Abstract: A thin agent installed within a guest virtual machine (GVM) enables a service application to monitor events within the GVM and to perform certain system functions within the GVM. The thin agent maintains a distinct set of rules for selectively reporting system events to each different service application connected to the thin agent. A multiplexer executing within a virtualization software is configured to facilitate communication between a plurality of thin agents and a plurality of service applications. A services manager facilitates communication between new service applications and the thin agents. Each service application is able to advantageously add new functions to production GVMs without interrupting proper operation of the GVMs.

Abstract: Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent. By tracking writes to and execution of the respective pages, the monitoring process may determine whether the agent has been modified and whether the agent is still running.

Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.

Abstract: A method and a system scan a virtual machine (VM). The method stores a first copy of a scan token associated with a first scan operation within a VM and stores a second copy of the scan token in a database accessible by a management module. Upon restarting of the VM, a scan token in the restarted VM is compared with a scan token associated with the restarted VM in the database. The scan token in the restarted VM is current when the scan token in the restarted VM matches the scan token in the database. A first scan operation is resumed on the restarted VM when it is determined that the scan token in the restarted VM is current, and a new first scan operation of the restarted VM is initiated when it is determined that the scan token in the restarted VM is not current.

Abstract: Techniques are disclosed for monitoring a software agent running in a virtual machine to prevent execution of the software agent from being tampered with. In one embodiment, the software agent bootstraps such monitoring by ensuring that its code is present in memory and providing the code, memory addresses associated with the code, and a cryptographic signature of the code, to a monitoring process upon request. In response to receiving the code, the monitoring process checks the code using the cryptographic signatures and further ensures that the code is present in memory at the provided address. The monitoring process may then placing write traces on all memory pages of the agent and execution trace(s) on certain pages of the agent.

Abstract: A method and a system scan a virtual machine (VM). The method stores a first copy of a scan token associated with a first scan operation within a VM and stores a second copy of the scan token in a database accessible by a management module. Upon restarting of the VM, a scan token in the restarted VM is compared with a scan token associated with the restarted VM in the database. The scan token in the restarted VM is current when the scan token in the restarted VM matches the scan token in the database. A first scan operation is resumed on the restarted VM when it is determined that the scan token in the restarted VM is current, and a new first scan operation of the restarted VM is initiated when it is determined that the scan token in the restarted VM is not current.

Abstract: A system is provided to facilitate on-demand data scan operation in a guest virtual machine. During operation, the system generates an on-demand scan request at a scanning virtual machine, wherein the request specifies a scope for the on-demand scan. The system communicates the on-demand scan request to the guest virtual machine and receives data from the guest virtual machine in response to the request. The system identifies the data as candidate for on-demand scanning and scans the data in furtherance of a security or data integrity objective.

Abstract: Computer implemented methods, system and apparatus for managing execution of a running-page in a virtual machine include associating an execution trace code with the running page by a security virtual machine. The execution trace code generates a notification upon initiation of the execution of the running page by the virtual machine. The notification is received by the security virtual machine running independent of the virtual machine executing the running-page. The running page associated with the execution trace code is validated by the security virtual machine as authorized for execution. An exception is generated if the running-page is not authorized for execution. The generated exception is to prevent the execution of the running page in the virtual machine.