Abstract: Systems and methods are described herein for dynamic debug logging during application runtime. In an example, a wrapper can be added to the code for functions of the application. During runtime, the wrapper can cause the functions to retain certain debug data. In one example, a function call graph can be constructed, which can include all the possible function call paths for the application. When an error occurs, if the application does not have a stack trace tool or API available, the application can use the function call graph to determine all possible function call paths between the entrant function and the errored function. If an application does have a stack trace tool or API, then the application can retrieve the actual function call path that led to the error. The application can enable a debug flag in the wrapper for each function in the function call path, which can cause those functions to log runtime debug data.

Abstract: Systems and methods are described herein for dynamic debug logging during application runtime. In an example, a wrapper can be added to the code for functions of the application. During runtime, the wrapper can cause the functions to retain certain debug data. In one example, a function call graph can be constructed, which can include all the possible function call paths for the application. When an error occurs, if the application does not have a stack trace tool or API available, the application can use the function call graph to determine all possible function call paths between the entrant function and the errored function. If an application does have a stack trace tool or API, then the application can retrieve the actual function call path that led to the error. The application can enable a debug flag in the wrapper for each function in the function call path, which can cause those functions to log runtime debug data.

Abstract: A method for detecting malware in a distributed malware detection system comprising a plurality of endpoints, is provided. The method generally includes inspecting, at a first endpoint of the plurality of endpoints, a file classified as an unknown file; based on the inspecting, determining, at the first endpoint, a first verdict for the file, the first verdict indicating the file is benign or malicious; determining whether an aggregate number of verdicts for the file from the plurality of endpoints, including the first verdict, meets a first threshold; and selectively reclassifying the file as benign or malicious based on whether the aggregate number of verdicts for the file meets the first threshold.

Abstract: Described herein are systems, methods, and software to identify propagation risk of threats in a computing environment. In one implementation, a management service may identify a connection tree for a computing environment based on forwarding rules for virtual nodes in the computing environment. The management service may further, for each connection in the connection tree, determine a threat value based at least on a protocol associated with the connection. The management service may also identify a threat to a virtual node of the virtual nodes and generate a threat propagation summary for the threat based on the one or more minimum or maximum spanning trees.

Abstract: An application downloaded from the network onto a target (production) machine can be validated in a sandbox environment. An execution report can be generated during the validation. When the validated application is executed on the target machine, operations performed by the application are limited based on the execution report.

Abstract: An application downloaded from the network onto a target (production) machine can be validated in a sandbox environment. An execution report can be generated during the validation. When the validated application is executed on the target machine, operations performed by the application are limited based on the execution report.