Abstract: Operations performed by a software application instance executed by a computing device are monitored. A determination is made that a particular operation performed matches an application signature representing a particular software application. In response, a match score is added to a total score for the software application. In response to determining that the total score is greater than or equal to a threshold, the software is classified.

Abstract: Managing encrypted network traffic using Domain Name System responses includes requesting an address associated with a domain name from a resolution server, the domain name included in a predetermined set of domain names for which secure requests are to be identified; receiving a response from the resolution server including one or more addresses associated with the domain name; associating with the domain name a particular address selected from the received addresses; receiving a request to resolve the domain name; sending a response to the domain name resolution request, the response including the particular address associated with the domain name; receiving a secure request for a resource, the secure request directed to the particular address associated with the domain name; and determining that the secure request is directed to the domain name based on the association between the particular address and the domain name.

Abstract: An execution of a data object is identified by a computing device. In response to identifying the execution of the data object, it is determined that the data object has requested a sensitive action of the computing device before interacting with a user of the computing device. In response to determining that the data object has requested the sensitive action, the data object is classified as a high-risk data object.

Abstract: Methods, systems, and apparatus, including computer programs encoded on computer storage media, for overriding a soft website block. One of the methods includes receiving, from a user device, a request to access a resource, determining, using a first policy group for the user device, that the user device should be prevented from accessing the resource, providing, to the user device and based on determining that the user device should be prevented from accessing the resource, instructions for the presentation of a user interface including a user credentials field, receiving user credentials from the user device, determining that the user credentials are the same as credentials used to log onto the user device, and allowing the user device access to the resource.

Abstract: Operations performed by a software application instance executed by a computing device are monitored. A determination is made that a particular operation performed matches an application signature representing a particular software application. In response, a match score is added to a total score for the software application. In response to determining that the total score is greater than or equal to a threshold, the software is classified.

Abstract: Operations performed by a software application instance executed by a computing device are monitored. A determination is made that a particular operation performed matches an application signature representing a particular software application. In response, a match score is added to a total score for the software application. In response to determining that the total score is greater than or equal to a threshold, the software is classified.

Abstract: A medical waste fluid collection and disposal system includes a medical waste fluid collection cart including first and second fluid collection canisters. A valve assembly selectively communicates with the canisters and a valve drive system controls the valve assembly. A liquid level sensor is positioned within each of the canisters. A cart processor communicates with the liquid level sensors and the valve drive system. A cart drain line communicates with the valve assembly and a receptacle, a cart flushing line communicates with the valve assembly and the receptacle and a cart data line and a cart power line communicate with the cart processor and the cart receptacle. A station includes a drain pump that communicates with a drainage system and a station drain line, a flushing pump that communicates with a source of washing liquid and a station flushing line and a station processor in communication with the drain and flushing pumps. A station data line communicates with the station processor.

Abstract: The subject matter of this specification can be implemented in, among other things, a method for displaying scrollable notifications for unlocking an electronic device. The method includes a step for receiving a notification from an application for display on a locked screen of an electronic device, wherein the notification includes content viewable by a user of the electronic device, wherein the content is scrollable. The method also includes a step for displaying the received notification. The method also includes a step for receiving, from the user, a scroll event associated with the displayed notification. The method also includes a step for scrolling, in response to the received scroll event, content in the notification, wherein the scrolling provides additional content viewable to the user. The method also includes a step for unlocking, in response to the scrolling, one or more capabilities of the electronic device.

Abstract: Operations performed by a software application instance executed by a computing device are monitored. A determination is made that a particular operation performed matches an application signature representing a particular software application. In response, a match score is added to a total score for the software application. In response to determining that the total score is greater than or equal to a threshold, the software is classified.

Abstract: Methods and systems for providing destination-specific network management are described. One example method includes determining a normal data movement profile for a computing device based on observed normal data transfer behavior by the computing device; identifying a data movement rule associated with the computing device, the data movement rule including a deviation amount, and one or more actions to take when the computing device deviates from the normal data movement profile by more than the deviation amount; detecting a data movement associated with the computing device; determining that the detected data movement exceeds the deviation amount included in the data movement rule relative to the normal data movement profile for the computing device; and performing the one or more actions associated with the data movement rule upon determining that the data movement violates the data movement rule.

Abstract: Methods and systems for generating a proxy automatic configuration (PAC) script based on the location of a device. One example method includes receiving a request for a proxy automatic configuration (PAC) script from a source address associated with a device; determining, based at least in part on the source address, a location of the device; generating a PAC script based at least in part on the determined location of the device; and sending a response to the request for the PAC script including the generated PAC script.

Abstract: This specification generally relates to using redirect messages to implement caching. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be cached; sending a redirect response to the client including a cache location for the network resource; receiving a second request for the network resource from the client, the second request including the cache location; in response to receiving the second request for the network resource from the client: determining that the network resource has not been previously cached; retrieving the network resource from the original location; caching the retrieved network resource in a location associated with the cache location for the network resource; and sending the retrieved network resource to the client.

Abstract: This specification generally relates to using redirect messages to implement caching. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be cached; sending a redirect response to the client including a cache location for the network resource; receiving a second request for the network resource from the client, the second request including the cache location; in response to receiving the second request for the network resource from the client: determining that the network resource has not been previously cached; retrieving the network resource from the original location; caching the retrieved network resource in a location associated with the cache location for the network resource; and sending the retrieved network resource to the client.

Abstract: This specification generally relates to using redirect messages to implement content filtering. One example method includes determining that access to a network resource should be redirected based at least in part on access behavior associated with the network resource; receiving from a client a first request for the network resource, the first request including an original location of the network resource; sending a redirect response to the client including a modified location for the network resource different than the original location; receiving a second request for the network resource from the client including the modified location; retrieving the network resource from the original location; performing at least one action on the retrieved network resource; and selectively sending the retrieved network resource to the client based at least in part on a result associated with the at least one action.

Abstract: This specification generally relates to using redirect messages to implement content scanning. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be analyzed; sending a redirect response to the client including a modified location for the network resource different than the original location; receiving a second request for the network resource from the client, the second request including the modified location; in response to receiving the second request for the network resource from the client: retrieving the network resource from the original location; determining that the retrieved network resource is suitable to send to the client; and in response to determining that the retrieved network resource is suitable, sending the retrieved network resource to the client.

Abstract: One example method includes configuring the virtual machine environment to introduce one or more security issues within the virtual machine environment, wherein each security issue elicits a particular malicious application to perform malicious actions when introduced during execution of the particular malicious application; executing a software application within the virtual machine environment; detecting at least one of the malicious actions being performed by the software application during execution within the virtual machine environment; and initiating an analysis action in response to detecting at least one of the malicious actions being performed by the software application.

Abstract: One example method includes executing a software application within the virtual machine environment; during execution of the software application, detecting one or more actions specified by a malicious application policy being performed by the software application within the virtual machine environment, the malicious application policy specifying one or more actions that will trigger video capture in the virtual machine environment executing the software application; and initiating capture of a video signal of the virtual machine environment in response to detecting the one or more actions specified by the malicious application policy

Abstract: One example method includes executing a software application within the virtual machine environment; during execution of the software application, detecting a network request sent from the software application within the virtual machine environment, the network request formatted according to a particular network protocol; in response to detecting the network request: determining an expected response to the network request based on at least one of information included in the network request or the particular network protocol; and providing the expected response to the software application within the virtual machine environment.

Abstract: This specification generally relates to using redirect messages to implement caching. One example method includes receiving from a client a first request for a network resource, the first request including an original location of the network resource; determining that a response to the first request is to be cached; sending a redirect response to the client including a cache location for the network resource; receiving a second request for the network resource from the client, the second request including the cache location; in response to receiving the second request for the network resource from the client: determining that the network resource has not been previously cached; retrieving the network resource from the original location; caching the retrieved network resource in a location associated with the cache location for the network resource; and sending the retrieved network resource to the client.

Abstract: This present disclosure generally relates to managing encrypted network traffic using Domain Name System (DNS) responses.