Abstract: A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware.

Abstract: A method is provided in one example embodiment that includes rebasing a module in a virtual partition to load at a fixed address and storing a hash of a page of memory associated with the fixed address. An external handler may receive a notification associated with an event affecting the page. An internal agent within the virtual partition can execute a task and return results based on the task to the external handler, and a policy action may be taken based on the results returned by the internal agent. In some embodiments, a code portion and a data portion of the page can be identified and only a hash of the code portion is stored.

Abstract: A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input.

Abstract: A method is provided in one example embodiment that includes receiving in an external handler an event notification associated with an event in a virtual partition. A thread in the process in the virtual partition that caused the event can be parked. Other threads and processes may be allowed to resume while a security handler evaluates the event for potential threats. A helper agent within the virtual partition may be instructed to execute a task, such as collecting and assembling event context within the virtual partition, and results based on the task can be returned to the external handler. A policy action can be taken based on the results returned by the helper agent, which may include, for example, instructing the helper agent to terminate the process that caused the event.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input.

Abstract: A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input.

Abstract: Technologies for securing an electronic device include trapping an attempt to access a secured system resource of the electronic device, determining a module associated with the attempt, determining a subsection of the module associated with the attempt, the subsection including a memory location associated with the attempt, accessing a security rule to determine whether to allow the attempted access based on the determination of the module and the determination of the subsection, and handling the attempt based on the security rule. The module includes a plurality of distinct subsections.

Abstract: A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.

Abstract: A system, method, and computer program product are provided for hooking code inserted into an address space of a new process. In use, creation of a process is identified. Additionally, code is inserted into an address space of the process. Still yet, at least one module being loaded in association with the process is identified. Further, the code is hooked at an entry point of the at least one module based on a determination of whether the at least one module includes a predefined module.

Abstract: A method for monitoring for malware includes, during a boot process on an electronic device, determining a portion of memory, determining that the portion of memory is reserved for exclusive access by an entity on the electronic device, and, based on the determination that a portion of memory is reserved for exclusive access during the boot process, determining that the reservation is indicative of malware.

Abstract: A method for detecting malware includes determining one or more object-oriented components of an electronic device, trapping at a level below all of the operating systems of the electronic device an attempt to access an object-oriented component of the electronic device, determining an entity causing the attempt, accessing one or more security rules, and, based on the security rules, the entity causing the attempt, and the object-oriented component, determining whether the attempted access is indicative of malware.

Abstract: A system, method and computer program product are provided. In use, code is executed in user mode. Further, the execution of the code is intercepted. In response to the interception, operations are performed in kernel mode.

Abstract: A system, method, and computer program product are provided for reacting to a detection of an attempt by a process that is unknown to control a process that is known. In operation, an attempt by a first process that is unknown to control a second process that is known is detected. Furthermore, there is a conditional reaction based on the detection.

Abstract: A system, method, and computer program product are provided for determining whether a security status of data is known at a server. In use, a request for a security status of data is received over a network at a server. Additionally, it is determined whether the security status is known at the server using at least one of a whitelist and a blacklist. Furthermore, a result of the determination is transmitted over the network.

Abstract: A behavioral tracking system, method, and computer program product are provided for undoing events based on user input. In use, a plurality of unclassified events is identified on a system utilizing behavioral tracking. Additionally, input associated with at least one of the unclassified events is received from a user of the system for classifying the at least one of the unclassified events as an unwanted event. Further, the at least one unwanted event is undone in response to the receipt of the input.

Abstract: A system, method, and computer program product are provided for scanning data utilizing one of a plurality of virtual, machines of a device. In use, data to be scanned is identified utilizing a first virtual machine of a device, where the device further includes at least one second virtual machine and a cache shared by the first virtual machine and the second virtual machine. Additionally, it is determined whether the data was previously scanned by the at least one second virtual machine, utilizing the cache. Furthermore, the data is conditionally scanned utilizing the first virtual machine based on the determination.

Abstract: A system, method, and computer program product are provided for processing a task utilizing a virtual machine as a function of an aspect of another virtual machine. In use, a task to be processed is identified. Furthermore, the task is processed utilizing at least one virtual machine located in a device as a function of at least one aspect of at least one other virtual machine located on the device.

Abstract: A system, method and computer program product are provided for performing a security or maintenance operation in association with virtual disk data accessed independent of a virtual machine. In use, data stored on a virtual disk is accessed at least in part independent of a virtual machine. Further, a security or maintenance operation is performed in association with the accessed data.

Abstract: A system, method, and computer program product are provided for detecting unwanted data based on scanning associated with a payload execution and a behavioral analysis. In use, an execution of a payload is detected, utilizing interface monitoring. Additionally, process memory associated with the execution of the payload is scanned. Further, a behavioral analysis is performed. Still yet, unwanted data is detected based on the scanning and the performance of the behavioral analysis.