Examples associated with ransomware attack monitoring are described herein. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated based on a sequence of file accesses that match the predefined pattern. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system based on the logging performed by the investigation module, and resumes legitimate processes.

Examples associated with ransomware attack monitoring are described herein. One example includes a monitor module to monitor files stored on the system for sequences of file accesses that match a predefined pattern of file accesses. An investigation module is activated based on a sequence of file accesses that match the predefined pattern. The investigation module logs actions taken by processes to modify files. A reaction module pauses a set of processes operating on the system based on the logging performed by the investigation module, and resumes legitimate processes.

A method for content delivery to a user device, that helps to reduce bandwidth requirements and increases security of the content. The method includes receiving a download request from the user device, the download request including request data corresponding to characteristics of the user device, analyzing the request data to select a bootstrap module; transmitting the bootstrap module to the user device for download; analyzing an authentication characteristic to determine that the user device is authenticated for content viewing; transmitting a content catalogue to the user device; and upon receiving a user selection of a content item from the content catalogue, transmitting the user selected content item to the user device.

A method for content delivery to a user device, that helps to reduce bandwidth requirements and increases security of the content. The method includes receiving a download request from the user device, the download request including request data corresponding to characteristics of the user device, analyzing the request data to select a bootstrap module; transmitting the bootstrap module to the user device for download; analyzing an authentication characteristic to determine that the user device is authenticated for content viewing; transmitting a content catalogue to the user device; and upon receiving a user selection of a content item from the content catalogue, transmitting the user selected content item to the user device.

A system and method of securing a computing device with a remote computer security service includes: identifying a computing device that is subscribed to a remote computer security service, wherein the computing device comprises an anti-authentication application instance provided by the remote computer security service based on the subscription; identifying an occurrence of an anti-authentication action involving the computing device based on anti-authentication policy set to a subscriber anti-authentication account with the remote computer security service for the computing device; responsively to the anti-authentication action, automatically performing by the remote security service or the anti-authentication application instance one or more anti-authentication protective services by protectively altering the computing device based on the anti-authentication policy, wherein the computing device is altered to a protected state from a normal state based on the performance of the one or more anti-authentication protective services.

Methods for protecting software licensing information via a trusted platform module (TPM) are performed by systems and devices. When a licensing server is unreachable, a license is generated for a software application by a licensing manager. The license is generated via a secure register of the TPM using an asymmetric key, specific to the software application and policy-tied to the secure register, to generate a signature of a hashed license file for the software application. The asymmetric key is stored, mapped to the license file, and used for subsequent license validation. A licensing manager validation command is provided to validate the license using the key, as applied to the hash, to verify the signature and checking validity of the time stamp. Time stamp expiration or alteration of the license are determined to provoke invalidation indications for the validating application.

An automatically predetermined credential system for a remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software program. When executed, the administrative access to the OS is activated before completing the administrative activities. The single-use downloaded software program has policies that performs checks on a user computer executing the software program. The policies include checking firewall settings, confirming virus checking, interrogating software to confirm patches or updates have been performed, checking for key loggers or other surveillance software or devices The single-use downloaded software is protected with a passcode to prevent activation in an unauthorized way.

Disclosed herein are methods, systems, and processes to perform self-dependent upgrades of Java Runtime Environments (JREs). A request to update a plugin to a new version with a new configuration that includes a location to download a new upgrader-executable is received from a platform computing device at an endpoint computing device. The plugin is uploaded to the new version. The new upgrader-executable that includes an executable with an executable table executed by the plugin is downloaded from the location. The executable is used to halt execution of a JRE application (e.g., a Collector) and download JRE files required for the upgrade. The JRE application (e.g., the Collector) is then re-started with the new configuration, which can be rolled back if the upgrade is unsuccessful.

The present disclosure generally relates to web page analysis, and more particularly to a classification system for web pages. The classification system may classify a web page as malicious based upon one or more signatures generated for the web page. For example, the classification system may compare one or more signatures generated for a first web page to one or more signatures generated for a second web page, where the first web page and the second web page are the same web page at different times or different web pages. Based upon a similarity of the signatures, the classification system may output whether the first web page is malicious. For another example, the classification system may include a classification model that is trained based upon one or more signatures for one or more classified web pages. The classification model may output whether the web page is malicious.

This disclosure describes systems and methods for protecting commercial off-the-shelf software program code from piracy. A software program may include multiple image files having code and data. A platform may modify the executable file such that the data may be placed at a location in memory that is an arbitrary distance from the code. The platform may encrypt the code and provide it to a computing device comprising a hardware enclave. The computing device may load the encrypted code into the hardware enclave but load the data into memory outside the hardware enclave. The computing device may request a decryption key from an authentication server using a hash of the hardware enclave signed by a processor. The authentication server may provide the decryption key if it verifies the signature and the hash. The computing device may decrypt the code and mark the hardware enclave as non-readable.