Abstract: Disclosed herein are systems and methods for deleting files. In one aspect, an exemplary method comprises, obtaining at least initial data about a file to be deleted in accordance with an instruction to remove the file from a data storage device, analyzing the file to be deleted and the data storage device to determine at least deletion parameters of the file to be deleted, performing a dynamic formation of a deletion algorithm, wherein the formation further includes the formation of a structure for writing and a determination of a location for the writing during the deletion of the file in accordance with the determined deletion parameters and rules of formation, and deleting the file by applying the deletion algorithm.

Abstract: Disclosed herein are systems and methods for deleting files. In one aspect, an exemplary method comprises, obtaining at least initial data about a file to be deleted in accordance with an instruction to remove the file from a data storage device, analyzing the file to be deleted and the data storage device to determine at least deletion parameters of the file to be deleted, performing a dynamic formation of a deletion algorithm, wherein the formation further includes the formation of a structure for writing and a determination of a location for the writing during the deletion of the file in accordance with the determined deletion parameters and rules of formation, and deleting the file by applying the deletion algorithm.

Abstract: Disclosed are systems and methods for generating rules for detecting modified or corrupted external devices connected to a computer system. An exemplary method includes analyzing data associated with the external device connected to the computer system based on stored data associated with one or more other devices; identifying at least one anomaly associated with the analyzed data that indicates the detected external device is modified or corrupted; generating at least one rule in response to the identified anomaly, wherein the at least one rule is based on the external device; and storing the at least one rule in a database accessible to the computer system.

Abstract: Disclosed are systems and methods for generating rules for detecting modified or corrupted external devices connected to a computer system. An exemplary method includes analyzing data associated with the external device connected to the computer system based on stored data associated with one or more other devices; identifying at least one anomaly associated with the analyzed data that indicates the detected external device is modified or corrupted; generating at least one rule in response to the identified anomaly, wherein the at least one rule is based on the external device; and storing the at least one rule in a database accessible to the computer system.

Abstract: Solution for autonomously securing the use of a portable drive with a computer network. A data store is written and maintained that contains entries corresponding to a plurality of portable drives initialized for use with the computer network, each entry corresponding to at least one identifiable drive. Events are monitored as they occur on the computer network involving use of each of the plurality of portable drives. Predefined security policy determination criteria is applied, which can include drive mobility assessment criteria and drive content sensitivity criteria, to determine a drive-specific security policy for each one of the plurality of portable drives. A set of at least one policy enforcement action is executed that corresponds to a determined drive-specific security policy in response to detected usage activity for each one of the plurality of portable drives.

Abstract: Solution for autonomously securing the use of a portable drive with a computer network. A data store is written and maintained that contains entries corresponding to a plurality of portable drives initialized for use with the computer network, each entry corresponding to at least one identifiable drive. Events are monitored as they occur on the computer network involving use of each of the plurality of portable drives. Predefined security policy determination criteria is applied, which can include drive mobility assessment criteria and drive content sensitivity criteria, to determine a drive-specific security policy for each one of the plurality of portable drives. A set of at least one policy enforcement action is executed that corresponds to a determined drive-specific security policy in response to detected usage activity for each one of the plurality of portable drives.

Abstract: Disclosed are systems and methods for detecting modified or corrupted external devices connected to a computer system. An exemplary method includes storing in a database, data that relates to devices previously connected to the computer system and rules that specify conditions that indicate when the device should be further analyzed as being possibly corrupted. The method further includes receiving from the device data that relates to the device or to a connection between the device and the computer system; performing an analysis of the received data by comparing the received data and the stored data relating to devices previously connected to the computer system; and applying results of the analysis of the received data to the rules to determine whether the at least one condition is satisfied that indicates that the device is possibly modified or corrupted and should be further analyzed for presence of malware.

Abstract: Disclosed are system, methods, and computer program product for designation of encryption policies for user devices. An example method includes determining one or more criteria for the user device related to encryption requirements of the user device; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining an encryption policy for the device based on the coefficient; and applying the determined encryption policy to the device.

Abstract: Disclosed are system, methods, and computer program product for applying security policies based on available licenses to a plurality of devices. An example method includes determining, by a processor, one or more criteria for a device relating to a priority of the device in the network for application of the security policies; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining the priority of the device based on the coefficient of the device and respective coefficients of the plurality of devices; designating a security policy for the device based on the priority of the device; determining availability of a license for a software applying the designated security policy to the device; and when the license for the software that applies the designated security policy is available, applying the designated security polity to the device.

Abstract: Solution for autonomously securing the use of a portable drive with a computer network. A data store is written and maintained that contains entries corresponding to a plurality of portable drives initialized for use with the computer network, each entry corresponding to at least one identifiable drive. Events are monitored as they occur on the computer network involving use of each of the plurality of portable drives. Predefined security policy determination criteria is applied, which can include drive mobility assessment criteria and drive content sensitivity criteria, to determine a drive-specific security policy for each one of the plurality of portable drives. A set of at least one policy enforcement action is executed that corresponds to a determined drive-specific security policy in response to detected usage activity for each one of the plurality of portable drives.

Abstract: Disclosed is a portable security device and method for detection and treatment of computer malware. An example method includes performing a malware detection experiment by the security device on the computer by simulating a connection to the computer of a simulated data storage device containing a predefined set of data. The method further includes determining if there are any modifications in the set of data contained in the simulated data storage device after termination of the malware detection experiment. The method further includes, based on whether there are any modifications in the set of data, determining whether to perform one or more subsequent malware detection experiments by the security device on the computer. In one example aspect, each of the one or more subsequent malware detection experiments are configured to simulate a different connection to the computer of a different simulated data storage device containing the predefined set of data.

Abstract: A server-based system for generation of heuristic scripts for malware detection includes an automatic heuristics generation system for generating heuristic scripts for curing malware infections; a log database containing logs of events from user computers, including detection of known malicious objects and detection of suspicious objects; a safe objects database accessible containing signatures of known safe objects; a malicious objects database containing signatures of known malicious objects. The system retrieves suspect object metadata from the log database and generates the heuristic script based on data from the safe and malicious objects databases. For multiple computers having the same configuration and having the same logs, only one log common to all the multiple computers is transmitted and only one heuristic script is distributed to the multiple computers. A different and specific heuristic script is distributed to those computers that have a different log than the common log.

Abstract: Disclosed are systems, methods and computer program products for treatment of malware using an antivirus driver. In one aspect, an example method includes performing, by an antivirus software, an antivirus scan of the computer; detecting, by the antivirus software, a malicious object on the computer; formulating at least one task for treatment of the detected malicious object; configuring and activating on the computer an antivirus driver of the antivirus software to execute the at least one formulated task for treatment of the detected malicious object; and rebooting the computer by the antivirus software, whereby upon rebooting of the computer the antivirus driver is loaded by the operating system of the computer to execute the at least one task for treatment of the detected malicious object.

Abstract: Disclosed are system, methods, and computer program product for designation of encryption policies for user devices. An example method includes determining one or more criteria for the user device related to encryption requirements of the user device; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining an encryption policy for the device based on the coefficient; and applying the determined encryption policy to the device.

Abstract: Disclosed are system, methods, and computer program product for applying security policies based on available licenses to a plurality of devices. An example method includes determining, by a processor, one or more criteria for a device relating to a priority of the device in the network for application of the security policies; determining numeric values for each of the one of more criteria; determining a coefficient for the device based on the numeric values; determining the priority of the device based on the coefficient of the device and respective coefficients of the plurality of devices; designating a security policy for the device based on the priority of the device; determining availability of a license for a software applying the designated security policy to the device; and when the license for the software that applies the designated security policy is available, applying the designated security polity to the device.

Abstract: Disclosed are system, method and computer program product for assessing security danger of software. The system collects information about a suspicious, high-danger software objects, including one or more malicious characteristics of the software object, security rating of the software object, and information about one or more security rating rules used in assessing the security rating of the software object. The system then determines whether the suspicious object is a clean (i.e., harmless). When the suspicious object is determined to be clean, the system identifies one or more unique, non-malicious characteristics of the software object and generates a new security rating rule that identifies the software object as clean based on the one or more selected non-malicious characteristics. The system then assigns high priority ranking to the new security rating rule to ensure that the rule precedes all other rules.

Abstract: Disclosed are systems, methods and computer program products for detecting computer malware using security rating rules. In one example, the system identifies at least one problematic security rating rule that was activated during antivirus analysis of both safe and malicious programs. The system then selects a group of programs for which said problematic rule was activated. The system then identifies in the selected group of programs a plurality of only malicious programs or the plurality of only safe programs based on the problematic security rating rule and at least one different security rating rule. The system then generates a behavior model script based on the problematic security rating rule and the at least one different security rating rule and executes said behavior model script during antivirus analysis of said analyzed program to detect a computer malware in said analyzed program.

Abstract: System and method for re-adjustment of a security application to various application execution scenarios. Application execution scenarios for each of a set of software applications are created, each representing a specific subset of functionality of a corresponding application. Sets of security application configuration instructions are stored, each corresponding to at least one of the application execution scenarios. A current one or more of the application execution scenarios that is being executed in the computing device is determined and, in response, a set of security application configuration instructions corresponding to each current application execution scenario are carried out, such that the security application is adjusted to perform a specific subset of security functionality that is particularized to the current one or more of the application execution scenarios.

Abstract: Disclosed is a portable security device and method for detection and treatment of computer malware. An example method includes performing a malware detection experiment by the security device on the computer by simulating a connection to the computer of a simulated data storage device containing a predefined set of data. The method further includes determining if there are any modifications in the set of data contained in the simulated data storage device after termination of the malware detection experiment. The method further includes, based on whether there are any modifications in the set of data, determining whether to perform one or more subsequent malware detection experiments by the security device on the computer. In one example aspect, each of the one or more subsequent malware detection experiments are configured to simulate a different connection to the computer of a different simulated data storage device containing the predefined set of data.

Abstract: Disclosed is a portable security device and method for detection and treatment of computer malware. The security device includes a communication interface for connecting to a computer, a memory for storing a set of data for use in malware detection experiments, and an antivirus engine configured to perform one or more malware detection experiments on the computer. A malware detection experiment includes simulating a connection to the computer of a data storage device containing a predefined set of data. The antivirus engine further configured to identify modifications in the set of data contained in the data storage device after termination of one or more malware detection experiments, analyze a modified set of data for presences of computer malware, determine a treatment mechanism for the detected malware, perform treatment of the detected malware on the computer, and generate user reports.