Dear ITarian Community,
Our security partner Xcitium has made some big security changes which might have knock on effects to your devices, but these changes were made to keep people secure.
Over time hackers are improving their methods of getting into devices and working around security products, and one of the methods their security analysts are seeing is the rise in remote access tools being used in conjunction with leaked administrative credentials.
After gaining access to the machine remotely using these tools the admin credentials are used to disable or remove the security suite allowing the attacker to drop the payload and do anything they wish to the machine and the data it has access to.
As a first line of defense move, the Xcitium team have removed the following list of remote access & uninstall tools from the pre-populated whitelist of their product meaning it will block the running of these tools. As these tools cannot be run the attacker cannot gain access to the device in the first place keeping you protected.
The team understand some of you might not use our built-in remote control tools and opt to use one of the ones on the list, this is not an issue and can easily be corrected by adding that one tool to the whitelist leaving all the others blocked reducing the attack vector.
If you have any issues or need help creating these rules please reach out to support@xcitium.com
Removed Tools
- IObit.com
- IObit CO., LTD
- RealVNC
- uvnc bvba
- Remotesoft, Inc.
- RealVNC Ltd
- LogMeIn, Inc
- LogMeIn Inc
- LOGMEIN, INC.
- LogMeIn, Inc.
- LogMeIn Inc
- AWERAY LIMITED
- Sysgem AG
- NetSarang Computer, Inc.
- NetSarang Computer, Inc
- EduIQ.com Damjan Kriznik s.p.
- ZOHO Corporation
- Zoho Corporation Pvt. Ltd.,
- ZOHO Corporation private limited
- ZOHO Corporation private Limited
- Zoho Corporation Private Limited
- ZOHO CORPORATION PRIVATE LIMITED
- ZOHO Corporation Private Limited
- ZOHO Corporation
- BeyondTrust Software Inc
- ConnectWise
- ConnectWise, LLC
- CONNECTWISE, LLC
- Connectwise, LLC
- ConnectWise, Inc.
- Splashtop Inc.
- AOMEI International Network Limited
- Aomei Technology Co., Limited
- ChengDu AoMei Tech Co., Ltd
- CHENGDU AOMEI Tech Co., Ltd.
- Chengdu AoMei Technology Co., Ltd
- CHENGDU AOMEI TECHNOLOGY CO., LTD.
- PURSLANE
- German Gorodokuplya
- HuoRongBoRui (Beijing) Technology Co.,Ltd
- CRYSTAL RICH LTD.
- Crystal Rich Ltd
- Wen Jia Liu
- 一普明为(北京)信息技术有限公司
- Xi’an Expand Network Technology Co, Ltd.
- Open Source Developer, Marcin Szeniak