Craig Paulsen
asked on
HP issues urgent security update after laptops found to secretly save what users type
Guys, can you provide advise/guidance on this,
I received this SEP alert when I started this morning. As per the article attached there is a key logger installed by default on some / one of our laptops.
http://www.telegraph.co.uk/technology/2017/05/12/hp-issues-urgent-security-update-laptops-found-secretly-save/ -
SEP has successfully quarantined microtray64.exe, would this be sufficient or would we need to update our standard image to contain a fix or sorts and apply to the affected models.
Kindly advise
Craig
I received this SEP alert when I started this morning. As per the article attached there is a key logger installed by default on some / one of our laptops.
http://www.telegraph.co.uk/technology/2017/05/12/hp-issues-urgent-security-update-laptops-found-secretly-save/ -
SEP has successfully quarantined microtray64.exe, would this be sufficient or would we need to update our standard image to contain a fix or sorts and apply to the affected models.
Kindly advise
Craig
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Did you try (as a test) using an exception in SEP
ASKER
they (our security team) don't want to go that route, see there response above.
ASKER
they manage the SEP AV management console
I.would try it before I would spend time reimagining but that is your choice
ASKER
it's not my choice, they want me to push updated drivers to resolve this issue for affected laptops, where are the updated drivers?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
we might have to update the driver, as Symantec has quarantined the Mictray64.exe file, however, now the keyboard hot keys don't function :(
now I need to package and push driver to x 2 specific models.
now I need to package and push driver to x 2 specific models.
Have to patch the build drivers as per your patch regime rollout. I dont suggest exception case unless it is too many endpoint affected. Avoid a big bang and test within a small pilot user group first.
Advice given for considerations.
ASKER
__________________________
- this is not classified as a False Positive. It is a misconfiguration.
Joe Bloggs has confirmed that there was a coding error in the driver where it would log keystrokes and store them on the computers C drive. It is detecting it as a threat because users passwords and other details may be stored on the users C drive. It is imperative that the driver is updated to resolve the security flaw in the driver application as soon as possible.