Abstract: There is provided a computer implemented method of vaccination of a computing device against infection by malicious code, comprising: obtaining a vaccination profile including vaccination artifact system calls indicative of a malicious code attempting to identify another instance of the malicious code executing on the computing device prior to the malicious code infecting the computing device, monitoring the computing device for an indication of execution of at least one of the vaccination artifact system calls by the malicious code, and providing a false response to the at least one of the vaccination artifact system calls for emulating an existing infection of the computing device by another instance of the malicious code according to the indication of execution of at least one of the plurality of vaccination artifact system calls, wherein the emulation of the existing infection prevents infection of the computing device by the malicious code.

Abstract: There is provided a computer implemented method of generating a vaccination profile of malicious code for vaccination against other instances of the malicious code, comprising: providing malicious code, analyzing the malicious code to identify at least one vaccination artifact system call indicative of an attempt to identify malicious code executing on a client computing device prior to another instance of the malicious code infecting the client computing device, generating according to the analysis of the malicious code, a vaccination profile including the at least one vaccination artifact system call, and providing the vaccination profile to a plurality of client computing devices for vaccination of the plurality of client computing devices uninfected by the malicious code, wherein an existing infection by the malicious code is emulated based on the vaccination profile for prevention of infection of the plurality of computing devices by another instance of the malicious code.

Abstract: A method for processing files as a preemptive measure against a ransomware activity. The method comprises scanning a plurality of file operation requests sent to an operating system (OS) executed on a computing device to detect a guarded file operation request that comprises instructions to process a file managed by a file system used by said OS, delaying an execution of said guarded file operation request, temporarily storing a copy of said file in a backup storage in response to said detection of said guarded file operation request, and stop delaying said execution of said guarded file operation request when said copy is stored in said backup storage.

Abstract: There is provided a computer implemented method of generating a vaccination profile of malicious code for vaccination against other instances of the malicious code, comprising: providing malicious code, analyzing the malicious code to identify at least one vaccination artifact system call indicative of an attempt to identify malicious code executing on a client computing device prior to another instance of the malicious code infecting the client computing device, generating according to the analysis of the malicious code, a vaccination profile including the at least one vaccination artifact system call, and providing the vaccination profile to a plurality of client computing devices for vaccination of the plurality of client computing devices uninfected by the malicious code, wherein an existing infection by the malicious code is emulated based on the vaccination profile for prevention of infection of the plurality of computing devices by another instance of the malicious code.

Abstract: There is provided a computer implemented method of vaccination of a computing device against infection by malicious code, comprising: obtaining a vaccination profile including vaccination artifact system calls indicative of a malicious code attempting to identify another instance of the malicious code executing on the computing device prior to the malicious code infecting the computing device, monitoring the computing device for an indication of execution of at least one of the vaccination artifact system calls by the malicious code, and providing a false response to the at least one of the vaccination artifact system calls for emulating an existing infection of the computing device by another instance of the malicious code according to the indication of execution of at least one of the plurality of vaccination artifact system calls, wherein the emulation of the existing infection prevents infection of the computing device by the malicious code.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: A method for processing files as a preemptive measure against a ransomware activity. The method comprises scanning a plurality of file operation requests sent to an operating system (OS) executed on a computing device to detect a guarded file operation request that comprises instructions to process a file managed by a file system used by said OS, delaying an execution of said guarded file operation request, temporarily storing a copy of said file in a backup storage in response to said detection of said guarded file operation request, and stop delaying said execution of said guarded file operation request when said copy is stored in said backup storage.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: A method of establishing privileged communication sessions to target services unifies multiple sub-sessions into a single super-session. The user client requests access to target services. The request includes authentication credentials. Using the authentication credentials, privileged credentials are retrieved for target services requiring privileged access. Interactive sub-sessions are established between an intermediate element and respective target services. Required credentials are provided by the intermediate element to the target services. The interactive sub-sessions are unified into a single super-session on the intermediate element, and the super-session is established with the user client. The super-session provides the user client with interactive control of each of the interactive sub-sessions. Data communication between the user client and the target services is conducted via the intermediate element.

Abstract: A method of monitoring a session on a target system includes receiving from a user client a user request to open a session with the target system. A session-specific transient agent for monitoring the session is installed onto the target system. The session is established between the user and the target system over a communication network. The transient agent monitors the session, collects data of events occurring on the target system during the session. The transient agent is terminated when the session ends.

Abstract: A method for emulating at least one resource in a host computer to a querying hosted code. The method comprises monitoring a plurality of operating system (OS) queries received from a plurality of code executed on a monitored computing unit, the plurality of OS queries are designated to an OS of the monitored computing unit, detecting among the plurality of OS queries at least one query for receiving at least one characteristic of at least one resource of the monitored computing unit among the plurality of OS queries, the at least one query is received from querying code of the plurality of code, preparing a response of the OS to the at least one query, the response comprising a false indication at least one false characteristic of the at least one resource, and sending the response to the querying code in response to the at least one query.

Abstract: A method of establishing privileged communication sessions to target services unifies multiple sub-sessions into a single super-session. The user client requests access to target services. The request includes authentication credentials. Using the authentication credentials, privileged credentials are retrieved for target services requiring privileged access. Interactive sub-sessions are established between an intermediate element and respective target services. Required credentials are provided by the intermediate element to the target services. The interactive sub-sessions are unified into a single super-session on the intermediate element, and the super-session is established with the user client. The super-session provides the user client with interactive control of each of the interactive sub-sessions. Data communication between the user client and the target services is conducted via the intermediate element.

Abstract: A method and system is provided for controlling a remote target application, including sensitive and privileged applications, via a remote application connection. The target application is executed with a set of credentials, different than those credentials submitted by the user to access the target application. The user, via a local client terminal, accesses the target application over the remote application connection, such that the user experience of interaction with the target application is similar to that of the target application running locally, while the target application is actually being run remotely. The execution is protected by the second set of credentials unknown to the user, thus preventing credential hijacking and various other threats to the sensitive application.

Abstract: A method of monitoring a session on a target system includes receiving from a user client a user request to open a session with the target system. A session-specific transient agent for monitoring the session is installed onto the target system. The session is established between the user and the target system over a communication network. The transient agent monitors the session, collects data of events occurring on the target system during the session. The transient agent is terminated when the session ends.