Abstract: A virtual machine malware detection service caches contents that correspond to operating system registries. By caching the content of important registers, the malware detector is able to efficiently traverse virtual machine memory contents to identify important operating system properties. Examples of such operating system properties include a list of running processes. The malware detector replaces agent-based threat detection for compute endpoints. The malware detector detects cryptocurrency miners and malware by scanning guest virtual machine (VM) memories. The guest VM memory may be scanned according to the guest physical address. According to some examples, the memories of guest user processes may be scanned one by one, using the page table address for each guest process to efficiently locate its memory.

Abstract: Methods and systems for downloading software information are disclosed herein. In one example embodiment, the method includes performing a first determination as to whether a first number of inquiries or download requests received by a server computer is or has been excessive and, if the first determination is that the first number of inquiries or download requests is not or has not been excessive, sending a signal including a first permission to download a software package. Also, the method includes performing a second determination as to whether either the first number or a second number of inquiries or download requests received by the server computer is or has been excessive and, if the second determination is that the first or second number of inquiries or download requests is not or has not been excessive, sending a first part of the software package for receipt by a first client computer.

Abstract: Methods and systems for remotely executing or communicating messages or commands such as security commands, or facilitating the execution or communication of such messages or commands, are disclosed herein. In one example embodiment, such a system or method can include an agent application installed on a client device directing the client device to periodically check a server for a new command request for the client device, the client device downloading the new command request from the server, and the client device executing the new command request. Also, in an additional example embodiment, the new command request can direct the client device to set up a command session between the server and the client device and, responsive to executing the new command request, the client device can set up the command session with the server.

Abstract: Methods and systems for downloading software information are disclosed herein. In one example embodiment, the method includes performing a first determination as to whether a first number of inquiries or download requests received by a server computer is or has been excessive and, if the first determination is that the first number of inquiries or download requests is not or has not been excessive, sending a signal including a first permission to download a software package. Also, the method includes performing a second determination as to whether either the first number or a second number of inquiries or download requests received by the server computer is or has been excessive and, if the second determination is that the first or second number of inquiries or download requests is not or has not been excessive, sending a first part of the software package for receipt by a first client computer.

Abstract: Approaches for an operating system to ascertain whether files stored its file system have been deemed trustworthy. When an operating system receives a request to perform an operation involving a file that is stored within the file system maintained by the operating system, the operating system requests the file from a driver. In turn, the driver consults a set of trust data to identify whether the file has been previously deemed trustworthy. Upon the driver determining that the file has been deemed trustworthy, the driver provides the file to the operating system in a first format. On the other hand, upon the driver determining that the file has not been deemed trustworthy, the driver provides the file to the operating system in a second format that is different than the first format. Advantageously, the file is stored in a single format in the file system.