Careless Behavior
Careless Behavior (Windows/Mac)
The following out-of-the-box alert rules are assigned to the (Windows/Mac) Category: CARELESS BEHAVIOR.
ALERT RULE |
Description |
---|---|
Accessing file or folder sharing settings |
An alert is triggered upon accessing Windows dialog for file sharing settings or folder sharing settings. |
Browsing Phishing sites |
An alert is triggered upon browsing to websites that have been analyzed and detected as Phishing websites that try to steal the credentials of users by presenting an imitation of legitimate websites. |
Enabling Windows Remote Assistance |
An alert is triggered upon opening the Windows Remote Assistance dialog that is built in to the Windows Operating System. This action could indicate that the user plans to grant access to this machine to a remote user. |
Enabling Windows Remote Assistance from System Properties |
An alert is triggered upon opening the Remote tab within the System Properties dialog to enable Remote Assitance. This action can indicate that the user plans to grant access to this machine to a remote user. |
Opening a clear text file that potentially stores passwords |
An alert is triggered upon detecting a potential user that stores passwords in a file that is named using the word PASSWORD (or its variants). As a bad security practice, such file names are searched for by malicious codes for password harvesting. |
Opening sharing settings on Mac Note: This rule applies specifically on Mac systems. |
An alert is triggered upon opening the Sharing settings in System Preferences on Mac, potentially to enable sharing and so allow remote access to the Mac. |
Running program with invalid digital signature |
An alert is triggered whenever Windows Operating System detects opening a file with an invalid digital signature. This usually happens upon running either files downloaded from Internet or files executed directly from a remote machine (using UNC). |
Running software to enable sharing and access from remote machine |
An alert is triggered upon running applications that enable desktop sharing with remote computers or applications that allow remote computers to access and control the computer. |
Careless Behavior (Unix/Linux)
The following out-of-the-box alert rules are assigned to the (Unix/Linux) Category: CARELESS BEHAVIOR.
ALERT RULE |
Description |
---|---|
Getting content from remote location |
An alert is triggered upon downloading or getting content/files from a remote location using a WGET/CURL/SFTP/SCP command. Such files can be risky as they could include commands that can run without proper verification. |