Abstract: Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server.

Abstract: A system and a method are disclosed for managing applications on a mobile computing device. A command message is received at the mobile computing device specifying a command and a target application. The command message may have been sent by a application provider server. The command may be a removal command, an enable command, or a disable command. A removal or disable command may be used to remove or disable a problematic target application. The specified command is performed on the target application.

Abstract: It is detected when an administrator begins or finishes performing remote administrative activity. In response, the polling interval is modified. When the level of remote administrative activity increases, the polling interval is decreased, thereby directing the managed clients to poll the server more frequently. When the level of remote administrative activity decreases, the polling interval is increased, thereby directing the managed clients to poll the server less frequently. By dynamically adjusting the polling interval based on remote administrative activity, a balance is struck between scalability and usability.

Abstract: A computer-implemented method for handling instant messages based on state may include identifying an instant message, detecting a first state of a computing device, and handling the instant message based on the first state of the computing device. The method may further include receiving a first instant-message-handling rule, receiving a first definition of the first state, and associating the first instant-message-handling rule with the first state. A computer-implemented method for preventing the output of instantaneous notifications may include identifying an instant notification, detecting a first state of a computing device, and preventing the instantaneous notification from being sent to an output device of the computing device. Corresponding computer-readable media are also disclosed.

Abstract: Monitoring activity in a network is disclosed, including monitoring a communication associated with a messaging service, observing suspicious activity associated with a host associated with the messaging service, and sending a challenge to the host using the messaging service.

Abstract: Wireless endpoints to be secured in a wireless network context are automatically identified. More specifically, wireless endpoints connecting to a wireless access point are detected. It is determined whether detected endpoints are connecting to the wireless access point to join a wireless network. Wireless access points determined to be connecting to the wireless access point to join a wireless network are automatically identified as endpoints to be managed. Identifying information concerning endpoints to be managed (e.g., MAC addresses) is gleaned, and automatically provided to an endpoint management system.

Abstract: Successful logins are distinguished from unsuccessful logins, and only when a login is successful are the user's login credentials stored and associated with the appropriate login page. Attempts by a user to login to a login page with a set of login credentials are identified. It is determined whether an attempt to login to a given login page with a set of login credentials is successful. If the attempt by the user to login to the login page with the set of login credentials is successful, the set of login credentials can be stored and associated with the login page. If the attempt fails, the credentials are not saved.

Abstract: A DRM server parses a request received from a client for a content identifier and client classification information. The content identifier identifies the requested content and client classification information describes the capabilities of the client. The DRM server determines a policy for the requested content. The policy specifies rules for determining access rights for the content responsive to the capabilities of the client. The DRM server determines access rights for the requested content responsive to the capabilities of the client and the policy. The DRM manager then provides the requested content and the determined access rights to the client.

Abstract: Detecting new or modified portions of executable code is disclosed. An indication is received that a prior version of an executable file has been replaced by a new version. A security response is provided if a process associated with the executable file attempts to perform a restricted action and a new or changed portion of code comprising the new version has executed. If no new or changed portion of code has executed, the restricted action is allowed to an extent determined previously for the prior version of the executable file.

Abstract: A computer-implemented method for securely managing multimedia data captured by a mobile computing device is disclosed. The method may comprise: 1) identifying multimedia data captured by the mobile computing device, 2) identifying an asymmetric public key stored on the mobile computing device that is associated with an asymmetric private key stored on a server, 3) encrypting the multimedia data using the asymmetric public key so that the encrypted multimedia data may only be decrypted using the asymmetric private key stored on the server, and 4) transmitting the encrypted multimedia data to the server. Corresponding systems and computer-readable media are also disclosed.

Abstract: A computer-implemented method for prioritizing virtual machine tasks may include receiving a request to perform a first task from a virtual machine. The request may include information relevant to determining a priority of the task. The method may include determining the priority of the task based on the information. The method may further include scheduling the first task based on the priority of the task. The method may include selecting the first task for execution based on the scheduling. The method may include notifying the virtual machine that the first task has been selected for execution. Various related methods, computer-readable media, and systems are also disclosed.

Abstract: Files received by a mobile device are sampled for malware tracking. The method includes configuring file transfer mechanisms that use short-range communication technology on the mobile device to appear, to other devices, to be open for accepting all attempts to transfer files. The method further comprises intercepting files transferred via the short-range communication technology to the mobile device from another device. The method also comprises quarantining the files transferred to the mobile device and logging identifying information about each of the files quarantined and about the other devices from which each of the files originated. The method further includes providing the logged identifying information for the files received to a security server.

Abstract: A method and apparatus for synchronously changing authentication credentials of a plurality of domains comprising detecting an authentication credential change event for a particular domain, where the authentication credential is being changed from a first credential to a second credential, determining whether the particular domain is within a domain group, and, if the particular domain is within the domain group, changing the authentication credential of at least one other domain in the domain group from the first credential to the second credential.

Abstract: Controlling identity disclosures is disclosed. A difference between a site policy as received at a first time and the site policy as received at a second time is detected through at least partially automated processing. The existence of the difference is indicated before disclosing to a relying party associated with the site policy, at or subsequent to the second time, an identity information.

Abstract: Method and apparatus for managing temporary e-mail addresses is described. All e-mail sent to a temporary e-mail address is initially forwarded to an actual e-mail address. In some examples, the temporary e-mail address is automatically deactivated in response to an event such that no e-mail sent to the temporary e-mail address is forwarded to the actual e-mail address. A notification e-mail is sent to the actual e-mail address, the notification e-mail indicating that the temporary e-mail address has been deactivated and including one or more uniform resource locators (URLs) configured to manage the deactivation of the temporary e-mail address.

Abstract: A method and system for detecting an anomaly relating to resource access comprising logging in to a website using identity information, storing a current login time in an access time database, accessing a last local login time for the resource from the access time database, determining a last resource login time from the resource and comparing the last local login time to the last resource login time, wherein a result of the comparison indicates resource access anomaly.

Abstract: A document handling device receives a user request to perform a task on document data. The document data is associated with an electronic document to be converted by the document-handling device into a non-digital form (e.g., paper), or with a physical document received by the document-handling device in a non-digital form. The document handling device or a server determines whether the requested task violates a data loss prevention policy, and records, in an audit trail, information identifying the requested task and the digital data, and an indication of whether the requested task violates the data loss prevention policy.

Abstract: A computer-implemented method for defragmenting virtual machine prefetch data. The method may include obtaining prefetch information associated with prefetch data of a virtual machine. The method may also include defragmenting, based on the prefetch information, the prefetch data on physical storage. The prefetch information may include a starting location and length of the prefetch data on a virtual disk. The prefetch information may include a geometry specification of the virtual disk. Defragmenting on physical storage may include placing the prefetch data contiguously on physical storage, placing the prefetch data in a fast-access segment of physical storage, and/or ordering the prefetch data according to the order in which it is accessed at system or application startup.

Abstract: Controlling identity disclosures is disclosed. A difference between a site policy as received at a first time and the site policy as received at a second time is detected through at least partially automated processing. The existence of the difference is indicated before disclosing to a relying party associated with the site policy, at or subsequent to the second time, an identity information.

Abstract: Embodiments provide methods, apparatuses, and articles of manufacture generating geographic location data and contextual location data in response to a location discovery event. The geographic location data and the contextual location data may be transmitted to a network accessible server.