Abstract: Aspects of the subject matter described herein relate to providing file access in a multi-protocol environment. In aspects, a file server is operable to receive requests formatted according to two or more file access protocols. If a request is formatted according to a first file access protocol, the file server applies access rights associated with the file to an account associated with a requester to determine whether to grant access. If the request is formatted according to the second file access protocol, the file server may first attempt to find an account for the requester. If an account is not found, the file server may then grant access based on access rights associated with the file as applied to information in the request without consulting an account on the file server.

Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

Abstract: At computer device power on, the operating system of the computer device initiates a monitor. The monitor assigns a monitoring program to each program and object (collectively, “program”) running on the computer device to monitor the activities of the program. When the monitoring program is assigned to a program, the monitoring program is assigned an integrity and/or privacy label (collectively, “integrity label”) based on predetermined criteria applied to the monitored program. The monitoring program, in turn, assigns an integrity label to the program monitored by the monitoring program. The integrity label assigned to the monitored program is less than or equal to the integrity label of the monitoring program. The monitor enforces an integrity policy of the computer device based on the integrity label assigned to monitored programs and the integrity label associated with data, another program, or a remote network resource that the monitored program is seeking to access.

Abstract: Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner.

Abstract: Systems, methods, and computer-readable media for identifying executable scenario solutions relevant to a user query and returning such executable scenario solutions as search results in response to the user query are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a series of steps which may be implemented to address a particular issue relevant to the received user query. Often, a series of steps or scenario includes a number of sub-scenarios, each of which is to be executed sequentially to achieve the desired result. Accordingly, upon selection of a particular search result, the user may be guided through a series of sub-scenario result options until an item having direct association to a series of steps is selected. Once selected, the executable scenario solution is presented to the user for execution.

Abstract: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.

Abstract: Alternative chemical and/or solid state forms of Compound I, processes to reproducibly make them and methods of treating patients using them.

Abstract: Techniques are described herein for securely prompting a user to confirm sensitive operations, input sensitive information or the like. The techniques include receiving or intercepting calls from applications to prompting routines. When a call to a prompting routine is received or intercepted a hint may be provided to the user to switch to a secure desktop. When the user switches from the user desktop to the secure desktop the particular prompt is displayed. The input to the prompt is received on the secure desktop and verified to have been provided by the user. The user input or a representation of the input is then returned to the application running on the user desktop. Using these techniques, interception of prompting messages by malware does not result in sensitive information being revealed. Furthermore, spoofing of new messages by malware does not lead to the dismissal of critical prompting.

Abstract: This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.

Abstract: Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions.

Abstract: Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms.

Abstract: In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers.

Abstract: A facility for augmenting software in a target computer system is described. The facility receives and augmentation specification in the target computer system. The augmentations specification specifies: (a) a function to be augmented, (b) a parameter of the function to be tested, (c) a test to apply to the specified parameter, and (d) and modification to perform to the behavior of the function if the specified test is not satisfied by the specified parameter. When the specified function is invoked on the target computer system, if the specified tested is not satisfied by the specified parameter, the facility performs the specified modification to the behavior of the specified function.

Abstract: Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user.

Abstract: The present invention provides a system, method, and computer-readable medium for identifying malware that is loaded in the memory of a computing device. Software routines implemented by the present invention track the state of pages loaded in memory using page table access bits available from a central processing unit. A page in memory may be in a state that is “unsafe” or potentially infected with malware. In this instance, the present invention calls a scan engine to search a page for malware before information on the page is executed.