Abstract: A method of protecting an endpoint against a security threat detected at the endpoint, wherein the endpoint includes, in memory pages of the endpoint, an operating system (OS), a separate software entity, and remediation code, includes the steps of: transferring control of virtual CPUs (vCPUs) of the endpoint from the OS to the separate software entity; and while the separate software entity controls the vCPUs, storing, in an interrupt dispatch table, an instruction address corresponding to an interrupt, wherein the remediation code is stored at the instruction address, and replacing a next instruction to be executed by the OS, with an interrupt instruction, wherein the interrupt is raised when the OS executes the interrupt instruction, and the remediation code is executed as a result of handling of the interrupt that is raised.

Abstract: An example method may include determining, by a first program running on a first compute node, that a shared datastore connected to the first compute node includes address information for downloading an agent installer and proxy information for accessing a proxy server. The address information and the proxy information may be stored in the shared datastore by a second program running on a second compute node based on a user-configured input. Further, the method may include reading, by the first program, the proxy information and the address information from the shared datastore. Furthermore, the method may include downloading, by the first program, the agent installer from a destination server corresponding to the address information via a proxy server associated with the proxy information. Further, the method may include executing, by the first program, the agent installer to install the agent on the first compute node.

Abstract: The current document is directed to automated methods and systems that monitor system-call execution by operating systems in order to detect operating-system corruption. A disclosed implementation of the currently disclosed automated system-call-integrity monitor generate operational system-call fingerprints for randomly selected system calls executed by guest operating systems of randomly selected virtual machines and compares the operational system-call fingerprints to reference system-call fingerprints in order to detect operational anomalies of guest operating systems that are likely to represent guest-operating-system corruption. In disclosed implementations, a system-call fingerprint includes a system-call execution time, the number of instructions executed during execution of the system call, and a snapshot of the call stack taken during execution of the system call.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: A method of performing diagnostics in a hierarchical diagnostics electrical architecture of a vehicle, the vehicle comprising a plurality of on-board computing devices for hosting the hierarchical diagnostics electrical architecture. The hierarchical diagnostics electrical architecture comprising: a component diagnostic layer having a plurality of electronic control units each comprising a diagnostics server module; and at least one supervisory diagnostic layer.

Abstract: System and method for executing scan operations on computing systems use a sparse file that represents a storage device of a computing system to scan a file stored in the storage device. The sparse file is created and mounted to a scanner appliance such that the sparse file appears to a scan engine of the scanner appliance as a local storage device. When a read request for the file stored in the storage device is issued from the scan engine that results in an implicit read request to the sparse file, the implicit read request is trapped. While the implicit read request is trapped, data of the file is retrieved from the storage device of the computing system to the scanner appliance using a communication transport. The retrieved data of the file is then scanned using the scan engine at the scanner appliance.

Abstract: A method of performing diagnostics in a hierarchical diagnostics electrical architecture of a vehicle, the vehicle comprising a plurality of on-board computing devices for hosting the hierarchical diagnostics electrical architecture. The hierarchical diagnostics electrical architecture comprising: a component diagnostic layer having a plurality of electronic control units each comprising a diagnostics server module; and at least one supervisory diagnostic layer.

Abstract: A method of protecting an endpoint against a security threat, wherein the endpoint includes an OS and a separate software entity included in memory pages of the endpoint, includes the steps of: preventing the OS from scheduling any tasks on vCPUs of the endpoint by transferring control of the vCPUs from the OS to the separate software entity; while the OS is prevented from scheduling any tasks on the vCPUs, scanning, by the separate software entity, at least one of a list of processes of the endpoint and a subset of the memory pages of the endpoint, and upon receiving an identification of a malicious process, terminating, by the separate software entity, the malicious process; and after the separate software entity terminates the malicious process, allowing the OS to schedule tasks on the vCPUs by transferring control of the vCPUs from the separate software entity to the OS.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: The present disclosure describes secured interprocess communication (IPC). The operating system traps application-level IPC calls to an IPC agent, which handles the IPC call. The IPC agent executes in a trusted execution environment so that communications between the applications involved in the IPC are secure. Since processing of IPC by the IPC agent bypasses the operating system, IPC remains secure despite any attacks against the operating system code.

Abstract: A next generation antivirus (NGAV) security solution in a virtualized computing environment includes a security sensor at a virtual machine that runs on a host and a security engine remote from the host. The integrity of the NGAV security solution is increased, by providing a verification as to whether a verdict issued by the security engine has been successfully enforced by the security sensor to prevent execution of malicious code at the virtual machine.

Abstract: In some embodiments, a method stores domain name system (DNS) resolution mappings from a domain name to an address in a first table. The DNS resolution mappings are intercepted from DNS responses being sent by a DNS server. The first table is sent to a manager for validation of the DNS resolution mappings. Then, a second table is received from the manager that contains validated DNS resolution mappings. The method intercepts a DNS response that includes a domain name to address resolution mapping from the DNS server and validates the domain name to address resolution mapping using a validated DNS resolution mapping in the second table.

Abstract: A system may include a host computer, a VCI running on the host computer, a virtualization layer executing in the host computer to support the VCI, and an in-guest agent executing in the VCI. The virtualization layer receives a message including metadata about a first memory region to be copied and an indication of loading of an upgraded version of the in-guest agent. Further, the virtualization layer copies data from the first memory region to a second memory region. Furthermore, the virtualization layer receives information about an entry point of the upgraded version from the in-guest agent. Also, the virtualization layer receives a request to register the entry point from the upgraded version and verifies the request based on the information about the entry point. Upon verifying the request, the virtualization layer enables the upgraded version to copy the data from the second memory region.

Abstract: An example method of providing a transient cache in system memory of a host for swap space on storage accessible by the host, the method including: identifying, by transient cache drivers executing in virtual machines (VMs) supported by a hypervisor executing on the host, unused space in code pages of a plurality of processes executing in the VMs; sending, from the transient cache drivers to a transient cache manager of the hypervisor, unused space metadata describing the unused space; creating, by the transient cache manager based on the unused space metadata, the transient cache in the system memory by aggregating the unused space; and providing, to a first transient cache driver of the transient cache drivers executing in a first VM of the VMs, information for accessing the transient cache.

Abstract: The present disclosure relates to a distributed diagnostics architecture for a vehicle. The diagnostics architecture comprises a plurality of application functions hosted on a central compute platform (CCP) of the vehicle, a plurality of remote input/output concentrator modules (RIOs) provided at different locations within the vehicle, and a vehicle diagnostics manager (VDM). The application functions are configured to control vehicle functions. The application functions are further configured to run diagnostic fault monitors pertaining to strategic or system-level faults for their associated vehicle functions, and to transmit strategic fault data related to their associated vehicle functions to the VDM. The RIO are connected to I/O devices of the vehicle. The RIOs are configured to run diagnostic fault monitors pertaining to physical or component-level faults for their associated I/O devices, and to transmit physical fault data related to their associated I/O devices to the VDM.

Abstract: A method of providing diagnostics communication in a diagnostics electrical architecture of a vehicle, the vehicle comprising a plurality of on-board computing devices for hosting the diagnostics electrical architecture. The diagnostics electrical architecture comprises: one or more electronic control units each comprising a diagnostics server module; a service interface module arranged to allow diagnostic communication between the one or more electronic control units and a network service bus of the vehicle; and a diagnostic services registry module.

Abstract: A method of performing diagnostics in a hierarchical diagnostics electrical architecture of a vehicle, the vehicle comprising a plurality of on-board computing devices for hosting the hierarchical diagnostics electrical architecture. The hierarchical diagnostics electrical architecture comprising: a component diagnostic layer having a plurality of electronic control units each comprising a diagnostics server module; and at least one supervisory diagnostic layer.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.

Abstract: Example methods are provided to identify unused memory regions in pages that are allocated for storing executable code. One or more of the unused memory regions are usable as a secure location to store confidential information shared between a hypervisor on the host and a guest (such as a guest virtual computing instance) that runs on the host. The one or more unused memory regions may also be used to store executable code (such as valid executable code of antivirus software or other security program) that has been prevented/delayed in its execution by malicious code that has occupied the pages, thereby providing the executable code with sufficient memory resources to enable the executable code to at least partially complete execution.