A processor of a medical device configured to communicate with a remote server can be programmed to protect the medical device from exposure to unauthorized or malicious software. A system or method to implement this form of protection can include, for example, at least one processor on the medical device, a control software module that controls the operation of the medical device and is executable on the processor, a data management module that manages data flow to and from the control software module from sources external to the medical device, and an agent module that has access to a limited number of designated memory locations in the medical device. In addition, a hemodialysis apparatus can be configured to operate in conjunction with an apparatus for providing purified water from a source such as a municipal water supply or a well. A system for controlling delivery of purified water to the hemodialysis apparatus can comprise a therapy controller of the hemodialysis apparatus configured to communicate with a controller of a water purification device, and a user interface controller of the hemodialysis apparatus configured to communicate with the therapy controller, and to send data to and receive data from a user interface.

There is disclosed a method, computer program product and a system for regulating execution of a suspicious process, comprising determining a file system location of an executable file associated with the suspicious process, encrypting the file, and creating a wrapper for the file with the same file name and location as the file associated with the suspicious process.

The disclosed technology teaches reducing threat detection processing by applying similarity measures. The method includes recognizing that a file is an edited version of a previously processed file and retrieving, from an archive, at least an entropy measure of the previously processed file, and calculating an entropy measure for the edited version of the file. The method applies a similarity measure to compare the entropy measures for the edited version and the previously processed file, avoiding full threat scanning of the file to detect malware except when the similarity measure reaches a scanning trigger. When any similarity measure or combination of similarity measures reaches a trigger, the technology teaches processing the file by using a threat detection module to detect malware. Further included is logging the edited version of the file for further processing when the similarity measure reaches a logging trigger.

A method for detection of malware being installed in an Internet Operating System (iOS) device comprises: identifying at least one known malware signature that is indicative of malware being installed on the iOS device; obtaining a backup of the iOS device that contains a plurality of data files; scanning the plurality of data files of the backup of the iOS device; comparing the scanned plurality of backup data files with at least one known malware signature that is indicative of malware being installed on the iOS device; and identifying malware as being installed on the iOS device, in response to a match of the at least one of the plurality of scanned backup data files with the at least one known malware signature.

In some embodiments, a method includes processing at least a portion of a received file into a first set of fragments and analyzing each fragment from the first set of fragments using a machine learning model to identify within each fragment first information potentially relevant to whether the file is malicious. The method includes forming a second set of fragments by combining adjacent fragments from the first set of fragments and analyzing each fragment from the second set of fragments using the machine learning model to identify second information potentially relevant to whether the file is malicious. The method includes identifying the file as malicious based on the first information within at least one fragment from the first set of fragments and the second information within at least one fragment from the second set of fragments. The method includes performing a remedial action based on identifying the file as malicious.

Systems and methods are described for synergistically combining static file based detection and behavioral analysis to improve both threat detection time and accuracy. An endpoint security solution running on an endpoint device generates a static analysis score by performing a static file analysis on files associated with a process initiated on the endpoint device. When the static analysis score meets or exceeds a static analysis threshold, then a network security platform treats the process as malicious and blocks execution of the process. When the static analysis score is less than the static analysis threshold, then the endpoint security solution obtains a dynamic analysis score for the process. The network security platform treats the process as malicious and causes execution of the process to be blocked based on a function of the static analysis score and the dynamic analysis score.

Techniques for threat scanning transplanted containers are described. A method of threat scanning transplanted containers may include generating a container map of running containers on a block storage volume mounted to a scanning instance of a threat scanning service, scanning the block storage volume by a scanning engine of the scanning instance, identifying at least one threat on the block storage volume, and identifying at least one container associated with the at least one threat using the container map.

A method is provided that determines whether to allow an application (app) for use or restrict the app on a set top box (STB). The method includes the steps of measuring at the STB, one or more resources used by the app; comparing at the STB, one or more thresholds set by an operator; and determining if the one or more resources used by the app exceed one or more thresholds set by the operator. Another method is provided that monitors applications (apps) that are installed a set top box (STB) for illegal or harmful activity by a policy manager. This method includes downloading and copying an app from an external source; installing or uninstalling the app into an application folder; providing a notification informing the policy manager of the installing or uninstalling of the app; and evaluating the app be installed or uninstalled.

Methods and devices for determining whether a mobile device has been compromised. File tree structure information for the mobile device is obtained that details at least a portion of a tree-based structure of folders and files in a portion of memory. The file tree structure information is analyzed to determine that the mobile device has been compromised, has not been compromised, or might be compromised. Based on determining that the mobile device might be compromised, the mobile device is instructed to execute a restricted action. If the restricted action occurs on the mobile device then it is determined that the mobile device has been compromised. Based on that determination, an action is taken.

Systems and methods for malware filtering are provided herein. In some embodiments, a system having one or more processors is configured to: retrieve a file downloaded to a user device; break the downloaded file into a plurality of chunks; scan the plurality of chunks to identify potentially malicious chunks; predict whether the downloaded file is malicious based on the scan of the plurality of chunks; and determine whether the downloaded file is malicious based on the prediction.