Patent application number | Description | Published |
20080235170 | USING SCENARIO-RELATED METADATA TO DIRECT ADVERTISING - Mechanisms for directing advertising in search result presentation and/or scenario solution execution based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. For instance, embodiments of the present invention provide a mechanism by which scenario solutions or enablers related to commonly executed scenario solutions or enablers stored in association with the user's locality can be advertised to the user in conjunction with presentation of scenario solution-related search results. Additionally, embodiments of the present invention provide a mechanism by which more highly rated scenario solutions and/or enablers than those associated with the user's locality may be advertised during presentation of an executed scenario solution. | 09-25-2008 |
20080235179 | IDENTIFYING EXECUTABLE SCENARIOS IN RESPONSE TO SEARCH QUERIES - Systems, methods, and computer-readable media for identifying executable scenario solutions relevant to a user query and returning such executable scenario solutions as search results in response to the user query are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a series of steps which may be implemented to address a particular issue relevant to the received user query. Often, a series of steps or scenario includes a number of sub-scenarios, each of which is to be executed sequentially to achieve the desired result. Accordingly, upon selection of a particular search result, the user may be guided through a series of sub-scenario result options until an item having direct association to a series of steps is selected. Once selected, the executable scenario solution is presented to the user for execution. | 09-25-2008 |
20080235206 | USING SCENARIO-RELATED INFORMATION TO CUSTOMIZE USER EXPERIENCES - Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user. As the namespace(s)/keyword(s) in association with which to organize a particular executable scenario solution is determined by the author of the scenario solution, other information associated with the same namespace/keyword (and/or a namespace/keyword having a relationship thereto) is likely to be more relevant than information organized based upon keywords alone. | 09-25-2008 |
20080235229 | ORGANIZING SCENARIO-RELATED INFORMATION AND CONTROLLING ACCESS THERETO - Mechanisms for organizing scenario solution-related information based upon a user's locality are provided. Locality refers to a collection of metadata created based upon scenario solutions executed by a user and/or enablers acquired by a user during scenario solution execution. Such metadata may be stored in association with a scenario solution execution workspace and/or in association with a user-specific information store. Once such information is acquired, a user may desire to share the information, or a portion thereof, with one or more other users, for instance, the members of a user group. However, often times, the user would prefer that the information not be made available to the general public. Thus, mechanisms for controlling access to user-specific information are also provided. | 09-25-2008 |
20080235790 | SECURE ISOLATION OF APPLICATION POOLS - A secure web hosting system is provided. In various embodiments, the secure web hosting system identifies an application that is to be loaded, creates a security token that is unique to the computer system and based on a name of the identified application, receives a request to load the identified application, and creates a process in which to load the identified application, the process having security attributes associated with the created security token. In various embodiments, the secure web hosting system includes an isolation service component that creates a security token based on an application name of an application identified by the configuration file. | 09-25-2008 |
20090007100 | Suspending a Running Operating System to Enable Security Scanning - Techniques described herein enable virtualizing a processor into one or more virtual machines and suspending an operating system of one of the virtual machines from outside of the operating system environment. Once suspended, these techniques capture a snapshot of the virtual machine to determine a presence of malware. This snapshot may also be used to determine whether an unauthorized change has occurred within contents of the virtual machine. Remedial action may occur responsive to determining a presence of malware or an unauthorized change. | 01-01-2009 |
20090007102 | Dynamically Computing Reputation Scores for Objects - Tools and techniques for dynamically computing reputation scores for objects are described herein. The tools may provide machine-readable storage media containing machine-readable instructions for receiving requests to dynamically compute reputation scores for the objects, for instantiating protected virtual environments in which to execute the objects, and for computing the reputation score based on how the object behaves when executing within the virtual environment. | 01-01-2009 |
20090055921 | FILE ACCESS IN MULTI-PROTOCOL ENVIRONMENT - Aspects of the subject matter described herein relate to providing file access in a multi-protocol environment. In aspects, a file server is operable to receive requests formatted according to two or more file access protocols. If a request is formatted according to a first file access protocol, the file server applies access rights associated with the file to an account associated with a requester to determine whether to grant access. If the request is formatted according to the second file access protocol, the file server may first attempt to find an account for the requester. If an account is not found, the file server may then grant access based on access rights associated with the file as applied to information in the request without consulting an account on the file server. | 02-26-2009 |
20090205034 | System for Running Potentially Malicious Code - Systems and methods for creating a secure process on a web server can include creating an application manager process, and creating an application host process, the application host process being created under control of the application manager process. Example methods can also include restricting attributes of the application host process, and assigning a unique logon identifier to the application host process so that the application host process can only communicate with the application manager process. | 08-13-2009 |
20090241193 | Enhanced Computer Intrusion Detection Methods And Systems - Improved intrusion detection and/or tracking methods and systems are provided for use across various computing devices and networks. Certain methods, for example, form a substantially unique audit identifier during each authentication/logon process. One method includes identifying one or more substantially unique parameters that are associated with the authentication/logon process and encrypting them to form at least one audit identifier that can then be generated and logged by each device involved in the authentication/logon process. The resulting audit log file can then be audited along with similar audit log files from other devices to track a user across multiple platforms. | 09-24-2009 |
20090328154 | ISOLATION OF SERVICES OR PROCESSES USING CREDENTIAL MANAGED ACCOUNTS - This disclosure describes methods, systems, and application programming interfaces for creating a credential managed account. This disclosure describes creating a new password managed account, defining the password managed account, wherein the password managed account is to access a service on a managed computing device, identifying the password managed account for a lifecycle, and automatically managing the password managed account by updating and changing a password for the password managed account on a periodic basis. | 12-31-2009 |
20110010354 | USING SCENARIO-RELATED INFORMATION TO CUSTOMIZE USER EXPERIENCES - Methods for using scenario solution-related information to generate customized user experiences are provided. Upon receiving a user query, a plurality of results is returned, each result being representative of a scenario solution which may be utilized to address a particular issue relevant to the received query. At the time of authoring, each scenario solution is organized based upon one or more keywords and/or one or more categories (i.e., namespaces). Data associated with a namespace/keyword corresponding to a returned search result may be mined to determine information beyond basic scenario solution search results that may be of interest to the user. As the namespace(s)/keyword(s) in association with which to organize a particular executable scenario solution is determined by the author of the scenario solution, other information associated with the same namespace/keyword (and/or a namespace/keyword having a relationship thereto) is likely to be more relevant than information organized based upon keywords alone. | 01-13-2011 |
20110047545 | Entropy Pools for Virtual Machines - In the host operating system of a computing device, entropy data is collected based at least in part on each of one or more hardware components of the computing device. An entropy pool is updated based at least in part on the collected entropy data, and data from the entropy pool is provided to a guest operating system running as a virtual machine of the computing device. The guest operating system maintains a guest operating system entropy pool based on the data from the entropy pool provided by the host operating system. The guest operating system accesses the guest operating system entropy pool and uses the guest operating system entropy pool as a basis for generating values including random numbers. | 02-24-2011 |
20110154505 | UNOBTRUSIVE ASSURANCE OF AUTHENTIC USER INTENT - Computer-executable instructions that are directed to the performance of consequential actions and automatically elevate to execute at a higher privilege level to do so can perform such consequential actions only after user notification. Doing so can enable monitoring processes to avoid presenting duplicative user notification upon detection of such auto-elevation. In addition, prior to presenting user notification, input from the execution environment can be ignored and access to DLLs for performing consequential actions can be avoided. A static analyzer can identify non-conforming computer-executable instructions. A wrapper can be utilized to provide compliance by otherwise unknown or non-conforming computer-executable instructions. | 06-23-2011 |
20110307711 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 12-15-2011 |
20140096122 | EFFICIENT PATCHING - A facility for applying a software patch is described. Using an automatic patching agent, the facility receives the software patch. In response to receiving the software patch, without user intervention, the facility performs the following acts: First, the facility identifies an instance of an executable module that is currently loaded, and to which the received software patch pertains. Second, the facility applies the received software patch to the identified loaded executable module instance to modify the behavior of the identified executable module instance. | 04-03-2014 |
20140129817 | DEVICE BOOTING WITH AN INITIAL PROTECTION COMPONENT - Booting a computing device includes executing one or more firmware components followed by a boot loader component. A protection component for the computing device, such as an anti-malware program, is identified and executed as an initial component after executing the boot loader component. One or more boot components are also executed, these one or more boot components including only boot components that have been approved by the protection component. A list of boot components that have been previously approved by the protection component can also be maintained in a tamper-proof manner. | 05-08-2014 |