Any newly installed software on your company’s workstations can be the first alert indicating a data breach at a very early stage. VNC client is perhaps one of the most widely used programs for remotely accessing a desktop computer over a network. The program is very intuitive and easy to use. The program's functionality includes its own file manager and mini chat, as well as the program’s functionality provides an address book to which you can add the most frequently used connections. VNC tracking and proactively blocking all unauthorized installs it is a critical procedure that shall be performed by all departments on an ongoing basis.
Remote access and remote desktop management tools are a good way to save time for remote administration and other related tasks. It is well known that such programs are not always used for good. Malefactors apply similar means or their specialized analogs for achievement of the mercenary purposes.
Below there are a ways to get a list of installed software and VNC tracking to avoid unauthorized access.
Option 1: Via Control Panel on a Local Computer:
1. Open Windows Explorer (Win+E)
2. Navigate to “Control Panel\Programs\Programs and Features” to display the following screen:
3. Click on “Installed On” column to sort by installed date and have the most recently installed programs pop up on top.
Option 2: Via Wmic Utility on a Remote Computer:
1. Launch PowerShell command prompt (press Win+R, type “powershell”, Enter)
2. In the PS command prompt, Get-WmiObject -Class Win32_Product –Computer computername | Select-Object Name,InstallDate | Sort-Object InstallDate
Step 1 - Sign-up for Free:
Step 2 - Type Your Question in Plain English:
Step 3 - Set Filters, If Necessary:
Step 4 - See Results from All Endpoints in Seconds:
A lot of cyberattacks start with installation of new software. According to 2016 Verizon Data Breach Investigation Report (DBIR), a very common tactic used by intruders involves installation of remote control software , such as Team Viewer, Real VNC, join.me or LogMeIn. Quite a few registered attacks used email phishing techniques asking users to call an IT helpdesk to resolve a certain problem. When those users called a fictitious helpdesk, the cybercriminals picked up on the phone. Sounding very professionally, they asked users to install remote control software as the first step. Giving them installation URLs, they walked users through installation and then effectively took control of their computers as a stepping stone to accessing corporate files stored on a corporate network.
Action1 is a free Cloud-based Endpoint Security Platform. Among hundreds of other built-in features, it allows to automate tracking of software installations across the entire network of endpoints and enable proactive response to this very common threat. This article explains how to automate tracking of installed new software using Action1 and also shows the alternate way of manual review procedure, for organizations that are not able to utilize Action1 in their environments.