Provided is a system and method which perform an antivirus scan of incoming files via a file management application of a file system. Infected files can be prevented from being stored to the file system. In one example, the method may include receiving, via a first application contained in a first data container, a data file that is uploaded for storage to a file system, storing the data file in a temporary storage, transmitting a location of the data file in the temporary storage to a second application contained in a second data container, and receiving, via the first application contained in the first data container, a response from the second application contained in the second container, indicating results of a security scan performed on the data file.

An adaptor includes non-volatile memory that stores a scan engine. A removable storage device is connected to the adaptor, which in turn is connected to a host computer. Files being copied between the removable storage device and the host computer through the adaptor are scanned for malware using the scan engine.

A known-deployed file metadata repository (KDFMR) and analysis engine enumerates reference lists of files stored on a software delivery point (SDP) and compares the enumerated list of files and associated metadata to previously stored values in the KDFMR. If newly stored or modified files are identified, the analysis engine acquires the files from the SDP. Each file is analyzed to determine whether the file is an atomic file or a container file and metadata is generated or extracted. Each file stored in a container file is recursively extracted and analyzed, where metadata is generated for each extracted file and each container file. The KDFMR periodically analyzes the files stored on the SDP for differences to maintain the currency of the KDFMR data with respect to files stored on the SDP. Storage or modification of files on the SDP triggers analysis of the associated file. KDFMR data is updated with metadata determined based on sandbox detonation of files and/or identified artifacts of known-deployed files.

Methods and systems for detecting whether an executable file comprises malware are disclosed. The methods and systems rely on various feature extraction and feature representation processes to allow patterns associated with Portable Executable (PE) files to be analyzed in an improved representation space. In one example, six different feature sets are extracted from a PE file and represented in six different feature spaces, before being input into a multivariate ensemble deep neural network-based model.

A known-deployed file metadata repository (KDFMR) and analysis engine enumerates reference lists of files stored on a software delivery point (SDP) and compares the enumerated list of files and associated metadata to previously stored values in the KDFMR. If newly stored or modified files are identified, the analysis engine acquires the files from the SDP. Each file is analyzed to determine whether the file is an atomic file or a container file and metadata is generated or extracted. Each file stored in a container file is recursively extracted and analyzed, where metadata is generated for each extracted file and each container file. The KDFMR periodically analyzes the files stored on the SDP for differences to maintain the currency of the KDFMR data with respect to files stored on the SDP. Storage or modification of files on the SDP triggers analysis of the associated file. KDFMR data is updated with metadata determined based on sandbox detonation of files and/or identified artifacts of known-deployed files.

Disclosed is a checksum generation and validation system and associated methods for dynamically generating and validating checksums with customizable levels of integrity verification. The system receives a file with data points defined with positional values and non-positional values, and differentiates a first set of the data points from a second set of the data points. The system generates a checksum based on a combination of two or more values from the positional values and the non-positional values of each data point from the first set of data points, and further based on exclusion of the positional values and the non-positional values of the second set of data points from the checksum. The system may use the checksum to verify the integrity of the data associated with the first set of data points.

Methods, systems, and apparatuses to improve the handling of exceptions during the retrieval and processing of health records from various data sources are provided. During the retrieval and processing of health records, exceptions to typical behavior are recorded with context at the data extraction protocol level, at the health record level and at the level of elements with the document. Accordingly, insights may be developed and configurations, rules, or coding changes, based on the detected exceptions may be proposed. In some instances, an operator may be notified about the exceptions such that the operator may act on the insight. In some instances, the processing of extracted records (documents, messages) may be deferred until the operator has made appropriate changes to configuration, rules, or code. In some instances, the system may supplement and/or replace the operator with machine learning engines that act on the developed insights.

A semiconductor device (100) includes: a determination unit (110) configured to determine whether an avoidance condition of inspection of control flow integrity is satisfied (e.g., a degree of similarity with a previous input value is in a predetermined range) based on determination auxiliary information, which is at least an input value in a target code block to be executed among a plurality of code blocks in a predetermined program, and an inspection unit (120) configured to avoid inspection of control flow integrity in the target code block when it is determined that the avoidance condition is satisfied.

A computing system may receive, from a client device, data associated with a file to be uploaded to the computing system, and may determine, based at least in part on the received data, a recommended compression technique to be used on the file. The computing system may send an indication of the recommended compression technique to the client device. The computing system may receive, from the client device, a version of the file that is compressed in accordance with the recommended compression technique.

A computer implemented cyber security method for preventing and removing undesired modifications of a protected file may include: generating a virtual file object via an authorized handler associated with the protected file, and when a write request to the protected file is received, the write request is redirected to the virtual file object causing the write request to store the change to the data of the protected file as data in the virtual file object; receiving a read request of the protected file; determining if there is data on the virtual file object associated with the protected file; and determining if the data on the virtual file object comprises a change to the data of the protected file; and, based on the determination, the authorized handler returns one of: (i) the data of the protected file changed by the write request and (ii) the data of the protected file unchanged by the write request.