Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A first request to cause a portion of the data to be associated with a heightened authentication protocol is received. In response, the portion of the data is caused to require the heightened authentication protocol for access. A second request for a file that is stored in the area that is associated with the heightened authentication protocol is received. The second request is authenticated based on the heightened authentication protocol. In response to authenticating the second request, permission is granted to access the file. In response to a failure to authenticate the second request, access to the file is denied, while access to files stored in other areas associated with the user account is allowed.

Abstract: Methods and systems for repairing user devices infected with malicious code. One method includes storing registration information for a plurality of user devices accessing a remote file storage system, the registration information including a unique identifier of each user device and an identifier of an antivirus software installed locally on each user device. The method also includes, in response to detecting an infected file within the remote file storage system, determining a unique identifier of one of the a user device included in the plurality of user devices interacting with the infected file, accessing the registration information to identify, based on the unique identifier of the user device interacting with the infected file within the remote file storage system, an identifier of antivirus software installed locally on the user device, and remotely initiating the antivirus software installed locally on the user device based on the identifier of the antivirus software.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device and determines that one or more compromised server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server determines a plurality of recovery options based on an identification of the one or more compromised server-stored files and the time at which changes to the one or more compromised server-stored files became affected by the malware activity. The plurality of recovery options comprises a suggested restore point identifying a restore time to which changes to the one or more compromised server-stored files are reverted. The cloud storage server transmits a recovery notification that indicates the plurality of recovery options to the client device.

Abstract: Methods and systems for repairing user devices infected with malicious code. One method includes storing registration information for a plurality of user devices accessing a remote file storage system, the registration information including a unique identifier of each user device and an identifier of an antivirus software installed locally on each user device. The method also includes, in response to detecting an infected file within the remote file storage system, determining a unique identifier of one of the a user device included in the plurality of user devices interacting with the infected file, accessing the registration information to identify, based on the unique identifier of the user device interacting with the infected file within the remote file storage system, an identifier of antivirus software installed locally on the user device, and remotely initiating the antivirus software installed locally on the user device based on the identifier of the antivirus software.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A first request to cause a portion of the data to be associated with a heightened authentication protocol is received. In response, the portion of the data is caused to require the heightened authentication protocol for access. A second request for a file that is stored in the area that is associated with the heightened authentication protocol is received. The second request is authenticated based on the heightened authentication protocol. In response to authenticating the second request, permission is granted to access the file. In response to a failure to authenticate the second request, access to the file is denied, while access to files stored in other areas associated with the user account is allowed.

Abstract: A cloud storage server determines features of files in a storage account of the cloud storage server. The storage account is registered with a client device. The cloud storage server detects ransomware activity based on the features of the files. A notification is generated to the client device. The notification indicates the detected ransomware activity in the storage account, and one or more remediation options for the detected ransomware activity in the storage account. The cloud storage server receives, from the client device, a remediation option selected from the one or more remediation options and recovers one or more files in the storage account based on the selected remediation option.

Abstract: As users increasingly shift to cloud services, devices are less likely to be pre-loaded with applications that support the multitudes of different file types that exist today and are continuing to be created. Thus, embodiments are directed to editing and sharing unsupported files through an instantly generated preview without having to install applications that support each file type and/or subscribe to services. For example, in response to detecting a user's request to access a file that is stored locally and determining a lack of a local application or previewer associated with the file, a preview that includes a presentation of the file using a registered previewer may be instantly generated. The preview may be rendered such that the file can be edited and/or shared through the previewer based on a level of editing and/or sharing functionality, respectively, where the levels of functionality are based on the user's subscription status.

Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued. The alert notification(s) may be issued to the user, an administrator, a cloud storage service, and/or a data protection service such that protective measures can be taken if necessary.

Abstract: Cloud-based storage services are provided for storing and/or sharing content across multiple devices, where the content is periodically synchronized between the devices and the storage service. Embodiments are directed to retainment of locally deleted content at the storage service to prevent accidental or nefarious deletions of locally stored content on a device from being propagated to the storage service. For example, a selectable feature to retain locally deleted content, at the storage service may be presented through a display of a client device. A deletion of the content from the client device may be detected. The retained content may be prevented from being downloaded and stored locally on the client device when content at the storage service and the client device are synchronized if the feature was selected. If the feature was not selected, deletion options for the content may be presented through the display.

Abstract: Cloud-based storage services are provided for storing data across multiple devices, where access to the data is subject to a first authentication process. Embodiments are directed to a data protection feature to prevent accidental deletion or modification of the data stored at the cloud via unintended user actions on the clients or actions by nefarious software or hackers. For example, a data protection feature for a portion of data stored at the storage service may be selected, where the feature includes elevation of the first authentication process. An attempted operation performed on the portion of data may be detected. If the attempted operation is deletion or modification of the portion of data, a second authentication process may be prompted to enable the attempted operation to be performed on the portion of data at the storage service. The second authentication process may be elevated compared to the first authentication process.

Abstract: Cloud-based storage services are provided for storing and/or sharing content across multiple devices, where the content is periodically synchronized between the devices and the storage service. Embodiments are directed to detection of bulk operations associated with content stored at a storage service to protect users both proactively and remedially from accidental and/or nefarious content alterations propagating to the storage service and/or other devices. A model may be created based on a usage pattern associated with the content, an attempted operation performed on the content may be detected, and the attempted operation may be compared to the model to determine whether the operation deviates from the usage pattern. If the attempted operation deviates from the usage pattern, a preservation policy for the content at the storage service may be modified and a notification of the attempted operation may be provided to obtain user approval.

Abstract: Cloud-based storage services are provided for storing and/or sharing content across multiple devices, where the content is periodically synchronized between the devices and the storage service. Embodiments are directed to detection of bulk operations associated with content stored at a storage service to protect users both proactively and remedially from accidental and/or nefarious content alterations propagating to the storage service and/or other devices. A model based on a usage pattern monitored and provided by a client device may be received at the client device from the storage service. An attempted operation performed on the content may be detected, and the attempted operation may be compared to the model to determine whether the operation deviates from the usage pattern. If the attempted operation deviates from the usage pattern, execution of the attempted operation and synchronization of the content with the storage service may be prevented until the attempted operation is approved.

Abstract: A cloud storage server determines features of files in a storage account of the cloud storage server. The storage account is registered with a client device. The cloud storage server detects ransomware activity based on the features of the files. A notification is generated to the client device. The notification indicates the detected ransomware activity in the storage account, and one or more remediation options for the detected ransomware activity in the storage account. The cloud storage server receives, from the client device, a remediation option selected from the one or more remediation options and recovers one or more files in the storage account based on the selected remediation option.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device and determines that one or more compromised server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server determines a plurality of recovery options based on an identification of the one or more compromised server-stored files and the time at which changes to the one or more compromised server-stored files became affected by the malware activity. The plurality of recovery options comprises a suggested restore point identifying a restore time to which changes to the one or more compromised server-stored files are reverted. The cloud storage server transmits a recovery notification that indicates the plurality of recovery options to the client device.

Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued.

Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued. The alert notification(s) may be issued to the user, an administrator, a cloud storage service, and/or a data protection service such that protective measures can be taken if necessary.

Abstract: As users increasingly shift to cloud services, devices are less likely to be pre-loaded with applications that support the multitudes of different file types that exist today and are continuing to be created. Thus, embodiments are directed to editing and sharing unsupported files through an instantly generated preview without having to install applications that support each file type and/or subscribe to services. For example, in response to detecting a user's request to access a file that is stored locally and determining a lack of a local application or previewer associated with the file, a preview that includes a presentation of the file using a registered previewer may be instantly generated. The preview may be rendered such that the file can be edited and/or shared through the previewer based on a level of editing and/or sharing functionality, respectively, where the levels of functionality are based on the user's subscription status.

Abstract: Technologies are provided for an instant preview of a locally unsupported file. A client application such as a file synchronization application may detect an intent to preview a locally stored file. Upon detection and determination that there is no local preview support is available, the client application may send the file to a cloud based service such as a cloud storage service. The cloud based service may search to determine if a cloud based previewer associated with the file is registered with the service. If no such previewer is found, the service may seek one from an external resource. Upon finding a previewer associated with the file, the cloud based service may generate a preview for the file and transmit to the client application to be rendered. The cloud based service may remove the cloud copy of the file upon completion in some examples.

Abstract: Variety of approaches to provide an instant preview of a cloud based file are described. A file management application initiates operation(s) to provide an instant preview of a cloud based file upon detecting an intent to preview the cloud based file. Next, a lack of a local previewer associated with the cloud based file is confirmed. A preview is requested from a server associated with the cloud based file. The preview includes a presentation of the cloud based file. Upon receiving the preview associated with the cloud based file from the server, the preview is rendered. The preview may be a rich, instant preview.

Abstract: Identification of an entity performing a deletion or modification action on locally stored files and notification to mitigate risks to cloud stored files is provided. A local or remote file watcher may monitor locally stored files and detect a deletion or modification action. The file watcher may also identify an entity performing the deletion or modification action. The entity may be an application, a process, a user other than the user that is the owner of the files, or the user himself/herself. The file watcher may further determine one or more alert conditions or rules associated with the affected file(s) and/or the entity, that is under which circumstances an alert is to be issued.