Abstract: Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. An example method includes, in response to testing a new application control rule, transmitting, from each of a plurality of computing devices in a network, information relating to software applications deployed on each computing device and one or more application control rules including the new application control rule associated with the software applications, each of the one or more application control rules having a priority, the collected information identifying at least one conflict between at least one application control rule and the new application control rule in executing one of the software applications; and receiving, by at least one of the plurality of computing devices, the new application control rule reconfigured with a lower priority to eliminate the at least one conflict.

Abstract: A system for a dynamic adjustment of expiration date of an authorization key, the system comprising: a security product that will be installed on a predetermined number of computers. The administration key allows a use of the software product on the predetermined number of computers during a predetermined period of time. The plurality of authorization units purchased from a vendor that are the smallest increments of time that a duration period of the authorization key is measured in. The expiration date for all the computers can be updated at any time, depending on the number of computers on which the software is installed at any given time. The administration server determines a beginning and an ending date of a functionality of the authorization key for the security product. The data base receives and stores the beginning and the ending date of the functionality of the authorization key for the security product.

Abstract: Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. An example method includes, in response to testing a new application control rule, transmitting, from each of a plurality of computing devices in a network, information relating to software applications deployed on each computing device and one or more application control rules including the new application control rule associated with the software applications, each of the one or more application control rules having a priority, the collected information identifying at least one conflict between at least one application control rule and the new application control rule in executing one of the software applications; and receiving, by at least one of the plurality of computing devices, the new application control rule reconfigured with a lower priority to eliminate the at least one conflict.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts.

Abstract: Disclosed are systems, methods and computer program products for copying encrypted and unencrypted files between data storage devices. In one aspect, the system detects a request to copy a file from a first data storage device to a second data storage device, determines one or more parameters of the copied file, the first data storage device and the second data storage device, selects, based on the one or more parameters, a file encryption policy for the copies file, and applies the selected encryption policy to the copied file.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts.

Abstract: Disclosed are systems, methods and computer program products for controlling access to encrypted files. In one aspect, the system detects a request from an application to access an encrypted file. The system identifies the application that requested access to the encrypted file and one or more file access policies associated with the application. The file access policy specifies at least a file access method associated with the application. The system then controls access to the file based on the identified one or more file access policies.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

Abstract: Disclosed are systems, methods and computer program products for configuring application control rules. The system creates a new application control rule that specifies restrictions or permission on execution a software application, a function of an application or a category of applications. The system then collects information about one or more computers in a network, including information about software applications deployed on the computers and existing application control rules. The system then tests the new application control rule using the collected information to determine verdicts rendered by the new application control rule that restrict or permit execution of an application, certain function of an application or a category of applications. The system then compares verdicts rendered by the new application rule with the verdicts rendered by the existing application control rules to identify conflicting rules, and reconfigures the new application control rule to eliminate conflicts.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

Abstract: Disclosed are systems, methods and computer program products for providing user access to encrypted data. In one example, a system is configured to receive a security policy for the user device, wherein the security policy includes data access conditions and data encryption conditions for one or more users of the user device; identify one or more user accounts in the OS of the user device as specified in the data access conditions; create a pre-boot authentication account (PBA) for the identified user accounts based on the data access conditions, for storing pre-boot authentication credentials for authenticating a user before booting of the OS on the user device; and encrypt at least a portion of data stored on the user device based on the data encryption conditions, wherein access to the encrypted portion of data is granted to the user upon entry of the correct pre-boot authentication credentials.

Abstract: An administration system and methods for mobile security and other software applications operating on mobile devices in a corporate network. The administration system comprises an administration server, administration database and administration console. To facilitate integration of mobile applications into the administration system, each mobile application is provided with an associated administration console plug-in component. The administration plug-in component provides a set of user interfaces for configuring via the administration console application configuration settings specific to the one or more associated mobile applications. In addition, the plug-in component provides web interfaces, such as SOAP interfaces, for communicating application-specific configuration settings to the associated mobile applications.

Abstract: Disclosed are systems, methods and computer program products for controlling access to a computer network. An example network access controller is configured to intercept data transmission to or from a computer and identify a network access policy associated with said computer. If there is no network access policy associated with said computer, the controller deploys on said computer an administration agent configured to collect configuration information from said computer and information about topology of said network. The controller determines a network access policy for said computer based on the collected information. The controller also activates antivirus software on said computer, to detect any malicious activity on said computer. If malicious activity is detected, the controller limits data transmissions to or from said computer until the malicious activity is eliminated by the antivirus software to prevent spread of the malicious activity to other computers in the network.

Abstract: Disclosed are systems, methods and computer program products for remote administration of a computer network. The system comprises an administration server for remotely managing a computer network. The server deploys administration agents on the computers in the network for performing various administrative tasks. In addition, the server selects a computer with the highest performance rating as a local administration proxy for the network. The server then transmits to the local administration proxy a control signal for performing one or more administrative tasks by administration agents deployed on the computers in the network. The server then establishes, through the local administration proxy, a connection with the administration agents for performing administrative tasks of the computers.

Abstract: Disclosed are systems, methods and computer program products for remote administration of a computer network. The system comprises an administration server for remotely managing a computer network. The server deploys administration agents on the computers in the network for performing various administrative tasks. In addition, the server selects a computer with the highest performance rating as a local administration proxy for the network. The server then transmits to the local administration proxy a control signal for performing one or more administrative tasks by administration agents deployed on the computers in the network. The server then establishes, through the local administration proxy, a connection with the administration agents for performing administrative tasks of the computers.

Abstract: An administration system and methods for mobile security and other software applications operating on mobile devices in a corporate network. The administration system comprises an administration server, administration database and administration console. To facilitate integration of mobile applications into the administration system, each mobile application is provided with an associated administration console plug-in component. The administration plug-in component provides a set of user interfaces for configuring via the administration console application configuration settings specific to the one or more associated mobile applications. In addition, the plug-in component provides web interfaces, such as SOAP interfaces, for communicating application-specific configuration settings to the associated mobile applications.