Abstract: An enterprise security system is improved by taking remedial actions responsive to detecting attempts at tampering with computing resources. When a tamper detection instrument detects an attempt at tampering, information about the attempt at tampering may be used to identify one or more candidate types of threats and/or candidate threats. One or more remedial actions associated with the threat or type of threat can be identified and applied in ten enterprise network environment.

Abstract: A security driver loads early in the boot process for a compute instance and detects processes that are subsequently launched. The detected processes can be recorded, and then scanned with any suitable malware scanning tool(s) once a user mode is available on the compute instance. After the operating system is installed and a user mode is available, other scanning tools may also be deployed (e.g., in the user mode) to augment security of the compute instance.

Abstract: A security driver loads early in the boot process for a compute instance and detects processes that are subsequently launched and/or terminated. The detected processes can be recorded, and then scanned with any suitable malware scanning tool(s) once a user mode is available on the compute instance, including any processes that are terminated before such scanning tools are launched. After the operating system is installed and a user mode is available, other scanning tools may also be deployed (e.g., in the user mode) to augment security of the compute instance.

Abstract: A security driver loads early in the boot process for a compute instance and detects processes that are subsequently launched and/or terminated. The detected processes can be recorded, and then scanned with any suitable malware scanning tool(s) once a user mode is available on the compute instance, including any processes that are terminated before such scanning tools are launched. After the operating system is installed and a user mode is available, other scanning tools may also be deployed (e.g., in the user mode) to augment security of the compute instance.

Abstract: A security driver loads early in the boot process for a compute instance and detects processes that are subsequently launched. The detected processes can be recorded, and then scanned with any suitable malware scanning tool(s) once a user mode is available on the compute instance. After the operating system is installed and a user mode is available, other scanning tools may also be deployed (e.g., in the user mode) to augment security of the compute instance.