Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: Method and system for protecting an executing environment from malicious code elements, one exemplary method including compiling a set of trustworthy code elements, each code element being executable using an application. The method further includes determining whether the file contains an embedded code element. If the file contains an embedded element, the embedded code element can be authenticated based on the stored set of code elements, to determine whether the embedded code element is trustworthy. Access to the file can be enabled in response to an authentication result that the embedded code element is trustworthy.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: The disclosed embodiments include a method for retroactively analyzing original input content to detect malicious content in a computer system, in which the original input content has been previously processed to generate modified input content and prevented from being received by an intended recipient. The method includes accessing the original input content or a characteristic associated with the original input content, and analyzing it based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was generated. When it is determined that the original input content includes suspected malicious content, the method includes analyzing the modified input content to determine whether the modified input content includes the suspected malicious content.

Abstract: Systems and methods for disarming malicious code in digitally-signed content are provided. An example method includes determining that content is associated with a first digital signature, modifying at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content, and signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method for disarming malicious content in a computer system. The method includes accessing input content intended for a recipient of a network, automatically modifying at least a portion of digital values of the input content to render inactive code that is included in the input content intended for malicious purpose, the modified input content being of the same type as the accessed input content, enabling access to the modified input content by the intended recipient, analyzing the input content according to at least one malware detection algorithm configured to detect malicious content, and enabling access to the input content by the intended recipient when no malicious content is detected according to the at least one malware detection algorithm.

Abstract: Systems and methods of disarming malicious code in protected content in a computer system having a processor are provided. The method includes determining that a received input file intended for a recipient is protected, the recipient may be connected to a network; accessing a credential associated with the intended recipient for accessing the protected input file; accessing the content of the protected input file based on the credential; modifying at least a portion of digital values of the content of the input file configuring to disable any malicious code included in the input file, thereby creating a modified input file; and protecting the modified input file based on the credential associated with the intended recipient. The method also includes forwarding the protected modified input file to the intended recipient in the network.

Abstract: The disclosed embodiments include a method of disarming active content in a received input file in a computer system having a processor. The method includes steps for identifying from digital content of the input file, targeted active content associated with with an automatically invoked subroutine, altering the automatically invoked subroutine to prevent automatic execution of the instructions associated with the subroutine upon rendering by a rendering application, such that functionality of the targeted active content is preserved, and configuring the input file to include a selectable feature enabling a user to invoke the targeted active content responsive to a user input, thereby creating a reconfigured input file.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: The disclosed embodiments include a method for disarming malicious code in a computer system having a processor. The method comprises accessing, by the computer system, input content, wherein the input content includes a plurality of data units having a value representing media content, and adjusting, by the processor, a data unit value of at least a portion of the data units, wherein the portion of the data units and an adjustment of the data unit value are determined so as to render any malicious code included in the plurality of data units inactive for its intended malicious purpose while not interfering with an intended use of the input content.

Abstract: The disclosed embodiments include a method of disarming malicious code in a computer system having a processor. The method comprises receiving, by the computer system, input content, and rendering, by the processor, any malicious code included in the input content inactive for its intended malicious purpose without applying a malware detection algorithm to the input content. The rendering is performed by automatically applying, using the processor, a data value alteration model to the input content for altering select data values within the input content, and outputting a new content reflecting the application of the data value alteration model to the input content. The processor renders any malicious code included in the input content inactive for its intended malicious purpose without regard to any structure used to encapsulate the input content. The input content includes media content.

Abstract: Systems and methods for disarming malicious code in digitally-signed content are provided. An example method includes determining that content is associated with a first digital signature, modifying at least a portion of digital values of the content to disable any malicious code included in the content, thereby creating modified content, and signing the modified content with a second digital signature, thereby creating signed modified content, the signed modified content including a data element corresponding to the first digital signature.

Abstract: The disclosed embodiments include a method for retroactively analyzing original input content to detect malicious content in a computer system, in which the original input content has been previously processed to generate modified input content and prevented from being received by an intended recipient. The method includes accessing the original input content or a characteristic associated with the original input content, and analyzing it based on a malware detection algorithm to determine whether the original input content includes suspected malicious content, wherein the malware detection algorithm includes at least one update of a signature or behavioral characteristic that was not included in the malware detection algorithm when the modified input content was generated. When it is determined that the original input content includes suspected malicious content, the method includes analyzing the modified input content to determine whether the modified input content includes the suspected malicious content.

Abstract: The disclosed embodiments include a method of disarming active content in a received input file in a computer system having a processor. The method includes steps for identifying from digital content of the input file, targeted active content associated with an automatically invoked subroutine, altering the automatically invoked subroutine to prevent automatic execution of the instructions associated with the subroutine upon rendering by a rendering application, such that functionality of the targeted active content is preserved, and configuring the input file to include a selectable feature enabling a user to invoke the targeted active content responsive to a user input, thereby creating a reconfigured input file.