Abstract: Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent.

Abstract: A method and a system scan a virtual machine (VM). The method stores a first copy of a scan token associated with a first scan operation within a VM and stores a second copy of the scan token in a database accessible by a management module. Upon restarting of the VM, a scan token in the restarted VM is compared with a scan token associated with the restarted VM in the database. The scan token in the restarted VM is current when the scan token in the restarted VM matches the scan token in the database. A first scan operation is resumed on the restarted VM when it is determined that the scan token in the restarted VM is current, and a new first scan operation of the restarted VM is initiated when it is determined that the scan token in the restarted VM is not current.

Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.