mark.lillywhite

Blacklisted applications - What to Blacklist?

Blog Post created by mark.lillywhite Employee on Jan 23, 2018

Blacklisting software is one of the 'bonus' features that comes courtesy of Snow's extensive recognition database. Even the best IT Security teams often dont have the time to figure out which .exe's are good and which are harmful. 

The question though is what to define in your blacklist. The obvious ones are which snow constantly keeps up to date are:

Definition
Notes
'Games%' Games are mostly bad - especially as users need admin rights to install
'Malware -%'notice the hyphen - otherwise Malware Bytes shows up which is good!
'Filesharing%'As Filesharing apps keep morphing, this is a really good one since ongoing SRS research keeps it up to date
'Poker%'Nuff sed - Games and Gambling together???

 

Recently we've started finding other applications - I've included a link so you can research at your leisure

 

Title
Reason its bad 
'Tor Browser' For surfing the Dark Web - If you dont know read the following https://www.techrepublic.com/article/dark-web-the-smart-persons-guide/
'TunnelBear'Its a free VPN product that hides your IP Address - typically used so you can stream video from other countries...
'CCleaner 5'Recently proved as hacked - https://www.cnet.com/how-to/ccleaner-was-hacked-heres-what-to-do-next/
'Mic Tray Icon 1'

This has the capability to be a key logger - https://www.computerworld.com/article/3196125/data-security/on-hp-computers-check-for-the-conexant-keylogger-called-mictray.html

In the Application Types Categorisation in Snow, there is a 'Keylogger' category - Good to know 

PortableApps

These are applications typically launched from a USB key. This means Admin rights are not needed - could be legitimate or not legitimate use - if its a game it probably not legitamate. If you see Wireshark (Packet sniffer) being used via PortableApps, check the user - are they a Network admin (legitimate) or an ordinary user (in which case why are they being sniffed?)

Caffeine

Moves the mouse every few seconds if you are not at your desk. Stops screensavers activating, and as a colleague pointed out, makes your Skype status look active when you are actually having a kip

Zenmap (Nmap)

A network scanning tool that has several password cracking add-ons. Great if you are IT security making sure things are secure - not so good if its being used by others....

 

If you've any more that you look for, comment below - We're constantly researching more and happy to hear of new bad things.

Outcomes