Abstract: A method for fast incremental replication of a file system. The method includes, at a data storage level, tracking file system status for a plurality of files by using a data structure inside respective inodes for the plurality of files, and at a file system level, tracking file system status for a plurality of files by using a file system mask structure. For all files present in a backup, a catalogue of the file path name and inode number is maintained on a source file system. During incremental backup, a source file system data structure enumerating a plurality of modified inodes is consulted. For inodes that have not been marked as removed or created, the file system mask structure that tracks modified portions is consulted to obtain a file incremental change and inodes. The method further includes performing incremental backup using the inodes that have been modified and appended.

Abstract: Shared storage access management systems and methods are presented. A method can comprise: performing an endpoint I/O source authority tracking process in which permission of an endpoint I/O source to perform an I/O with at least a portion of an endpoint storage target is tracked at least in part based on a corresponding endpoint I/O source ID value, and performing an I/O operation based upon results of the endpoint I/O source authority tracking process. In one embodiment, the endpoint I/O source ID value is associated with an endpoint I/O source that is a virtual machine. The endpoint I/O source ID value can be unique and can be bound to an endpoint I/O source. In one exemplary implementation, the endpoint I/O source ID value does not depend upon intermediate communication channel characteristics between a corresponding endpoint I/O source and endpoint storage target.

Abstract: A method for defining and managing a composite service group for a cluster based computer system is disclosed. The method includes instantiating a plurality of application units on a cluster based computer system, wherein the application units implement a business service. The method further includes receiving a composite service group definition, wherein a composite service group enumerates application units, out of the plurality of application units, that implement the business service, and generating a consolidated status of the composite service group. The business service is then started (online)/stopped (offline)/migrated/failed-over/failed-back in accordance with the consolidated status, as a single unit, by using the composite service group.

Abstract: A computer-implemented method may create a first full backup of a set of data units at a first point in time. The method may create, at a second point in time, a representation of one or more data units in the set of data units that have been modified since the first point in time. The method may determine, based at least in part on the representation of one or more data units that have been modified since the first point in time, a difference between a state of the set of data units at the first point in time and a state of the set of data units at the second point in time. The method may use the difference to update the first full backup to a second full backup that comprises modifications made to the set of data units between the first and second points in time.

Abstract: A computer-implemented method for defending an attack from the execution of shellcode is described. Elements within a dynamically linked library (dll) may be duplicated. The dll resides in a first memory space. The duplicated elements may be redirected into a second memory space. A protection attribute may be established for the elements within the second memory space. A location of execution code attempting to access the elements within the second memory space may be determined. The execution code may be prevented from being executed based on the determined location.

Abstract: A computer-implemented method for facilitating access to shared resources within computer clusters may include (1) identifying a quick response code captured by at least one computing system, (2) identifying information encoded in the quick response code captured by the computing system, (3) determining that the information encoded in the quick response code contains an activation key that facilitates activation of a software application, then (4) applying, in response to this determination, the activation key to the software application in order to activate the software application without requiring a user of the software application to manually enter the activation key. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: In a centralized credential management system, website credentials are stored in a vault storage at a vault. The website credentials are encrypted based upon a key not available to the vault and are for authenticating a user to a third party website. Through a client, a user authenticates to the vault and retrieves the encrypted website credentials and parameters and code for properly injecting the credentials into a website authentication form. The website credentials are decrypted at the client and injected into the authentication form using the parameters and code.

Abstract: Method and apparatus for preventing concurrency violations among resources in a clustered computer system is described. In one example, a system call is intercepted at a node in the clustered computer system. The system call identifies a target resource. An assigned state of the target resource with respect to the node is determined. The system call is handled at the node based on the assigned state. For example, the system call may be intended to bring the target resource online. The system call is handled by failing the system call at the node if the assigned state indicates that the target resource should be offline at the node. The target resource is allowed to be brought online if the assigned state indicates that the target resource can be online.

Abstract: Techniques for adaptive data transfer are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for adaptive data transfer comprising receiving a write request at an application protocol layer, buffering the write request, transferring to electronic storage a first portion of data of the buffered write request using a first setting value in a range, measuring, a transfer rate of the first portion of transferred data, varying the first setting value by a small amount in a first direction to identify a second setting value, transferring to electronic storage a second portion of data of the buffered write request using the second setting value, measuring a transfer rate of the second portion of transferred data, and replacing the first setting value with the second setting value if the transfer rate of the second portion of transferred data is greater than the first transfer rate.

Abstract: A method for assessing network safety using a computer health metric comprises processing internet resource information, wherein a portion of the internet resource information comprises one or more internet resources that were accessed during a period of network activity associated with an impact on a computer health and analyzing one or more internet resource to determine a candidate internet resource, wherein a candidate internet resource is related to the impact on computer health.

Abstract: Systems and methods for fault handling are presented. In one embodiment, a fault handling method includes: performing an error type detection process including determining if an error is a media error or a connectivity error; performing a detachment determination process to establish an appropriate detachment scenario, wherein the appropriate detachment scenario includes not detaching any mirrors if the connectivity error involves all mirrors; and returning an application write with a failure. In one embodiment, the detachment determination process detaches a mirror in accordance with results of a read-write-back process. In one exemplary implementation, the detachment determination process includes a connectivity status inquiry and mirrors are detached in accordance with results of the connectivity status inquiry. In one exemplary implementation, the connectivity status inquiry includes a SCSI connectivity inquiry.

Abstract: A method of providing web site verification information to a user can include receiving a DNS query including a host name and a seal verification site name, parsing the DNS query, and extracting the host name from the DNS query. The method also can include accessing a DNS zone file including a list of Trust Services customers and determining if the host name is associated with a Trust Services customer in the list of Trust Services customers. The method further can include transmitting a positive identifier to the requester if the host name is associated with a Trust Services customer and transmitting a negative identifier to the requester if the host name is not associated with a Trust Services customer. In a specific embodiment, the Trust Services include issuance of digital certificates.

Abstract: A computer-implemented method for alternating malware classifiers in an attempt to frustrate brute-force malware testing may include (1) providing a group of heuristic-based classifiers for detecting malware, wherein each classifier within the group differs from all other classifiers within the group but has an accuracy rate that is substantially similar to all other classifiers within the group, (2) including the group of classifiers within a security-software product, and (3) alternating the security-software product's use of the classifiers within the group in an attempt to frustrate brute-force malware testing by (a) randomly selecting and activating an initial classifier from within the group and then, upon completion of a select interval, (b) replacing the initial classifier with an additional classifier randomly selected from within the group. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A method for file lock recovery in a distributed computer system. The method includes executing a distributed computer system having a plurality of nodes comprising a cluster, and initiating a network file system server fail over from one node of the cluster to an adoptive node of the cluster. File lock services are then stopped at the adoptive node. File lock services are subsequently restarted at the adoptive node, wherein the restart causes the adoptive node to commence a grace period for other network file system clients to connect to the adoptive node and reclaim file locks. After restarting file lock services, a cluster file system is updated on the adoptive node with process identifiers, and file lock services are resumed at the adoptive node. The cluster file system can be simultaneously exposing the file lock services to other clients as well, like CIFS, etc.

Abstract: Mitigating a network security threat is disclosed. Information associated with a data protection event is received. The received information is evaluated for an indication of a network security threat. One or more remedial actions are performed if it is determined that a potential threat has been indicated. Optionally, the received information is stored.

Abstract: A method and apparatus for handling fuzziness in sensitive keywords from data loss prevention (DLP) policies. In one embodiment, the method includes identifying a keyword included in a DLP policy, generating multiple permutations of the keyword, and adding the multiple permutations to the DLP policy. The method further includes causing information content to be searched for the keyword permutations to detect a violation of the DLP policy in the information content.

Abstract: A computer-implemented method for securing access to kernel devices may include (1) identifying a context proxy privileged to access a secure device interface for a device, (2) receiving a request from the context proxy to allow a user-mode process to access a non-secure device interface for the device, (3) receiving a request from the user-mode process to access the non-secure device interface, and then (4) allowing the user-mode process to access the non-secure device interface directly based on the request from the context proxy. Various other methods and systems are also disclosed.

Abstract: A computer-implemented method for creating customized confidence bands for use in malware detection may include 1) identifying a portal for receiving executable content, 2) identifying metadata relating to the portal, 3) analyzing the metadata to determine what risk executable content received via the portal poses, and then 4) creating, based on the analysis, a confidence band to apply during at least one disposition of executable content received via the portal. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method for migrating virtual machines may include: 1) identifying a request to migrate a virtual machine from a primary site to a secondary site, the primary site including a primary storage device used by the virtual machine and configured for asynchronous replication to a secondary storage device at the secondary site, 2) identifying a difference map that reflects differences between data on the primary storage device and the secondary storage device, 3) initiating the virtual machine at the secondary site, 4) intercepting an input/output attempt from the virtual machine at the secondary site to the secondary storage device, 5) determining, based on the difference map, that a region of the input/output attempt has not been synchronized from the primary storage device, and 6) retrieving the region from the primary storage device before allowing the input/output attempt to proceed. Various other methods, systems, and computer-readable media are disclosed.

Abstract: A method for maintaining group membership records includes 1) maintaining a record of group memberships for a membership hierarchy, the membership record identifying a direct relationship between a first object and a second object in the membership hierarchy, 2) receiving a membership update indicating that, as of a first point in time, a direct relationship between the second object and a third object changed, 3) updating the record of group memberships to reflect the change in the relationship between the second object and the third object, 4) deducing, based on the membership update and the record of group memberships, a change in an indirect relationship between the first object and the third object as of the first point in time, and 5) providing a view of object relationships within the membership hierarchy as the object relationships exist at the first point in time and a historical record of object relationships.