Abstract: Protection of process memory against foreign code injection is described herein. A system includes at least one processor and at least one memory storing instructions thereon that, when executed by the at least one processor, cause the at least one processor to perform operations. The operations include to dynamically virtualize a protected application in user space, wherein the virtualization comprises a virtualized memory management system and to monitor memory allocated to the virtualized protected application by the virtualized memory management system. The operations include to compare memory allocated by the virtualized memory management system with known allocations of virtual memory. Additionally, the applications include to designate the memory as being injected with foreign code in response to the virtualized memory management system detecting privileges not created by the virtualized memory management system.

Abstract: Systems and methods for obfuscating keyboard keys against interception are provided. In an example, a protected application is dynamically virtualized in user space, wherein the virtualization comprises an isolated keyboard path. Keystrokes are injected to the isolated keyboard path, wherein the injected keystrokes are associated with a respective timestamp, and user input keystrokes are obfuscated with the injected keystrokes and the obfuscated keystrokes are passed to a low level hook. The obfuscated keystrokes passed to the low level hook are separated according to tags associated with the obfuscated keystrokes to obtain the user input keystrokes. The user input keystrokes are transmitted to a target window of the protected application.

Abstract: There is provided a method and system with an improved bitmap access control method of file virtualization for large files in sandbox. The process divides a large file to pieces clusters by fixed byte counts, building a mapping relationship between logical view of sandboxed file and physical shadow file on disk. Thus, there is no need to copy an entire file when a file is modified and waste the user's disk storage.

Abstract: There is provided a method to detect script texts passed to interpreter and send them to security components, such as a scanner, whitelist and sandbox. The method is accomplished by extracting embedded script from command line parameters or documents, saving it to a script file and passing the file path to security components for scanning and further processing.

Abstract: There is provided a method to protect applications running in a hostile environment, including against trampoline based attacks which use dll injection and code modification. The method includes protecting an application when access is performed from injected dll, and protecting the application when access is performed from modified codes.

Abstract: There is provided a network appliance, methods and systems which intercept web and email traffic, extract executables, compare the executables with a policy and wrap the executables. Then, the wrapped executables are delivered to a client system in a manner to protect the network and end point devices, where the wrapped executables are run in a sandbox with all file system, registry accesses, communication and traffic isolated.

Abstract: There is provided a method to detect script texts passed to interpreter and send them to security components, such as a scanner, whitelist and sandbox. The method is accomplished by extracting embedded script from command line parameters or documents, saving it to a script file and passing the file path to security components for scanning and further processing.

Abstract: There is provided a network appliance, methods and systems which intercept web and email traffic, extract executables, compare the executables with a policy and wrap the executables. Then, the wrapped executables are delivered to a client system in a manner to protect the network and end point devices, where the wrapped executables are run in a sandbox with all file system, registry accesses, communication and traffic isolated.

Abstract: There is provided a method to protect applications running in a hostile environment, including against trampoline based attacks which use dll injection and code modification. The method includes protecting an application when access is performed from injected dll, and protecting the application when access is performed from modified codes.

Abstract: There is provided a method and system with an improved bitmap access control method of file virtualization for large files in sandbox. The process divides a large file to pieces clusters by fixed byte counts, building a mapping relationship between logical view of sandboxed file and physical shadow file on disk. Thus, there is no need to copy an entire file when a file is modified and waste the user's disk storage.

Abstract: The current invention discloses method and system to detect remote control and prevent critical application from being peeped at and manipulated. Solution includes remote control detection, remote control blocking and user interaction. When remote access is detected, all suspicious behaviors found during network protocol filtering, session id based detection and remote control behaviour analysis are blocked. Innovative and efficient remote detection methods support user space and kernel space mode, intercept function modules for running applications and services to check and verify. Also new detective methods support network packets filter to judge accurate remote activities.

Abstract: There is provided a method and system with an improved bitmap access control method of file virtualization for large files in sandbox. The process divides a large file to pieces clusters by fixed byte counts, building a mapping relationship between logical view of sandboxed file and physical shadow file on disk. Thus, there is no need to copy an entire file when a file is modified and waste the user's disk storage.

Abstract: A method of protecting a computer by having security software be set to clean mode where the clean mode acts as if files installed or modified before the clean date are safe and installed or modified after the clean date as potentially harmful.

Abstract: The application discloses a method of protecting a computer against buffer overflow attacks by creating a security policy based on information about the buffer overflow. This results in a dynamic and “on-the-fly” security policy that can be applied to an application to protect the computer. The application also discloses a method where the buffer overflow is reported to central server. The central server monitors the publisher to determine when a patch becomes available to remedy the problem. The server notifies the security software when a patch is available so that either the security software or computer user can download and install the patch.

Abstract: A method of protecting a computer by having security software be set to clean mode where the clean mode acts as if files installed or modified before the clean date are safe and installed or modified after the clean date as potentially harmful.

Abstract: A method and system of performing vulnerability and security scans on an internet connected device where the device is behind a network security device such as a firewall. The method is performed by having an agent that is local to the device to be scanned create a VPN connection with a scanning server and then performing the scanning over the VPN. The connection is terminated at the end to free up system resources.