Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A first request to cause a portion of the data to be associated with a heightened authentication protocol is received. In response, the portion of the data is caused to require the heightened authentication protocol for access. A second request for a file that is stored in the area that is associated with the heightened authentication protocol is received. The second request is authenticated based on the heightened authentication protocol. In response to authenticating the second request, permission is granted to access the file. In response to a failure to authenticate the second request, access to the file is denied, while access to files stored in other areas associated with the user account is allowed.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device. The cloud storage server determines that one or more server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server generates a graphical user interface that includes a detection notification and a confirmation request, the detection notification indicating a detected presence of malware in the one or more server-stored files and metadata corresponding to the one or more server-stored files, the confirmation request indicating a request for the client device to confirm the detected presence of malware in the one or more server-stored files. A confirmation response is received from the client device. The confirmation response identifies at least one of the one or more server-stored files and confirming the presence of malware activity in the identified server-stored files.

Abstract: Methods and systems for repairing user devices infected with malicious code. One method includes storing registration information for a plurality of user devices accessing a remote file storage system, the registration information including a unique identifier of each user device and an identifier of an antivirus software installed locally on each user device. The method also includes, in response to detecting an infected file within the remote file storage system, determining a unique identifier of one of the a user device included in the plurality of user devices interacting with the infected file, accessing the registration information to identify, based on the unique identifier of the user device interacting with the infected file within the remote file storage system, an identifier of antivirus software installed locally on the user device, and remotely initiating the antivirus software installed locally on the user device based on the identifier of the antivirus software.

Abstract: A cloud storage server receives a detection notification from a client device. The cloud storage server is configured to store files received from the client device. The detection notification indicates a ransomware activity detected by the client device. The cloud storage server receives a remediation notification from the client device. The remediation notification indicates that the ransomware activity has been remediated by the client device. The cloud storage server updates an operation of a server-based ransomware detection application based on the detection notification and the remediation notification.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device and determines that one or more compromised server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server determines a plurality of recovery options based on an identification of the one or more compromised server-stored files and the time at which changes to the one or more compromised server-stored files became affected by the malware activity. The plurality of recovery options comprises a suggested restore point identifying a restore time to which changes to the one or more compromised server-stored files are reverted. The cloud storage server transmits a recovery notification that indicates the plurality of recovery options to the client device.

Abstract: A cloud storage server receives a request from a client device to store a file. The cloud storage server stores the file in a storage device of the cloud storage server. The cloud storage server determines features of the server-stored file and detects ransomware activity based on the features of the server-stored file. The cloud storage server sends a notification of the ransomware activity to the client device. The client device confirms the presence or an absence of the ransomware activity in the server-stored file. The cloud storage server updates an operation of the detection of the ransomware activity based on the received ransomware confirmation.

Abstract: Methods and systems for repairing user devices infected with malicious code. One method includes storing registration information for a plurality of user devices accessing a remote file storage system, the registration information including a unique identifier of each user device and an identifier of an antivirus software installed locally on each user device. The method also includes, in response to detecting an infected file within the remote file storage system, determining a unique identifier of one of the a user device included in the plurality of user devices interacting with the infected file, accessing the registration information to identify, based on the unique identifier of the user device interacting with the infected file within the remote file storage system, an identifier of antivirus software installed locally on the user device, and remotely initiating the antivirus software installed locally on the user device based on the identifier of the antivirus software.

Abstract: A system is provided for controlling access to data stored in a cloud-based storage service. Data associated with a user account is stored at the cloud-based storage service. A first request to cause a portion of the data to be associated with a heightened authentication protocol is received. In response, the portion of the data is caused to require the heightened authentication protocol for access. A second request for a file that is stored in the area that is associated with the heightened authentication protocol is received. The second request is authenticated based on the heightened authentication protocol. In response to authenticating the second request, permission is granted to access the file. In response to a failure to authenticate the second request, access to the file is denied, while access to files stored in other areas associated with the user account is allowed.

Abstract: A cloud storage server determines features of files in a storage account of the cloud storage server. The storage account is registered with a client device. The cloud storage server detects ransomware activity based on the features of the files. A notification is generated to the client device. The notification indicates the detected ransomware activity in the storage account, and one or more remediation options for the detected ransomware activity in the storage account. The cloud storage server receives, from the client device, a remediation option selected from the one or more remediation options and recovers one or more files in the storage account based on the selected remediation option.

Abstract: Systems and methods for restoring a file system to a point-in-time without relying on a backup. One system includes an electronic processor configured to automatically restore a file system to a specified point-in-time by (a) automatically restoring, from a recycle bin, items deleted from the file system after the point-in-time, (b) automatically deleting, from the file system, items created within the file system after the point-in-time, (c) automatically moving items moved within the file system after the point-in-time to a location within the file system associated with the point-in-time, (d) automatically deleting, from the file system, items copied within the file system after the point-in-time, (e) automatically renaming items renamed within the file system after the point-in-time to a name associated with the point-in-time, and (f) automatically restoring, from a version history, a version associated with the point-in-time for items with content modified after the point-in-time.

Abstract: A cloud storage server receives a request from a client device to store a tile. The cloud storage server stores the file in a storage device of the cloud storage server. The cloud storage server determines features of the server-stored file and detects ransomware activity based on the features of the server-stored file. The cloud storage server sends a notification of the ransomware activity to the client device. The client device confirms the presence or an absence of the ransomware activity in the server-stored file. The cloud storage server updates an operation of the detection of the ransomware activity based on the received ransomware confirmation.

Abstract: A cloud storage server determines features of files in a storage account of the cloud storage server. The storage account is registered with a client device. The cloud storage server detects ransomware activity based on the features of the files. A notification is generated to the client device. The notification indicates the detected ransomware activity in the storage account, and one or more remediation options for the detected ransomware activity in the storage account. The cloud storage server receives, from the client device, a remediation option selected from the one or more remediation options and recovers one or more files in the storage account based on the selected remediation option.

Abstract: A cloud storage server receives a detection notification from a client device. The cloud storage server is configured to store files received from the client device. The detection notification indicates a ransomware activity detected by the client device. The cloud storage server receives a remediation notification from the client device. The remediation notification indicates that the ransomware activity has been remediated by the client device. The cloud storage server updates an operation of a server-based ransomware detection application based on the detection notification and the remediation notification.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device and determines that one or more compromised server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server determines a plurality of recovery options based on an identification of the one or more compromised server-stored files and the time at which changes to the one or more compromised server-stored files became affected by the malware activity. The plurality of recovery options comprises a suggested restore point identifying a restore time to which changes to the one or more compromised server-stored files are reverted. The cloud storage server transmits a recovery notification that indicates the plurality of recovery options to the client device.

Abstract: A cloud storage server accesses a plurality of server-stored files of a cloud storage account of a client device. The cloud storage server determines that one or more server-stored files from the plurality of server-stored files are affected by a malware activity. The cloud storage server generates a graphical user interface that includes a detection notification and a confirmation request, the detection notification indicating a detected presence of malware in the one or more server-stored files and metadata corresponding to the one or more server-stored files, the confirmation request indicating a request for the client device to confirm the detected presence of malware in the one or more server-stored files. A confirmation response is received from the client device. The confirmation response identifies at least one of the one or more server-stored files and confirming the presence of malware activity in the identified server-stored files.

Abstract: Systems and methods for restoring a file system to a point-in-time without relying on a backup. One system includes an electronic processor configured to automatically restore a file system to a specified point-in-time by (a) automatically restoring, from a recycle bin, items deleted from the file system after the point-in-time, (b) automatically deleting, from the file system, items created within the file system after the point-in-time, (c) automatically moving items moved within the file system after the point-in-time to a location within the file system associated with the point-in-time, (d) automatically deleting, from the file system, items copied within the file system after the point-in-time, (e) automatically renaming items renamed within the file system after the point-in-time to a name associated with the point-in-time, and (f) automatically restoring, from a version history, a version associated with the point-in-time for items with content modified after the point-in-time.

Abstract: Systems and methods are provided for capturing and combining media data and geodata into a composite file. The system may include a media data capture module configured to capture media data at a plurality of geographic locations along a path in a geographic area, and to store the media data in a media data stream. The system may further include a geodata capture module configured to capture geodata indicating the geographic locations along the path at which the media data was captured. The system may also include a multiplexing module for interleaving the media data and the geodata into a composite file.

Abstract: A clock rate used in rendering broadcast streaming audio/video data is adjusted to converge on a clock rate associated with broadcasting the streaming data. The clock rate is adjusted by monitoring the buffer depth associated with a receive buffer that stores the incoming streaming data. The buffer depth provides an estimate of clock drift between the two clock rates. From the estimate of clock drift, the clock rate used in rendering broadcast streaming data is adjusted to avoid the clock drift causing skips or pauses in the rendered audio/video data.

Abstract: Systems and methods are provided for capturing and combining media data and geodata into a composite file. The system may include a media data capture module configured to capture media data at a plurality of geographic locations along a path in a geographic area, and to store the media data in a media data stream. The system may further include a geodata capture module configured to capture geodata indicating the geographic locations along the path at which the media data was captured. The system may also include a multiplexing module for interleaving the media data and the geodata into a composite file.