Abstract: A computer implemented cyber security method for preventing and removing undesired modifications of a protected file may include: generating a virtual file object via an authorized handler associated with the protected file, and when a write request to the protected file is received, the write request is redirected to the virtual file object causing the write request to store the change to the data of the protected file as data in the virtual file object; receiving a read request of the protected file; determining if there is data on the virtual file object associated with the protected file; and determining if the data on the virtual file object comprises a change to the data of the protected file; and, based on the determination, the authorized handler returns one of: (i) the data of the protected file changed by the write request and (ii) the data of the protected file unchanged by the write request.

Abstract: In some embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: receiving a first access request from a program, the first access request having a first instruction set for modifying data of the file; determining if the file is associated with the authorized handler; processing the first instruction set to produce first modification data; and generating an initial virtual file object comprising the first modification data. In further embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: processing an instruction set for modifying a file to produce modification data; generating a virtual file object comprising the modification data; and associating the virtual file object with the file by identifying the file as a sparse file.

Abstract: A data health monitoring system and method are provided which may be configured to monitor different indicators or parameters of a computing device which may affect the health of the computing device, such as which may be used in looking for early warning signs that could indicate future data loss or corruption. The system may periodically query certain data health indicators, such as S.M.A.R.T. status, disk temperature, read and write errors, etc. The system may also monitor data as it is being accessed keeping track of other indicators such as: files that are modified, when the last backed up was, protection status of the file, type of changes made to the file, which application is making changes, etc. Preferably, the combined status of each data health indicator may be rolled up into a simple message and shown to the user via notifications, reports, logs or a user interface.

Abstract: A data health monitoring system and method are provided which may be configured to monitor different indicators or parameters of a computing device which may affect the health of the computing device, such as which may be used in looking for early warning signs that could indicate future data loss or corruption. The system may periodically query certain data health indicators, such as S.M.A.R.T. status, disk temperature, read and write errors, etc. The system may also monitor data as it is being accessed keeping track of other indicators such as: files that are modified, when the last backed up was, protection status of the file, type of changes made to the file, which application is making changes, etc. Preferably, the combined status of each data health indicator may be rolled up into a simple message and shown to the user via notifications, reports, logs or a user interface.

Abstract: A method, system and computer-usable medium are disclosed for enforcing a security policy, comprising: determining when an endpoint device initiates a web transaction with a web server, the endpoint device initiating the web transaction with a web-enabled application; establishing a side channel to a security service when the endpoint device initiates the web transaction with the web-enabled application; performing a categorization and policy enforcement operation via the security service in parallel with initiating the web transaction, the categorization and policy enforcement operation determining a security policy result regarding the web transaction; withholding content resulting from performance of the web transaction until the security policy result is provided by the security service, the content being withheld at the endpoint device; and, releasing the content resulting from the web transaction to the web-enabled application of the endpoint device upon receipt of an affirmative policy result from the

Abstract: A data health monitoring system and method are provided which may be configured to monitor different indicators of a computing device which may affect the health of data, looking for early warning signs that could indicate future data loss or corruption. The system may periodically query certain data health indicators, such as S.M.A.R.T. status, disk temperature, read and write errors, etc. The system may also monitor data as it is being accessed keeping track of other indicators such as: files that are modified, when the last backed up was, protection status of the file, type of changes made to the file, which application is making changes, etc. Preferably, the combined status of each data health indicator may be rolled up into a simple message and shown to the user via notifications, reports, logs or a user interface.

Abstract: In some embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: receiving a first access request from a program, the first access request having a first instruction set for modifying data of the file; determining if the file is associated with the authorized handler; processing the first instruction set to produce first modification data; and generating an initial virtual file object comprising the first modification data. In further embodiments, a cyber security method for preventing unauthorized file modification by malicious software and the like, the file accessible to an authorized handler may include: processing an instruction set for modifying a file to produce modification data; generating a virtual file object comprising the modification data; and associating the virtual file object with the file by identifying the file as a sparse file.

Abstract: A method, system and computer-usable medium are disclosed for enforcing a security policy, comprising: determining when an endpoint device initiates a web transaction with a web server; establishing a side channel to a security service when the endpoint device initiates the web transaction with a web-enabled application; performing a categorization and policy enforcement operation via the security service in parallel with initiating the web transaction, the categorization and policy enforcement operation determining a security policy result regarding the web transaction; withholding content resulting from performance of the web transaction at the endpoint device until the security policy result is provided by the security service; and, releasing the content resulting from the web transaction to the web-enabled application of the endpoint device upon receipt of an affirmative policy result from the security service.

Abstract: A method and apparatus to reconfigure parameters for establishing a link with a new host after a computer is moved to a new location or a new network.

Abstract: Systems and methods for computer security are provided. In one implementation, a computer-implemented method is provided. The method includes applying a hook to a kernel of an operating system, monitoring system calls made to the kernel using the hook, and injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call. In another implementation, the method can further include initializing the injected new entry where the injected new entry is operable to examine process files prior to loading, examining the process files, and acting on the process according to a result of the examination.

Abstract: A method and apparatus to reconfigure parameters for establishing a link with a new host after a computer is moved to a new location or a new network.

Abstract: Systems and method of computer security are provided. In one implementation, a method is provided. The method includes monitoring incoming kernel mode calls and identifying a kernel mode call to verify using a predetermined criterion. The method also includes validating the identified kernel mode call, and processing the kernel mode call in accordance with the results of the validation of the kernel mode call. In another implementation a kernel application programming interface validation device is provided. The kernel application programming interface validation device includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel mode calls, a validation engine operable to determine if a kernel mode call is valid using the results of the analysis engine, and a processing engine.

Abstract: Systems and method of computer security are provided. In one implementation, a method is provided. The method includes monitoring incoming kernel mode calls and identifying a kernel mode call to verify using a predetermined criterion. The method also includes validating the identified kernel mode call, and processing the kernel mode call in accordance with the results of the validation of the kernel mode call. In another implementation a kernel application programming interface validation device is provided. The kernel application programming interface validation device includes a monitoring engine for monitoring incoming kernel mode calls, an analysis engine operable to examiner kernel mode calls, a validation engine operable to determine if a kernel mode call is valid using the results of the analysis engine, and a processing engine.

Abstract: Systems and methods for computer security are provided. In one implementation, a computer-implemented method is provided. The method includes applying a hook to a kernel of an operating system, monitoring system calls made to the kernel using the hook, and injecting a new entry into a list of files assembled by a loader to create a new process when the hook identifies a create process system call.

Abstract: Methods and apparatus to reconfigure parameters for establishing a link with a new host after a computer is moved to a new location or a new network. A computer-implemented method for networking includes steps of examining an established link for a need to establish a new link, establishing the new link by selecting a network profile from a plurality of network profiles stored in a profile database, and reconfiguring parameters for a current network setting automatically without user input. The network profile contains a plurality of configuration parameters for establishing links.

Abstract: A method and apparatus to reconfigure parameters for establishing a link with a new host after a computer is moved to a new location or a new network.