To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Policy Manager - from host reported spyware and riskware

Steven_
Steven_ Posts: 20 Security Scout
in Business Suite

Hello,

 

on our Policy Manager we have a notebook with a record on "spyware control from host reported spyware and riskware".

 

Name der Spyware oder Riskware Typ Schweregrad Host Status Datum/Uhrzeit
Application.BitCoinMiner.SX riskware Unbekannt CCC185 Potenziell aktiv 25.10.2017 11:33

 

when we start a full client scan, at the report all ok. (Spyware 0) 

 

can someone explain this record?

 

Greets

 

 

Comments

  • etomcat
    etomcat Posts: 1,172 Firewall Master

    Hello,

     

    > Application.BitCoinMiner.SX

     

    Nowadays a lot of websites earno money not by showing advertisements, but by using the CPU of visitors' computers to mine crypto-currency (e-coins) while they are browsing the site. I think this kind of task is transfered using Javascript code, so there is no permanent file created on the endpoint's disk?

     

    Anyhow, this new fashion is probably a fad that won't last, because the efficiency of 1-2-4 CPU core coin-mining is very low compared to specialized FPGA/ASIC rigs, so it is unlikely the website operators could earn money that way.

     

    Best Regards: Tamas Feher, Hungary.

  • Steven_
    Steven_ Posts: 20 Security Scout

    Hello,

     

    we know that some JS can active stuff like that, but we are wondering because the status is potentially active and dont know how to react in this cases.

     

    How should we react to such messages? Ignore?

    Why the spyware scanning block these activities?

     

    All Entries in this table over the domain:

    Name der Spyware oder Riskware Typ Schweregrad Host Status Datum/Uhrzeit
    Application.BitCoinMiner.SX riskware Unbekannt XXXXXXX Potenziell aktiv 25.10.2017 11:33
    Application.GenericKD.4117551 riskware Unbekannt XXXXXXX Entfernt 27.11.2017 12:32
    Gen:Variant.Adware.DealPly adware Unbekannt XXXXXXX Potenziell aktiv 07.09.2015 20:23
    Gen:Variant.Adware.Strictor adware Unbekannt XXXXXXX Potenziell aktiv 19.11.2015 20:06
    Gen:Variant.Application.Symmi riskware Unbekannt XXXXXXX Potenziell aktiv 19.11.2015 20:05

     

     

    Greets

     

  • MJ-perComp
    MJ-perComp Posts: 669 Firewall Master

    It is riskware, not malware (see https://www.f-secure.com/en/web/labs_global/potentially-unwanted-applications).
    You have had 5 reports in 3 years, and none reoccurring.



    What you want to do with it depends on your company's security policy. The software (sripts) found are not dangerous themselves and could be wanted by your company. But they might reveal private information to an unknown, which you would not like.
    As the help text  says:

    On this page you can monitor and control spyware on your network.
The Spyware and Riskware Reported by Hosts table shows all spyware and riskware that have been reported by hosts. Hosts do not report applications that have been allowed. Entries on this table are removed when a full-system spyware scan is run on a host, and when applications are removed from the quarantine.
You can allow an application by selecting and allowing it using the Spyware and Riskware Reported by Hosts table.
You can disallow spyware by configuring the Default Spyware Handling settings.

    So configure default spyware handling acording to your company's policy, if you feel uncomfortable, but I see no need for change in your case.

    If we can help you any further call in using the below information.

    But be aware that some webpages react bad on blocking (like Ad-blockers). you might need to allow certain scripts manually.

     

     

This discussion has been closed.

Categories