis process, including executing the changes to the file in a virtual machine and examining results of the executing the changes; and handling the file based upon the virus analysis. The virus analysis can be performed in a system in which the change to the file occurs. Handling the file can include treating the file as potentially infected with a virus based upon the virus analysis. In one exemplary implementation, examining the results includes comparing the results of executing the changes to the file to other results from executing changes to another file, wherein the file is identified as potentially infected with a virus if the examining results indicates the results of executing the changes to the file are similar to results from executing changes to another file.

Abstract: Systems, methods, apparatus and software can utilize a markup language to import and export data that is archived using a backup and restore system. An export utility extracts data produced or processed by an application program, converts it into a markup language format, and provides it to a backup and restore system. An import utility extracts data in a markup language format, converts it to another format, and provides the data for use by the application program. In one example, the application program is a database management system.

Abstract: Disclosed is a method implemented by a computer system that comprises a file system. The file system comprises first, second, third, and fourth directories wherein the first and second directories are sub-directories of the third directory, the third directory is a sub-directory of the fourth directory, the first directory stores only files identified by a first file extension, the second directory stores only files identified by a second file extension, and the first and second file extensions are distinct. In one embodiment, the method comprises receiving first and second requests to open first and second files, respectively, that are contained in the file system. The first and second requests comprise first and second file system paths, respectively. The first file system path comprises a first file name, and the first file name comprises the first file extension. The second file system path comprises a second file name, and the second file name comprises the second file extension.

Abstract: Method and apparatus for file sharing between continuous and scheduled backups is described. One example relates to backing up source data stored by a computer system. A first portion of the source data is backed up at points in time in response to a backup schedule to produce a plurality of partial backups. A second portion of the source data is backed up continuously in response to changes of the second portion to maintain a replica of the second portion. The replica of the second portion is linked to the plurality of partial backups to produce a respective plurality of full backups of the source data.

Abstract: A system and method for managing a resource reclamation reference list at a coarse level. A storage device is configured to store a plurality of storage objects in a plurality of storage containers, each of said storage containers being configured to store a plurality of said storage objects. A storage container reference list is maintained, wherein for each of the storage containers the storage container reference list identifies which files of a plurality of files reference a storage object within a given storage container. In response to detecting deletion of a given file that references an object within a particular storage container of the storage containers, a server is configured to update the storage container reference list by removing from the storage container reference list an identification of the given file. A reference list associating segment objects with files that reference those segment objects may not be updated response to the deletion.

Abstract: An endpoint on a network uses detection data to detect a malicious software attack. The endpoint identifies content associated with the attack, such as a component of a web page, and generates a description of the content. The endpoint sends the description to a security server. The security server analyzes the content and identifies characteristics of the content that are present when the content is carried by network traffic. The security server generates a traffic signature that specifies the identified characteristics and provides the traffic signature to inspection points. The inspection points, in turn, use the traffic signature to examine network traffic passing through the inspection points to detect network traffic carrying the content. The attack detection at the endpoint thus informs the traffic signature-based detection at the inspection points and reduces the spread of malicious software.

Abstract: Techniques are disclosed for restoring a system volume on a computing system without requiring the system volume to be fully restored prior to being used or requiring the use of a dedicated recovery environment (e.g., the WinPE or BartPE environments). Instead, the computing system is booted directly from the restore image or by redirecting I/O interrupts to the restore image. That is, when user initiates a restore process, the system boots from the backup itself. Once booted, a background process can complete the restore process.

Abstract: Techniques are disclosed for restoring a system volume on a computing system without requiring the system volume to be fully restored prior to being used or requiring the use of a dedicated recovery environment (e.g., the WinPE or BartPE environments). Instead, the computing system is booted directly from the restore image or by redirecting I/O interrupts to the restore image. That is, when user initiates a restore process, the system boots from the backup itself. Once booted, a background process can complete the restore process.

Abstract: Malware with fake or misleading anti-malware user interfaces (UIs) are detected. Processes running on a computer system are monitored and their window creation events are detected. The structures of the created windows are retrieved to detect presence of UI features that are commonly presented in known fake or misleading anti-malware UIs (“fakeAVUIs”). If a window includes a UI feature commonly presented in known fakeAVUIs, that window is determined suspicious and additional tests are applied to determine the validity of information in the window. If the information in the window is determined invalid, then the process that created the window is determined to be malware and a remediating action is applied to the process.

Abstract: The present disclosure provides for efficiently creating a full backup image of a client device by efficiently communicating backup data to a backup server using a change tracking log, or track log. A present full backup image can be created using a track log that is associated with a previous full backup image. The client device can determine whether files, which were included in the previous full backup image, have or have not changed using the track log. The client device can transmit changed file data to the backup server for inclusion in the present full backup image. The client device can also transmit metadata identifying unchanged file data to the backup server. The backup server can use the metadata to extract a copy of the unchanged file data from the previous full backup image for inclusion in the present full backup image.

Abstract: An automated wireless synchronization platform allows users to synchronize files and folders between devices, while transparently providing content transformation services. The content transformation services ensure that content is synchronized to target devices in the appropriate format, at a proper balance of size and quality to be ideally output on the target devices.

Abstract: Security policy changes can be implemented for a user or a user group based on behaviorally-derived risk information. A behavior-receiving module receives information about user behaviors for the user across various clients with which the user interacts. An attribute-receiving module receives one or more user attributes identified for a user. A profile-generating module generates a user risk profile for the user based on the received information about the user behaviors and the received user attributes. A user scoring module assigns the user a user risk score based on an evaluation of the user risk profile for the user. Similarly, groups of users can be given group risk scores, or users can have combined group/user scores. Finally, a remediation module automatically establishes a security policy requiring remediative actions for the user (or user group) based on the user risk score or combined score (or group score).

Abstract: A system and method for passing data access information to a disk array are provided. Data access statistics are received from a first source. Thereafter, a determination is made as to whether such data access statistics are to be included in a list of data access statistics. A frequency analysis is then performed by a disk array using the list of data access statistics. An assignment of data to storage blocks within the disk array is then made according to results of the frequency analysis.

Abstract: Reclamation of storage space in presence of copy-on-write snapshot. In one embodiment, a reclamation command is generated. In response to generating the reclamation command, first data held within one storage device is copied to another storage device via a communication link. One or more first physical memory regions of the one storage device, which stores the first data, is allocated to a first region of a data volume. The other storage device is configured to store a copy-on-write snapshot of the data volume. In response to copying the first data, de-allocate the one or more first physical memory regions from the first data volume region.