Abstract: Disclosed are systems and methods for selecting means for intercepting network transmissions. An exemplary method includes determining one or more rules associated with transmission of data by a device; determining one or more network transmission intercepting means that satisfy the one or more determined rules; selecting a network transmission intercepting means based on the determined one or more network transmission intercepting means; and causing transmissions by the device to be processed by the selected network transmission intercepting means.

Abstract: Disclosed are systems and methods for controlling access to applications of a mobile device. An example method includes collecting, by a controlled shell of an OS of the mobile device, information about an application of the user device; determining a category designation of the application based on the collected information; determining, by the controlled shell, whether the category designation of the application complies with one or more rules of a usage policy of the mobile device; blocking user access to the application if it is determined that a rule exists prohibiting use of applications in the designated category or if no rule exists permitting use of the applications in the designated category; and permitting user access to the application if it is determined that a rule exists allowing use of applications in the designated category or if no rule exists prohibiting use of the applications in the designated category.

Abstract: Disclosed are systems and methods for selecting means for intercepting network transmissions. An exemplary method includes determining one or more rules associated with transmission of data by a device; determining one or more network transmission intercepting means that satisfy the one or more determined rules; selecting a network transmission intercepting means based on the determined one or more network transmission intercepting means; and causing transmissions by the device to be processed by the selected network transmission intercepting means.

Abstract: Disclosed are systems and methods for selecting means for intercepting network transmissions. An example system includes a data collection module configured to determine one or more parameters of a network transmission and one or more parameters of a user device that receives the transmission; a data analysis module configured to determine characteristics of a plurality of network transmission intercepting means that provide different levels of security to intercepted network transmissions based on the determined transmission and user device parameters; a selection module configured to select out of the plurality of network transmission interception means one whose characteristics match to the parameters of the network transmission, parameters of the user device, and a required security level for the network transmission; and an installation module configured to install on the user device the selected network transmission interception means.

Abstract: Disclosed are systems and methods for selecting means for intercepting network transmissions. An example system includes a data collection module configured to determine one or more parameters of a network transmission and one or more parameters of a user device that receives the transmission; a data analysis module configured to determine characteristics of a plurality of network transmission intercepting means that provide different levels of security to intercepted network transmissions based on the determined transmission and user device parameters; a selection module configured to select out of the plurality of network transmission interception means one whose characteristics match to the parameters of the network transmission, parameters of the user device, and a required security level for the network transmission; and an installation module configured to install on the user device the selected network transmission interception means.

Abstract: Disclosed system and methods for malware testing of software programs. An example method includes storing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behavior in software programs; in response to obtaining a software program, modifying a computer environment for operating the software program by creating malware trigger events associated with a selected one of the plurality of malware trigger scenarios; analyzing an execution of the software program in the modified computer environment in response to the malware trigger events; upon detecting that the software program exhibits malicious behavior, performing remedial actions on the software program; and upon detecting that the software program exhibits no malicious behavior, selecting a different malware trigger scenario from the plurality of malware trigger scenarios for malware testing of the software program.

Abstract: Disclosed are systems and methods for controlling access to applications of a mobile device. An example method includes collecting, by a controlled shell of an OS of the mobile device, information about an application of the user device; determining a category designation of the application based on the collected information; determining, by the controlled shell, whether the category designation of the application complies with one or more rules of a usage policy of the mobile device; blocking user access to the application if it is determined that a rule exists prohibiting use of applications in the designated category or if no rule exists permitting use of the applications in the designated category; and permitting user access to the application if it is determined that a rule exists allowing use of applications in the designated category or if no rule exists prohibiting use of the applications in the designated category.

Abstract: Disclosed are systems and methods for limiting the operation of trusted applications in presence of suspicious programs. An example method includes: identifying one or more trusted applications installed on a computer; collecting data about applications and programs installed on the computer; checking for the presence of one or more suspicious programs using suspicious program detection rules, wherein a program is considered to be suspicious when it can access protected information of a trusted application without authorization; and when at least one suspicious program is found, limiting the operation of the trusted application until the suspicious program is terminated or removed from the computer.

Abstract: Disclosed system and methods for protecting computer resources from unauthorized access. The system provides a library of handler functions that control access of applications to protected resources on a computer device. The system associates a security policy with the library to handler functions. The security policy specifies access rules for accessing protected resources by the applications. The system also modifies applications to access the library of handler functions instead of corresponding application program interface (API) functions of the computer device. When a handler function receives an API function call from a modified application, it may determine if the received API function call complies with the access rules. When the API function call complies with the access rules, the handler function performs the API function call from the application to the protected resources. When the API function call violates the access rules, the handler function block that API function call.

Abstract: Disclosed system and methods for detecting malicious applications. The system provides a library of handler functions. The handlers functions control access of one or more applications to protected resources on a user device. The system also modifies the one or more applications to access the library of handler functions instead of corresponding application program interface (API) functions of the user device. The handler functions receive API function calls from a modified application. The system analyzes the received API function calls for malicious behavior characteristics. When the API function calls do not exhibit malicious behavior characteristics, the handler functions perform the API function calls to the protected resources. When the API function calls exhibit malicious behavior characteristics, the system prevents access of the modified application to the protected resources.

Abstract: Disclosed system and methods for malware testing of software programs. An example method includes storing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behaviour in software programs; in response to obtaining a software program, modifying a computer environment for operating the software program by creating malware trigger events associated with a selected one of the plurality of malware trigger scenarios; analyzing an execution of the software program in the modified computer environment in response to the malware trigger events; upon detecting that the software program exhibits malicious behaviour, performing remedial actions on the software program; and upon detecting that the software program exhibits no malicious behaviour, selecting a different malware trigger scenario from the plurality of malware trigger scenarios for malware testing of the software program.

Abstract: Disclosed system and methods for detecting malware by performing behavioral malware analysis using malware trigger scenarios. In one aspect, a method for malware detection includes providing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behavior in malicious software. The method further includes executing a software program in a computer environment and creating one more malware trigger events as specified in the malware trigger scenarios. The method further includes monitoring execution events of the software program in the computer environment and determining based on the analysis of the monitored execution events whether the software program exhibits malicious behavior. When the software program exhibits malicious behavior, performing remedial actions on the software program.

Abstract: System and methods for the association of one or more devices over a computer network. A management agent module running on a device coupled to the network is configured to communicate with a server agent module running on a management server. An association linking the management agent with the server agent is created by the management server. Associations with device users and the agents managing the devices can also be made. Associations allow network administration commands and policy controls to be issued at a user, rather than device, level.

Abstract: Disclosed system and methods for detecting malware by performing behavioral malware analysis using malware trigger scenarios. In one aspect, a method for malware detection includes providing a plurality of malware trigger scenarios specifying different sets of malware trigger events known to trigger malicious behaviour in malicious software. The method further includes executing a software program in a computer environment and creating one more malware trigger events as specified in the malware trigger scenarios. The method further includes monitoring execution events of the software program in the computer environment and determining based on the analysis of the monitored execution events whether the software program exhibits malicious behaviour. When the software program exhibits malicious behaviour, performing remedial actions on the software program.

Abstract: Disclosed system and methods for detecting malicious applications. The system provides a library of handler functions. The handlers functions control access of one or more applications to protected resources on a user device The system also modifies the one or more applications to access the library of handler functions instead of corresponding application program interface (API) functions of the user device. The handler functions receive API function calls from a modified application. The system analyzes the received API function calls for malicious behavior characteristics. When the. API function calls do not exhibit malicious behavior characteristics, the handier functions perform the API function calls to the protected resources. When the API function calls exhibit malicious behavior characteristics, the system prevents access of the modified application to the protected resources.

Abstract: Disclosed system and methods for protecting computer resources from unauthorized access. The system provides a library of handler functions that control access of applications to protected resources on a computer device. The system associates a security policy with the library to handler functions. The security policy specifies access rules for accessing protected resources by the applications. The system also modifies applications to access the library of handler functions instead of corresponding application program interface (API) functions of the computer device. When a handler function receives an API function call from a modified application, it may determine if the received API function call complies with the access rules. When the API function call complies with the access rules, the handler function performs the API function call from the application to the protected resources. When the API function call violates the access rules, the handler function block that API function call.