There is disclosed in one example a computing apparatus, including: a processor and memory; and instructions encoded within the memory to instruct the processor to: identify a scripted process for security analysis; hook application programming interface (API) calls of the scripted process to determine a plurality of pre-execution parameters and runtime parameters; assign individual scores to the pre-execution parameters and runtime parameters; compute a sum of the individual scores; compare the sum to a threshold; and detect malicious or suspicious activity if the sum is above the threshold.

Techniques for monitoring operating statuses of an application and its dependencies are provided. A monitoring application may collect and report the operating status of the monitored application and each dependency. Through use of existing monitoring interfaces, the monitoring application can collect operating status without requiring modification of the underlying monitored application or dependencies. The monitoring application may determine a problem service that is a root cause of an unhealthy state of the monitored application. Dependency analyzer and discovery crawler techniques may automatically configure and update the monitoring application. Machine learning techniques may be used to determine patterns of performance based on system state information associated with performance events and provide health reports relative to a baseline status of the monitored application. Also provided are techniques for testing a response of the monitored application through modifications to API calls. Such tests may be used to train the machine learning model.

One example method includes injecting processing into sessions including IO sessions. Events in a file system are intercepted and processed. During processing, policies may be applied to the events. Some of the policies are triggered such that external actions or processing is applied to the event. Once the actions have been performed, the event may be processed by the file system.

The present technology pertains to responding to a kernel level file event for a content item and presenting a file event window associated with the content item. A client device can detect the kernel level file event for the content item. This can be accomplished using a kernel extension on a client device that is networked with a content management system. The client device can then retrieve data associated with the content item, including an instruction for the content item. The client device can then perform the instruction. This instruction can be to retrieve collaboration data from the content management system and present the collaboration data in a file event window.

A system for preventing duplication of a computer source file to a destination file includes a user application accessed by a user of a computer. An agent application hosted by the computer registers for a notification of a user interface action with an operating system (OS) of the computer. The agent receives notice from the OS of the user interface action and determines if the user interface action is indicative of a data file duplication operation of a source file to a destination file location The Agent compares a property of the source file and a property of the destination file location to a blocking criteria, and blocks the user interface action from reaching the application.

Systems, methods, and computer-readable media for intercepting telemetry events obtained during operation of an application and analyzing the telemetry events are provided. The telemetry events are intercepted at the library level by interposing on application calls to a native library. The telemetry events are collected and transmitted to a platform that analyzes the collected events and presents information based on the analysis.

A hypervisor virtual server system, including a plurality of virtual servers, a plurality of virtual disks that are read from and written to by the plurality of virtual servers, a physical disk, an I/O backend coupled with the physical disk and in communication with the plurality of virtual disks, which reads from and writes to the physical disk, a tapping driver in communication with the plurality of virtual servers, which intercepts I/O requests made by any one of said plurality of virtual servers to any one of said plurality of virtual disks, and a virtual data services appliance, in communication with the tapping driver, which receives the intercepted I/O write requests from the tapping driver, and that provides data services based thereon.

A system that transforms non-SaaS (non Software as a Service) applications into tenant-aware SaaS (Software as a Service) applications is disclosed, which analyzes the non SaaS applications to determine which intercepts to external libraries need to be translated into SaaS intercepts that utilize SaaS tenancy services, SaaS operations services, and/or SaaS business services. The system transforms the non-SaaS applications into SaaS applications by providing intercept handlers that call SaaS services on demand when the transformed SaaS application throws a transformed SaaS interrupt.

The use of browser context in detecting malware is disclosed. A client device requests content from a remote server. Data received by the client device from the remote server is transmitted to an external scanner for analysis by the external scanner. The external scanner is configured to use a browser executed in an instrumented virtual machine environment to analyze the data provided by the client device. The client device is configured to request the content from the remote server using a browser extension configured to retrieve data and provide the retrieved data to the external scanner without rendering the retrieved data.

Systems, methods, and other embodiments are disclosed that are configured to verify the translation of a program from a first programming language to a second programming language. In one embodiment, a first program is executed within a first thread of a process in parallel with a second program within a second thread of the process. A first source code of the first program is written in the first programming language, and a second source code of the second program is a translation of the first source code of the first program to the second programming language based on a translation process. Statement flow and program variables are compared at equivalent lines of code between the first program and the second program, during execution of the two programs in parallel, to generate execution results. The translation process is transformed, based on the execution results, facilitating correcting of the second source code.