Abstract: Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.

Abstract: Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint/user posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.

Abstract: Methods, devices, and systems disclosed herein measure endpoint user security event susceptibility (e.g., a malware infection) and provide information for endpoint/user posture evaluation. A relatively small software application may be installed using, for example, a systems management push system where the software runs on each endpoint system and reports back to a central repository or base system. The software runs on machines that it is pushed to and generates a score for that endpoint. That score is a quantification of endpoint user security risk, i.e., the likelihood that a particular endpoint is likely to be the source of a security event at some point in the future. This information may be used to generate a Relative Score for each endpoint so that the endpoints can be ranked from most secure to least secure and an Absolute Score so that a given distributed system can be compared to other distributed systems.

Abstract: Various embodiments of a system and method for providing protection against malicious software programs are disclosed. The system and method may be operable to detect that a first window of a legitimate software program has been replaced by a second window of a malicious software program, e.g., where the second window includes features to mimic the first window in an effort to fool the user into inputting sensitive information into the second window. The method may operate to alert the user when the window replacement is detected.

Abstract: Malicious code detection code is executed by an information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation. The detection routines associate weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines. It is determined whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.

Abstract: Various embodiments of a system and method for blocking malicious program behaviors, such as keystroke logging behavior or screen capture behavior, are disclosed. Security software may execute on a computer system, where the security software is operable to monitor the computer system to detect malicious program behavior. In response to detecting a first condition indicating that monitoring of the computer system to detect malicious program behavior should be initiated, the security software automatically initiates monitoring of the computer system to detect malicious program behavior. After initiating the monitoring for malicious program behavior, the security software may detect malicious program behavior of a second program executing on the computer system and block the malicious program behavior of the second program.

Abstract: Various embodiments of a system and method for providing protection against malicious software programs are disclosed. The system and method may be operable to detect that a first window of a legitimate software program has been replaced by a second window of a malicious software program, e.g., where the second window includes features to mimic the first window in an effort to fool the user into inputting sensitive information into the second window. The method may operate to alert the user when the window replacement is detected.

Abstract: From a first information handling system (“IHS”) to a second IHS, in response to a request for initiating an online transaction, a program is downloaded for detecting malicious code on the second IHS.

Abstract: From a first information handling system (“IHS”) to a second IHS, in response to a request for initiating an online transaction, a program is downloaded for detecting malicious code on the second IHS.

Abstract: Malicious code detection code is executed by an information handling system. The malicious code detection code includes detection routines. The detection routines are applied to executable code under investigation. The detection routines associate weights to respective code under investigation in response to detections of a valid program or malicious code as a function of the detection routines. It is determined whether code under investigation is a valid program or malicious code as a function of the weights associated by the detection routines.