Link to home
Start Free TrialLog in
Avatar of Craig Paulsen
Craig PaulsenFlag for New Zealand

asked on

HP issues urgent security update after laptops found to secretly save what users type

Guys, can you provide advise/guidance on this,

I received this SEP alert when I started this morning.  As per the article attached there is a key logger installed by default on some / one of our laptops.

http://www.telegraph.co.uk/technology/2017/05/12/hp-issues-urgent-security-update-laptops-found-secretly-save/ -

SEP has successfully quarantined microtray64.exe, would this be sufficient or would we need to update our standard image to contain  a fix or sorts and apply to the affected models.


Kindly adviseUser generated imageUser generated image
Craig
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Dr. Klahn
Dr. Klahn

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Craig Paulsen

ASKER

right, I have around 60 odd laptops impacted by this, and I need to provide a fix, this issue has been out since May 2017, not sure why SEP now only picks this up.

__________________________________________________________________________________________________________________________________________________Our security team's response as follows:

- this is not classified as a False Positive. It is a misconfiguration.  

Joe Bloggs has confirmed that there was a coding error in the driver where it would log keystrokes and store them on the computers C drive. It is detecting it as a threat because users passwords and other details may be stored on the users C drive. It is imperative that the driver is updated to resolve the security flaw in the driver application as soon as possible.
Did you try (as a test) using an exception in SEP
they (our security team) don't want to go that route, see there response above.
they manage the SEP AV management console
I.would try it before I would spend time reimagining  but that is your choice
it's not my choice, they want me to push updated drivers to resolve this issue for affected laptops, where are the updated drivers?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
we might have to update the driver, as Symantec has quarantined the Mictray64.exe file, however, now the keyboard hot keys don't function :(
now I need to package and push driver to x 2 specific models.
Avatar of btan
btan

Have to patch the build drivers as per your patch regime rollout. I dont suggest exception case unless it is too many endpoint affected. Avoid a big bang and test within a small pilot user group first.
Advice given for considerations.