Abstract: The disclosed computer-implemented method for detecting nonfunctional endpoint devices may include (i) identifying, at a networking device, an endpoint device, (ii) identifying, at the networking device, a behavioral profile of the endpoint device that may include (a) a functional pattern of network behavior of the endpoint device that occurs while the endpoint device is in a functional state and/or (b) a nonfunctional pattern of network behavior of the endpoint device that occurs while the endpoint device is in a nonfunctional state, (iii) passively monitoring, at the networking device, network traffic of the endpoint device, (iv) determining, at the networking device, that the endpoint device is nonfunctional by detecting (a) an absence of the functional pattern in the network traffic and/or (b) a presence of the nonfunctional pattern in the network traffic, and (v) performing a security action. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for altering time data may include (i) identifying an untrusted executable that is capable of making queries to an operating system of the computing device, (ii) intercepting a request by the untrusted executable to query a system clock of the operating system of the computing device for a current time, (iii) calculating an offset value for the current time that is within a predetermined margin of the current time, and (iv) providing, in response to the request, the untrusted executable with the offset value for the current time instead of the current time. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for detecting preparatory-stages of rowhammer attacks may include (i) receiving, at a computing device, signatures of preparatory behaviors that are known to be exhibited by malicious virtual machines during preparatory stages of rowhammer attacks, (ii) monitoring, at the computing device, behaviors of a virtual machine that is hosted by the computing device, (iii) detecting, at the computing device while monitoring behaviors of the virtual machine, a behavior that matches one of the signatures of preparatory behaviors, and (iv) performing, in response to detecting the behavior that matches one of the signatures of preparatory behaviors, a security action to prevent the virtual machine from perpetrating a successful rowhammer attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for remediating computer reliability issues may include (1) obtaining a computer-generated log line that potentially includes information pertaining to a cause of a reliability issue experienced by a device, (2) determining that a product-specific schema has not been created for a product that generated the computer-generated log line, (3) in response to determining that a product-specific schema has not been created for the product, matching values of the computer-generated log line to fields within one or more established schemas that are not specific to the product, (4) identifying an entry, within the one or more established schemas, that corresponds to the computer-generated log line, and (5) remediating the device based on information associated with the entry within the one or more established schemas. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for enabling safe memory de-duplication in shared-computing environments may include (i) identifying a first virtual machine and a second virtual machine, (ii) calculating a trustworthiness score for the first virtual machine based on a trustworthiness score of each binary of the first virtual machine, (iii) calculating a trustworthiness score for the second virtual machine based on a trustworthiness score of each binary of the second virtual machine, and (iv) enabling the first virtual machine and the second virtual machine to share a page frame of physical memory by assigning, based on the trustworthiness scores of the first virtual machine and the second virtual machine being above a predetermined threshold, the first virtual machine and the second virtual machine to a trusted group of virtual machines that can share physical memory. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for anonymizing log entries may include (1) detecting a data pattern in a group of log entries documenting events performed by at least one process executing on at least one device, (2) identifying, in the data pattern, at least one data field in the log entries that contains variable data, (3) evaluating the data field containing variable data to determine whether the data field contains sensitive data, and (4) in response to determining whether the data field contains sensitive data, applying a data-anonymization policy to the data field to anonymize the log entries. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and cause the second network communication to be sent.

Abstract: The disclosed computer-implemented method for detecting modification attacks on shared physical memory may include (i) identifying a page frame of physical memory that is shared by a plurality of virtual machines, (ii) calculating a first checksum for the page frame, (iii) calculating, while the page frame is shared by the plurality of virtual machines and before any of the plurality of virtual machines writes to a page of virtual memory that is mapped to the page frame, a second checksum for the page frame, (iv) detecting a modification attack (such as a rowhammer attack) on the page frame by one of the plurality of virtual machines by detecting that the first checksum does not equal the second checksum, and (v) performing a security action in response to detecting the modification attack. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and authenticate a particular user and provide analysis results generated by the one or more analytic components; and a gateway configured to receive data from one or more secure data sources external to the virtual container and associated with the particular user for use by the one or more analytic components.

Abstract: A computer-implemented method for digitally signing executables with reputation information is disclosed. This method may include (1) receiving a request for a reputation certificate for an executable file, (2) identifying reputation information associated with the executable file, (3) generating a digitally signed reputation certificate for the executable file that includes at least the reputation information associated with the executable file, and then (4) providing the reputation certificate in response to the request. Additional computer-implemented methods for evaluating the trustworthiness of executable files based at least in part on reputation information contained within such digitally signed reputation certificates, along with corresponding systems and computer-readable media, are also disclosed.

Abstract: Knowledge of a module's behavior when the module's reputation is formed is obtained. If the module's behavior changes, this change is detected. In one embodiment, upon a determination that the module's behavior has changed, the module's original reputation is lost. In this manner, malicious trusted modules are detected and defeated.

Abstract: The disclosed computer-implemented method for detecting malware infections via domain name service traffic analysis may include (1) detecting, on the computing device, a failed domain name service request originating from the computing device, (2) creating a record including information about the failed domain name request and a static unique identifier for the computing device, (3) correlating the record with a set of previous records about failed domain name service requests originating from the computing device with the static unique identifier, and (4) determining, based on correlating the record with the set of previous records, that the computing device is infected with malware that generated the failed domain name service request. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: The disclosed computer-implemented method for anonymizing log entries may include (1) detecting a data pattern in a group of log entries documenting events performed by at least one process executing on at least one device, (2) identifying, in the data pattern, at least one data field in the log entries that contains variable data, (3) evaluating the data field containing variable data to determine whether the data field contains sensitive data, and (4) in response to determining whether the data field contains sensitive data, applying a data-anonymization policy to the data field to anonymize the log entries. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Application authorization management is provided without installation of an agent at an operating system level. A component runs outside of the operating system, in an AMT environment. AMT is utilized to examine the operating system for applications. Identified applications are checked against a whitelist or a blacklist. Responsive to determining that an identified application is not authorized, AMT is used to redirect input/output requests targeting the application to an alternative image, which can, for example, warn the user that the application is not authorized.

Abstract: Techniques for generating a virtual private container (VPC) are disclosed. In one embodiment, the techniques may be realized as a virtual container defining a self-contained software environment, comprising one or more analytic components configured to carry out specified analytic functions on data within the container, wherein the one or more analytic components are isolated to run within the self-contained software environment of the container; an interface configured to identify and authenticate a particular user and provide analysis results generated by the one or more analytic components; and a gateway configured to receive data from one or more secure data sources external to the virtual container and associated with the particular user for use by the one or more analytic components.

Abstract: Techniques for managing privacy of a network communication may be realized as a computer-implemented system, including one or more processors that store instructions, and one or more computer processors that execute the instructions to receive a first network communication, extract information from the first network communication, identify a privacy rule based on the information, generate a second network communication based on the first network communication and the privacy rule, and cause the second network communication to be sent.

Abstract: A computer-implemented method for providing secure access to local network devices may include (1) identifying a local area network that provides Internet connectivity to at least one device within the local area network, (2) obtaining, from an identity assertion provider, (i) a shared secret for authenticating the identity of a guest user of the device and (ii) a permission for the guest user to access the device from outside the local area network, (3) storing the shared secret and the permission within the local area network, (4) receiving, via the Internet connectivity, a request by the guest user from outside the local area network to access the device, and (5) providing access to the device in response to validating the request based on the shared secret and the permission. Various other methods and systems are also disclosed.

Abstract: A method includes creating a virtual machine including a remote file system, a file system service, and a security application. Access to the remote file system is restricted with the security application upon an unknown malicious code outbreak. The more that is known about the threat, the more precise are the restrictions placed upon the file system thus reducing the impact on users of the file system to an absolute minimum.

Abstract: A digitally signed unknown application from a software publisher having a reputation is assigned the reputation of the software publisher. In this manner, software publishers who have an established reputation of publishing applications are allowed to rely on their existing reputation when releasing a new application. By quickly assigning reputations to new applications, users executing the new applications for the first time are provided timely recommendations on the quality, e.g., trustworthiness, of the applications they wish to run.

Abstract: A computer-implemented method for enabling community-tested security features for legacy applications may include: 1) identifying a plurality of client systems, 2) identifying a legacy application on a client system within the plurality of client systems, 3) identifying a security-feature-enablement rule for the legacy application, 4) enabling at least one security feature for the legacy application by executing the security-feature-enablement rule, 5) determining the impact of the security-feature-enablement rule on the health of the legacy application, and then 6) relaying the impact of the security-feature-enablement rule on the health of the legacy application to a server. Various other methods, systems, and computer-readable media are also disclosed.