Abstract: In embodiments of the present invention improved capabilities are described for systems, methods, and devices that assess a metadata factor associated with metadata of code to determine a compliance state of said code; assign or adjust a security sensitivity factor based at least in part on said compliance state of said code; and provide a security facility with an indicator of how aggressively to monitor the code for malicious code infection.

Abstract: In embodiments of the present invention improved capabilities are described for runtime additive disinfection of malware. Runtime additive disinfection of malware may include performing the steps of identifying, based at least in part on its type, an executable software application that is suspected of being infected with malware, wherein the malware is adapted to perform a function during the execution of the executable software application, predicting the malware function based on known patterns of malware infection relating to the type of the executable software application, and in response to the prediction, adding a remediation software component to the executable software application that disables the executable software component from executing code that performs the predicted malware function.

Abstract: In embodiments of the present invention improved capabilities are described for providing a scanning of data associated with a network computer facility. In the process, a request may be received for network content from a content requesting computing facility. A source lookup associated with the request for network content may be performed, where the source lookup may be from a networked source lookup database. The requested network content may then be retrieved, where the type of the content may be determined as a further aid in scanning the content. A checksum of at least a portion of the retrieved network content may then be calculated, and a checksum lookup associated with the portion of the retrieved network content be performed, where the checksum lookup may be from a networked checksum lookup database. Finally, an action may be taken based on at least one of the source lookup and checksum lookup, where the action is associated with protecting the content requesting computing facility from malware.

Abstract: In embodiments of the present invention improved capabilities are described for an extensible, file-based, security system that may be used for recording, analyzing, storing, updating and evaluating metadata, such as file reputation metadata, in order to determine an appropriate access control or security control measure to implement in association with a file. In response to the generation of a file from a software program, metadata that defines access, security, and compliance reporting parameters of the generated file may be created that conform to and/or implement a corporate policy. The metadata may be used to control the access, security, and/or compliance reporting settings of the file and to require that only an approved method of using the file, or any of the file's contents, is used, and that the method and use of the file is in accord with the access, security, and/or compliance reporting parameter definitions in the metadata which embody the corporate policy.

Abstract: In embodiments of the present invention improved capabilities are described for password policy enforcement, such as passwords not normally in the administrative domain of the corporation, unlike common local policy enforcement. Password policy enforcement may include the steps of identifying a presentation of a software application user interface, wherein the presentation involves communicating the user interface over the Internet; evaluating the user interface for a presence of a user password field; and in response to a positive detection of the user password field, implementing a compliance process to ensure that any password entered into the user password field is compliant with a corporate policy relating to passwords.

Abstract: In embodiments of the present invention improved capabilities are described for automated recovery from a security event. Automated recovery includes detecting a security event, using metadata to select a target backup for recovery, bringing the recovered environment online in a quarantine mode, initiating automated recovery of the environment, and running at least one of a generic remediation process and a specific remediation process in the quarantine mode prior to releasing the environment from quarantine mode. Related user interfaces, applications, and computer program products are disclosed.

Abstract: In embodiments of the present invention improved capabilities are described for systems, methods, and devices that assess a metadata factor associated with metadata of code to determine a compliance state of said code; assign or adjust a security sensitivity factor based at least in part on said compliance state of said code; and provide a security facility with an indicator of how aggressively to monitor the code for malicious code infection.

Abstract: In embodiments of the present invention improved capabilities are described for runtime additive disinfection of malware. Runtime additive disinfection of malware may include performing the steps of identifying, based at least in part on its type, an executable software application that is suspected of being infected with malware, wherein the malware is adapted to perform a function during the execution of the executable software application, predicting the malware function based on known patterns of malware infection relating to the type executable software application, and in response to the prediction, adding a remediation software component to the executable software application that disables the executable software component from executing code that performs the predicted malware function.

Abstract: In embodiments, the present invention may be a computer program product embodied in a computer readable medium that, when executing on one or more computers, may select a software application for monitoring, where the selection may be based at least in part on the basis that the software application controls confidential information, and where the software application may be an end-point application, a web application, a cloud application, and the like. The present invention may monitor the software application by determining an output data quantity that may be written from the software application. The output data may then be compared with a predetermined quantity, where the predetermined quantity may be indicative of confidential information being written from the software application.

Abstract: In embodiments of the present invention improved capabilities are described for providing a scanning of data associated with a network computer facility. In the process, a request may be received for network content from a content requesting computing facility. A source lookup associated with the request for network content may be performed, where the source lookup may be from a networked source lookup database. The requested network content may then be retrieved, where the type of the content may be determined as a further aid in scanning the content. A checksum of at least a portion of the retrieved network content may then be calculated, and a checksum lookup associated with the portion of the retrieved network content be performed, where the checksum lookup may be from a networked checksum lookup database. Finally, an action may be taken based on at least one of the source lookup and checksum lookup, where the action is associated with protecting the content requesting computing facility from malware.