Abstract: A computer-implemented method for determining the impact of a software change on the health of a computing system or an application installed on the computing system may comprise identifying the software change, performing a first health evaluation, allowing the software change to occur, performing a second health evaluation, and then determining the impact of the new application by comparing the results of the second health evaluation with the results of the first health evaluation. Exemplary methods for providing guidance on the potential impact of a software change and for determining the health impact of a software change based on information obtained from a plurality of computing systems are also disclosed. Corresponding systems and computer-readable media are also disclosed.

Abstract: Multiple apps of an ecosystem on a computer securely exchange encrypted data according to an information control policy of an enterprise, without allowing unauthorized access from outside of the ecosystem. An ecosystem agent creates an ecosystem directory, which contains policy information and identification information concerning each specific app in the ecosystem, including the ecosystem agent. Each ecosystem app generates an asymmetric key pair, the public key of which it shares only with apps in the ecosystem through the directory. The ecosystem agent's private key is used to encrypt the directory. Data is securely communicated between apps in the ecosystem, by encrypting and decrypting messages and data objects with the appropriate ecosystem app keys. Each specific app in the ecosystem complies with enterprise information control policy. Ecosystem apps can read a policy from the directory, and receive policy updates from the enterprise.

Abstract: A computer-implemented method for looking up anti-malware metadata may include identifying a plurality of executable objects to be scanned for malware before execution. The computer-implemented method may also include, for each executable object within the plurality of executable objects, assessing an imminence of execution of the executable object. The computer-implemented method may further include prioritizing, based on the assessments, a retrieval order for anti-malware metadata corresponding to the plurality of executable objects. The computer-implemented method may additionally include retrieving anti-malware metadata corresponding to an executable object within the plurality of executable objects based on the retrieval order. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: A computer-implemented method may include performing a first analysis on at least one file of a master virtual machine and inserting, into the master virtual machine, information that indicates at least one result of the first analysis. The computer-implemented method may also include maintaining at least one additional virtual machine that is based on the master virtual machine. The computer-implemented method may further include directing the additional virtual machine to reference the information in the master virtual machine instead of performing a second analysis on at least one file of the additional virtual machine. Various other systems, methods, and computer-readable media are also disclosed.

Abstract: A method and apparatus for safe and secure access to dynamic domain name systems. In one embodiment a method comprises transmitting a DNS query to a dynamic DNS server. The DNS query comprises a domain name. A DNS answer is received from the dynamic DNS server in response to transmitting the DNS query. The DNS answer comprises an IP address. A request is transmitted to a host at the IP address in response to receiving the DNS answer. A digital certificate is received in response to transmitting the request. The received digital certificate is then compared with each of a plurality of digital certificates stored in memory. The IP address is transmitted to a client computer system if the received digital certificate compares equally with one of the plurality of digital certificates.

Abstract: When a program is loaded for execution, all code pages of the program except the one containing the entry point are set to be non-executable. When the executing program attempts to jump between code pages, an exception is thrown. Responsive to such an exception, a control flow graph of the program is examined, to determine if the attempted jump between code pages is expected. If the attempted jump is not expected, it is determined that the program is attempting a malicious activity. If the attempted jump is expected, the code page to which the program is attempting to jump is set to be executable, and control is returned to the program such that the jump executes.

Abstract: A request from a software developer is received to digitally sign software included in the request. A security policy associated with the software developer is accessed where the security policy describes criteria for valid request by the software developer. A determination is made whether the request is valid based at least in part on the security policy. The software is digitally signed responsive to the determination indicating that the request is valid. The digitally signed software is provided to the software developer.

Abstract: Techniques for providing missed arrival notifications are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for providing missed arrival notifications comprising: receiving, from a user associated with a client device, travel information that indicates at least an expected destination and an expected route to the expected destination, tracking, on a notification system, the client device's progress in traveling the expected route to the expected destination, determining, on the notification system, whether the client device has deviated from the expected route to the expected destination, and initiating, on the notification system, an alert escalation procedure in response to determining that the client device has deviated from the expected route to the expected destination.

Abstract: A security module on a computing device applies security rules to examine content in a network cache and identify suspicious cache content. Cache content is identified as suspicious according to security rules, such as a rule determining whether the cache content is associated with modified-time set into the future, and a rule determining whether the cache content was created in a low-security environment. The security module may establish an out-of-band connection with the websites from which the cache content originated through a high security access network to receive responses from the websites, and use the responses to determine whether the cache content is suspicious cache content. Suspicious cache content is removed from the network cache to prevent the suspicious cache content from carrying out malicious activities.

Abstract: Configuration elements are selectively propagated between a host and multiple guests, based on a policy. Configuration elements of the host and guests are monitored. Changes made to monitored configuration elements are detected. It is determined whether to propagate changed configuration elements between operating system environments based on the policy. It can be determined to propagate changed configuration element(s) from a source to one or more destinations in response to factors such as the identity and/or classification of the source, or the type, attribute(s), content and/or identity of the changed configuration element(s). The creation of new guests is detected. In response, at least one configuration element from at least one source is automatically propagated to a newly created guest.

Abstract: A request to send a JIT component to a streaming client is received. A network capability rating of the network over which the JIT component is to be sent to the streaming client is determined, and a client capability rating of the streaming client is determined. A transmission language format in which to send the JIT component to the streaming client is determined based on at least the network capability rating and the client capability rating. The JIT component is obtained in the transmission language format and sent to the streaming client over the network. In some embodiments, a transmission language format is determined for each sub-component of the component based on the network capability rating, the streaming client rating, and a sub-component characteristic rating.

Abstract: A computer-implemented method for revoking digital signatures may include (1) identifying an executable file signed with a digital signature, (2) determining that the executable file is subject to a revocation check used to determine whether the digital signature has been revoked, (3) classifying the executable file based on at least one attribute of the executable file, (4) determining, based on the classification of the executable file, that the executable file is a member of a revocation group, wherein a status identifier associated with the revocation group indicates whether any member of the revocation group has a digital signature revocation, (5) determining, based on the status identifier associated with the revocation group, that the digital signature of the executable file has potentially been revoked, and then (6) performing the revocation check on the executable file. Various other methods, systems, and computer-readable media are also disclosed.

Abstract: Techniques for securing checked-out virtual machines in a virtual desktop infrastructure (VDI) are disclosed. In one particular exemplary embodiment, the techniques may be realized as a method for securing a checked-out guest virtual machine including receiving a request for checking-out a guest virtual machine hosted by a server network element, wherein checking-out the guest virtual machine comprises transferring hosting of the guest virtual machine from the server network element to a client network element. The method for securing a checked-out guest virtual machines may also include configuring a security module for the guest virtual machine in order to secure the guest virtual machine and providing the security module to the guest virtual machine when the guest virtual machine is checked-out.

Abstract: A plurality of computing devices used to access backend computing resources of an enterprise by a specific user are identified, and geo-locations of the devices at specific times are tracked. A trusted authentication is received from a specific one of the devices. Responsive to the trusted authentication, the specific device is classified as the primary node of a trusted cluster, and the current geo-location of the user is defined as the geo-location of the specific device, as of the time of the trusted authentication. Devices are assigned to a logical trusted device cluster or to a logical non-trusted device cluster, based on distances between the device geo-locations and the current geo-location of the user, and based on differences between establishment times of the device geo-locations and the establishment time of the user's geo-location.

Abstract: A page list comprising a list of transitions between network resources is established. Subsequently, a transition is detected between a first network resource and a second network resource. An expected security level associated with the transition is identified based on the page list. Responsive to the detected security level being determined to be lower than the expected security level, a remedial action is performed.

Abstract: Computer-implemented methods, systems, and computer-readable media for automatically generating computer-assistance videos based on remote interactive-guidance sessions are disclosed. In one example, an exemplary method for performing such a task may comprise: 1) detecting initiation of a remote interactive-guidance session between a local computing device and a remote computing device, 2) recording the remote interactive-guidance session, 3) storing the recorded interactive-guidance session in a media file, and then 4) providing access to the media file.

Abstract: Exclusions to anti-malware scanning are managed at a user account level. On a computer on which an anti-malware product provides anti-malware scanning, at least one user account to exclude from the anti-malware scanning is specified. Specifying a user account to exclude can comprise adding the name of the user account to the exceptions policy of the anti-malware product. Specified user accounts are excluded from the anti-malware scanning. Excluding a user account from anti-malware scanning comprises excluding all applications that are run by the specified account. Non-specified user accounts and applications run by the non-specified user accounts, are allowed to be scanned. User accounts to exclude from the anti-malware scanning can comprise virtual user accounts. When a virtual user account is excluded from the anti-malware scanning, the system service associated with the virtual user account is excluded.

Abstract: It is detected when an administrator begins or finishes performing remote administrative activity. In response, the polling interval is modified. When the level of remote administrative activity increases, the polling interval is decreased, thereby directing the managed clients to poll the server more frequently. When the level of remote administrative activity decreases, the polling interval is increased, thereby directing the managed clients to poll the server less frequently. By dynamically adjusting the polling interval based on remote administrative activity, a balance is struck between scalability and usability.

Abstract: Installation events associated with a software application are received from a plurality of clients. A rate at which the software application was uninstalled on the plurality of clients is determined based on the installation events. A reputation score is generated based on the rate at which the software application was uninstalled on the plurality of clients. A reputation score is generated for the software application responsive to the installation event and the performance data. The reputation score storied in association with the software application.

Abstract: An attempted exploit of a vulnerability of an application executed by a computer is detected. The exploit attempts to call an application programming interface (API) and abuse application data through a malicious parameter of the call. The API of the application is hooked and monitored for a call made to the hooked API. A parameter of the call is analyzed to determine whether the parameter has a malicious characteristic indicating an attempt to use data within an address space of the application to execute malicious software. A remediation action is taken responsive to determining that the parameter has a malicious characteristic.