Abstract: A computer-implemented method for performing live backups may include identifying a request to perform a live backup on a volume of data. The computer-implemented method may also include creating a snapshot of the volume. The computer-implemented method may further include identifying each attempt to write to the volume during the live backup. The computer-implemented method may additionally include, for each write attempt, identifying a block of data that the write attempt will overwrite and copying the block of data to a backup queue before allowing the write attempt. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A system and method is disclosed for implementing a data loss prevention (DLP) system configured to protect sensitive data in conjunction with corresponding content indexing (CI) metadata. In response to detecting a data loss risk, such as to data at rest (e.g., stored on a file system) and/or to data in motion (e.g., data being transmitted across a network) the system may perform any number of data loss prevention actions, including sequestering the data. The system may utilize an interface to a content indexing system in order to discover CI metadata associated with the data and sequester the CI metadata associated with the data. One or more common sequestration rules may be applied to the sequestration of the data and of the metadata. For example, the data and metadata may be encrypted using the same key and/or sequestered in the same location.

Abstract: A computer-implemented method for deduplicating data is disclosed. The method may include identifying a request to transfer data from a client in a deduplication system to a server in the deduplication system. The method may also include determining, based at least in part on performance of the deduplication system, whether to deduplicate the data before transferring the data from the client to the server. The method may further include performing the following, the order of which is based on the determination: deduplicating the data and transferring the data from the client to the server. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented, server-side method for classifying unknown files based on user actions may include (1) identifying at least one file whose trustworthiness is unknown, (2) identifying a report received from at least one client device that identifies at least one action taken by a user within a user community when informed by security software on the client device that the trustworthiness of the file is unknown, (3) determining that the action taken by the user indicates that the user believes the file is trustworthy, (4) classifying the file as trustworthy based at least in part on the action taken by the user, and then (5) providing the file's classification to at least one computing device in order to enable the computing device to evaluate the trustworthiness of the file. Corresponding systems, encoded computer-readable media, and client-side methods are also disclosed.

Abstract: A computer-implemented method for integrating the management of a temporary email address within an email client application is described. An email client application is provided. A function of the email client application is modified. An attribute is added to the modified function. The attribute is configured to allow the selection of a temporary email address or a non-temporary email address. The selected email address is set as a default email address for the modified function.

Abstract: A computer-implemented method for revoking digital signatures may include (1) identifying an executable file signed with a digital signature, (2) determining that the executable file is subject to a revocation check used to determine whether the digital signature has been revoked, (3) classifying the executable file based on at least one attribute of the executable file, (4) determining, based on the classification of the executable file, that the executable file is a member of a revocation group, wherein a status identifier associated with the revocation group indicates whether any member of the revocation group has a digital signature revocation, (5) determining, based on the status identifier associated with the revocation group, that the digital signature of the executable file has potentially been revoked, and then (6) performing the revocation check on the executable file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for generating code-specific code-signing certificates may include (1) receiving a code-signing request from a software publisher to sign code, the code-signing request including both information that uniquely identifies the code and metadata that identifies at least one characteristic of the code, (2) signing the code by generating a unique, code-specific digital certificate for the code that is valid only for the code in question and includes at least a portion of the metadata contained within the code-signing request, and then (3) providing the code-specific digital certificate to the software publisher to enable the software publisher to attest that the code originated from the software publisher and has not been altered since leaving the software publisher's possession. Various additional methods, systems, and encoded computer-readable media are also disclosed.

Abstract: A computer-implemented method to block a domain based on an Internet Protocol (IP) address serving the domain is described. A trigger event on a first domain is detected. The IP address serving the first domain is identified. The identified IP address is compared with a list of IP addresses. The trigger event is blocked based on a determination that the identified IP address matches at least one IP address on the list.

Abstract: A method, system and apparatus for efficient storage of small files in a segment-based deduplication scheme by allocating multiple small files to a single data segment is provided. A mechanism for distinguishing between large files (e.g., files that are on the order of the size of a segment or larger) and smaller files, and starting a new segment at the beginning of a large file is also provided. A file attribute-based system for determining an identity of a small file at which to begin a new segment and then allocating subsequent small files to that segment and contiguous segments until a next small file having an appropriate attribute subsequently is encountered to begin a new segment is further provided. In one aspect of the present invention a filename hash is used for file attribute analysis to determine when a new segment should begin.

Abstract: A system and method for efficiently accessing large data storage subsystems with a different file format than a format used by running applications. A backup server is coupled to a data storage medium, and is configured to store data on the data storage medium according to a first file format. A client is coupled to the backup server and is configured to convey memory access requests for data stored in the data storage medium. The client is unable to decipher the first file format. A filter driver in the backup server is coupled to intercept the requests from the client. The filter driver is configured to decipher the first file format; spoof the existence of one or more spoofed files that do not exist on the data storage medium, wherein each of the one or more spoofed files corresponds to data stored on the data storage medium; and present the spoofed files to the client.

Abstract: A method and apparatus for defining the scope of a search is described. In one embodiment, user input is received, and the scope is defined, based on the user input, for a search of free-form text for information from any random rows within a tabular structure of source data. In one embodiment, the search is intended for finding, in the free-form text, a sub-set of data fragments that matches information from any single row within the tabular structure of the source data.

Abstract: A method of determining a clustering metric includes receiving a first set of transactions and a second set of transactions. For transaction i of the first set and transaction j of the second set, the method includes (a) determining an intersection set, (b) determining a union set; (c) computing a common linkage between transaction i and transaction j equal to the intersection set divided by the union set, and (d) incrementing index j and repeating steps (a)-(c). The method also includes (e) summing the common linkages between transaction i and the transactions of the second set, (f) normalizing the sum of the common linkages by a number of the second set, and (g) incrementing index i and repeating steps (a)-(f). The method further includes (h) summing the normalized common linkages and (i) normalizing the sum of the normalized common linkages by a number of the first set.

Abstract: The payload of a set of storage devices is encrypted using a payload key that is stored within the set of storage devices itself. However, the payload key is obtainable only if a user has access to n of the storage devices. A first set of keys can be distributed among a set of n storage devices, such that each key is usable to encrypt and/or decrypt a key stored on a different one of the n storage devices. The first set of keys is usable to encrypt portions of the information needed to regenerate another key (e.g., the payload key or a key used to encrypt the payload key). A different portion of the information needed to regenerate the other key is stored on each of the n storage devices. Accordingly, the other key cannot be obtained unless the user has access to all n storage devices.

Abstract: A computer-implemented method to detect scam on a communications device is described. An incoming communication is detected at the communications device. A determination is made as to whether a requested response message is detected. The requested response message is analyzed to determine whether the message is suspicious. A response message to the incoming communication is detected. The response message is blocked based on a determination that the requested response message is suspicious.

Abstract: A method and apparatus for sharing an exclusive lock for a resource amongst a defined plurality of applications. A first application to lock a resource is given a key. The first application may provide the key to other applications to allow those applications to simultaneously access the locked resource. Generally, the first application will only provide keys to applications that are compatible with the first application such that the applications having keys to a resource will be able to simultaneously access the resource without conflict.

Abstract: A method and apparatus for detecting potentially misleading visual representation objects to secure a computer is described. In one embodiment, the method includes monitoring visual representation object creation with respect to the browser, accessing verification information, wherein the verification information comprises commonly used user interface elements for forming legitimate system messages, examining web data associated with the created visual representation objects, wherein the web data is compared with the verification information to identify imitating content within the created visual representation objects and modifying at least one of the created visual representation objects to accentuate the imitating content.

Abstract: A method and apparatus for managing alert level of the user computer is described. In one embodiment, the method for dynamically adjusting an alert level for notifying a user as to at least one threat to a computer includes applying heuristic information to environment data to identify vulnerability indicia regarding a computer, wherein the environment data comprises at least one usage statistic related to a user associated with the computer and determining an alert level based on the vulnerability indicia, wherein the user is notified of at least one threat to the computer in accordance with the alert level.

Abstract: Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out.

Abstract: A computer-implemented method for restoring images may include (1) identifying an image to restore to a volume, (2) creating a synchronization map that reflects differences between the image and the volume, (3) intercepting at least one attempt to read from a region of the volume, (4) determining, based on the synchronization map, that the region has not yet been restored from the image, (5) copying the region from the image to the volume, (6) updating the synchronization map to reflect that the region has been restored, and (7) allowing the attempt to read from the region to proceed. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method and apparatus for enabling e-mail routing and filtering based on dynamic identities is presented. In one embodiment, the method includes provisioning a new e-mail address, and notifying an e-mail backend of the provisioned address wherein the provisioned address includes a list of authorized senders.