Abstract: Method, apparatus, and computer readable medium for monitoring code injection in a computer is described. In some examples, at least one application programming interface (API) call configured to inject data into a process executing on the computer is intercepted. The data is parsed to identify instruction code to be performed by the process. The instruction code is compared with instances of predetermined instruction code to produce a score for the instruction code. The data is prevented from being injected into the process in response to the score satisfying a threshold score. The data may be allowed to be injected into the process in response to the score not satisfying the threshold score.

Abstract: A computer-implemented method for data loss prevention may include intercepting a packet sent by an application of an endpoint. The computer-implemented method may also include extracting file-identification information from the packet. The computer-implemented method may further include identifying a list of opened files and matching the file-identification information to a file in the list of opened files. The computer-implemented method may additionally include identifying a data-loss-prevention policy that applies to the file. The computer-implemented method may moreover include filtering the packet based on the data-loss-prevention policy. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for providing a secure authentication process is described. In one embodiment, a method for a method for providing a secure authentication process includes monitoring login activity of at least one authentication process associated with a computer resource and analyzing the login activity to identify suspicious login activity associated with user credentials.

Abstract: Techniques for providing missed arrival notifications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing missed arrival notifications comprising: receiving, from a user associated with a client device, travel information that indicates at least an expected destination and an expected route to the expected destination, tracking, on a notification system, the client device's progress in traveling the expected route to the expected destination, determining, on the notification system, whether the client device has deviated from the expected route to the expected destination, and initiating, on the notification system, an alert escalation procedure in response to determining that the client device has deviated from the expected route to the expected destination.

Abstract: A monitor detects a policy violation on a computing device, wherein the policy violation includes a user attempt to perform an operation to move data that includes sensitive information off the computing device. The monitor determines whether one or more previous policy violations have occurred on the computing device. The monitor performs an action to minimize a risk of data loss based on the one or more previous policy violations.

Abstract: A computer-implemented method may include identifying an action associated with a software program. The computer-implemented method may also include determining that the software program is located in a virtualization layer. The computer-implemented method may further include changing an activation state of the virtualization layer in response to the action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Computer-implemented methods, systems, and computer-readable media for performing optimized backups of multiple volumes are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) identifying a plurality of volumes, 2) prior to backing up the plurality of volumes, obtaining information that indicates that at least one volume within the plurality of volumes comprises at least one shared region of memory that is identical to a region of memory on at least one other volume within the plurality of volumes, and 3) when creating backups of the plurality of volumes, backing up each shared region of memory a single time so that the backups of the plurality of volumes share a single copy of each shared region of memory.

Abstract: The present invention provides for an efficient method, apparatus, and system for updating file system information when shared memory contents are moved from one physical location in memory to another. Traditional file systems manage such memory movement at the granularity of physical memory blocks. However, it will often be the case that multiple blocks will be moved, and the present invention takes advantage of the fact that it is more efficient to process the shared memory movement of memory contents at the granularity of an extent. The invention employs a data structure, where each record in the data structure contains information about the shared memory extents of the file system.

Abstract: A computer-implemented method for implementing multi-factor authentication may include 1) receiving, as part of a secondary authentication system, an authentication request from a client system, 2) redirecting the client system to first perform a first authentication with a primary authentication system in response to receiving the authentication request, 3) receiving an assertion of the first authentication from the client system that demonstrates that the first authentication was successful, and 4) performing a second authentication with the client system in response to receiving the assertion of the first authentication. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method for restoring list items to a database while maintaining the referential integrity of the list items. Before requested list items are restored to a database, a dependencies tablemetadata is read to determine the links between list items of the database. A map is created, and the links between list items are stored in the map. When the requested list items are restored to the database, the requested items and any dependent items are identified from the map and restored to the database. By restoring the dependent items of the selected item to be restored, referential integrity of the database is maintained.

Abstract: A method for provisioning a mobile device with a secret to be used as a basis for generating One-Time passwords includes receiving a first request using a first communications method. The first request includes a mobile device identifier. The method also includes sending a credential message using a second communications method. The credential message includes an authentication credential. The method also includes receiving a second request using a third communications method different from the second communications method. The second request includes information based upon the authentication credential sent by the provisioning service. The method also includes sending the secret if the authentication credential in the credential message corresponds to the information based upon the authentication credential in the second request.

Abstract: A system, method, and computer program product for detecting malware in a software package on a computer having an operating system is disclosed. A software package can include various files and processes. A process monitoring module monitors a process associated with the software package and detects when the monitored process requests access to a system process or other operating system object. A constrained process manager provides a constrained object to the monitored process in response to the request. The constrained object generally has less access to computer system resources than the system process. A malware detection module then observes interactions between the monitored process and the constrained object and determines whether the monitored process contains malware based on these interactions.

Abstract: A computer-implemented method for disaster recovery of multi-tier applications may include 1) identifying a multi-tier application that is provisioned with a plurality of production clusters at a production site, 2) identifying a disaster recovery site including a plurality of recovery clusters, 3) identifying, at the disaster recovery site, a failure of the multi-tier application at the production site, and 4) initiating, from the disaster recovery site, a migration of the multi-tier application from the production site to the disaster recovery site. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A message transfer agent generates specific error codes indicating that it has adjudicated specific received email traffic to comprise spam. The message transfer agent transmits the generated specific error codes to the sources of the specific received email traffic. An antispam computing device filters email traffic, and receives the error codes transmitted by the message transfer agent to the sources of email traffic. The antispam computing device interprets the specific received error codes as indicating that the message transfer agent adjudicated the specific email traffic to comprise spam. In response, the antispam computing device can block email traffic from these sources, such that the blocked email traffic does not reach the message transfer agent.

Abstract: A computer-implemented method for providing backup interfaces may include (1) identifying a backup policy configured to back up a source system according to a backup configuration, (2) identifying a request to display the backup policy within a graphical user interface, and in response to the request, (3) portraying the backup policy within the graphical user interface as a flow diagram, the flow diagram including (i) a first box representing the source system, the first box displaying an identifier of the source system, (ii) a second box representing a backup stage of the backup policy, the second box displaying an identifier of the backup stage, and (iii) a directed edge connecting the first box and the second box, the directed edge indicating a sequence beginning with the first box and progressing to the second box. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Embodiments of the present invention are directed to a method and system for managing resources. The method includes receiving a request, within an electronic system, which corresponds to an object of a file system and accessing a local data structure. The data structure comprises information corresponding to a plurality of inode numbers. The method further includes performing the request and updating the local data structure based on the request. The updating of the local data structure is independent of a plurality of data structures of a cluster of servers.

Abstract: The role of a user within an organization is automatically determined based on the classification of applications and content on the user's computer. Applications and files installed on a user's computer are identified. Identified applications and files that are not indicative of the role of the user within the organization are filtered out. The non-filtered out applications are functionally classified according to associated roles within the organization, based on predetermined functional classification information. The non-filtered out files are also functionally classified, based on predetermined functional classification information concerning types of files associated with specific organizational roles. The content of files that are of types not indicative of the user's organizational role can be analyzed, and these files can be functionally classified based on their content. The functional classifications are used in determining the role of the user.

Abstract: A computer-implemented method for achieving file-level data-protection operations using block-level technologies may include: 1) identifying an I/O operation directed to at least one data block on a primary storage system, 2) accessing a data-protection list that uniquely identifies files that are to be protected by a data-protection operation, 3) determining that the I/O operation is directed to at least a portion of at least one file identified on the data-protection list, and then, in response to the determination, 4) performing the data-protection operation on the I/O operation. Various additional methods, systems, and configured computer-readable media are also disclosed.

Abstract: Various embodiments of a system and method for backing up data from a plurality of backup server computers in a first backup storage tier to a backup server computer in a second backup storage tier are disclosed. According to one embodiment of the method, a group of backup data sources may be associated with a writer on the backup server computer. Each backup data source may comprise data to be backed up from one of the backup server computer systems in the first backup storage tier. The writer may keep track of the write speed at which data from the group of backup data sources is written to a target storage device, and the number of backup data sources in the group may be automatically adjusted based on the write speed.

Abstract: Systems, methods, and computer-readable memory media for performing various methods for verification of inode metadata are disclosed. This may be done, in various embodiments, by splitting the metadata for a given inode into two or more components. Each component may then be transmitted as an inode message from, for example, a data server to a backup server. Counters may be used to determine if all messages have been received for a group of inodes. Temporary data structures may be created dynamically to aid in the verification of the inode metadata. In one embodiment, received inode metadata is used to indicate the presence (e.g., in a catalog) of an invalid reference from a child inode to its parent inode. A metadata catalog may be created and used during the restore process to “browse” a portion of the backed up data.