Systems and methods are described that include operations such as detecting a plurality of computing devices configured as a distributed ambient computing system, receiving a request to execute a computing task, obtaining, from the distributed ambient computing system, data representing a device context for at least two of the plurality of devices, generating a combined context corresponding to the distributed ambient computing system, the combined context representing a combination of the device context for the at least two devices, generating and providing at least one decision request based on the computing task and the combined context, receiving a response to the at least one decision request, and triggering execution of the computing task based on the response and the combined context.

An automatically predetermined credential system for a remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software program. When executed, the administrative access to the OS is activated before completing the administrative activities. The single-use downloaded software program has policies that performs checks on a user computer executing the software program. The policies include checking firewall settings, confirming virus checking, interrogating software to confirm patches or updates have been performed, checking for key loggers or other surveillance software or devices The single-use downloaded software is protected with a passcode to prevent activation in an unauthorized way.

One or more kernel-modifying procedures are stored in a trusted computing base (TCB) when bringing up a guest operating system (OS) on a virtual machine (VM) on a virtualization platform. When the guest OS invokes an OS-level kernel-modifying procedure, a call is made to the hypervisor. If the hypervisor determines the TCB to be valid, the kernel-modifying procedure in the TCB that corresponds to the OS-level kernel-modifying procedure is invoked so that the kernel code can be modified.

Embodiments of the invention are directed to systems, methods, and computer program products for creating an effective baseline for controlling software and programs running on a user device or virtual machine environment of an enterprise network. Historical data may be used to train one or more iterative machine learning processes for intelligently identifying relevant program characteristics and aiding or automating a determination as to a software or program's need, usage, redundancy, or security. Determinations regarding software or program classifications may be used for further review or automated control of software or program execution within a network environment.

The present disclosure is related to encryption of executables in computational memory. Computational memory can traverse an operating system page table in the computational memory for a page marked as executable. In response to finding a page marked as executable, the computational memory can determine whether the page marked as executable has been encrypted. In response to determining that the page marked as executable is not encrypted, the computational memory can generate a key for the page marked as executable. The computational memory can encrypt the page marked as executable using the key.

Technologies are provided for prevention of organizational data leakage across platforms based on device status. A device management service may include status information for a client device and/or a connection in a token provided to the client device and update the status in response to changes. An applicable data protection policy may be determined based on the detected status and optionally based on data being accessed. An instruction may be transmitted to a client application executed on the client device based on the applicable data protection policy thereby enforcing the data protection policy at the server. The instruction may cause a script executed at the client application to disable one or more user interface controls associated with functionality such as downloading, synchronizing, printing, etc. of the organizational data to prevent leakage of organizational data.

A predetermined credential system for remote administrative operating system (OS) authorization and policy control is disclosed. Administrative activities are packaged in single-use downloaded software. When executed, the administrative access to the OS is activated before completing the administrative activities. The admin credential is encrypted in a wrapped program. A payload program and administrative credentials are extracted from a wrapped program. The payload program adds functionality or affects policies and/or change update settings and configuration selected for an end user computer or a group of end user computers.

A computer system includes a processor and a memory device. The computer system is configured to execute a function that builds a software instance definition object. The software instance definition object includes one or more configuration items, attributes, permissions, and linkages to other objects, which define a software instance. The computer system temporarily stores the software instance definition object in the memory device. The computer system updates at least one of the configuration items, attributes, permissions, and linkages to other objects of the stored software instance definition object, thereby creating an updated software instance definition object. A fix command is then executed to update the software instance based on the updated software instance definition object, thereby creating an updated software instance. After creating the updated software instance, the software instance definition object is deleted from the memory device.

There is provided a user device including a transceiver, a processor, and a memory. The memory stores a device management application (DMA) arranged to disable at least one function of the user device in accordance with an operative device policy state of the user device, and a device policy schedule comprising a queue of device policy states each having an associated respective set of policy data. Responsive to receiving, from a remote system via the transceiver, first synchronisation data indicating a first device policy state in the queue of device policy states, the DMA is arranged to update the operative device policy state of the user device to the indicated first device policy state.

A variety of methods are provided for an application or operating system (OS) kernel intrusion detection and prevention, based on usage of existing vulnerability fixes and their transformation into honeypot detectors. A honeypot patch may be generated for a computing system associated with a software vulnerability in software installed on the computing system. The honeypot patch, when used to modify the installed software, can convert the computing system into a honeypot system configured to detect attempts to exploit the software vulnerability of the software, and in response, generate a security event associated with the software vulnerability.