Abstract: Disclosed herein are systems and method for protecting core files in a content management system (CMS). In one aspect, a method includes detecting execution of a script on a computing device. In response to determining that the script is located in the core folder and is not included in an exclude list that includes paths of scripts and files that are marked as not malicious, the method includes blocking the execution of the script. If the script is not in the core folder, the method includes determining whether the script will upload, to the core folder, a file that is not in the exclude list. In response to determining that the script will upload the file to the core folder, the method includes blocking write functions in the script during the execution.

Abstract: Disclosed herein are systems and method for protecting core files in a content management system (CMS). In one aspect, a method includes detecting execution of a script on a computing device. In response to determining that the script is located in the core folder and is not included in an exclude list that includes paths of scripts and files that are marked as not malicious, the method includes blocking the execution of the script. If the script is not in the core folder, the method includes determining whether the script will upload, to the core folder, a file that is not in the exclude list. In response to determining that the script will upload the file to the core folder, the method includes blocking write functions in the script during the execution.

Abstract: Disclosed herein are systems and method for preventing zero-day attacks. A method may include receiving a first report including information about an execution of a first script of an application that modifies a file on a first computing device, and receiving a second report including an indication that the file includes malicious code. In response to determining that an identifier of the file is present in both the first report and the second report, the method may include generating and transmitting, to the first computing device, a first rule that prevents execution of any script that shares at least one operation of the first script. The method may include, in response to determining that a vulnerability detected by the first rule is not present in a vulnerability database, generating an entry in the vulnerability database for the vulnerability as a zero-day vulnerability and transmitting an alert to the application developer.