If I run an app from a USB drive on a corporate network, can its execution be seen by the admins?
And, if that app was, say, TeamViewer connecting to my home computer, what would the traffic look like to the admins?
If I run an app from a USB drive on a corporate network, can its execution be seen by the admins?
And, if that app was, say, TeamViewer connecting to my home computer, what would the traffic look like to the admins?
If I run an app from a USB drive on a corporate network, can its execution be seen by the admins?
By default on a "normal" windows corporate setup you would not usually expect them to be notified. But a system to report unrecognized executable execution could easily be implemented - I would not be surprised if vendors offer this. What is a lot more common is blocking access to USB ports or using a policy to block execution of any file that has come from an unknown source. And attempts which trigger this policy may get automatically flagged for admin review.
Its also trivial for an admin to actively pull a list of running processes on a machine.
if that app was, say, TeamViewer connecting to my home computer, what would the traffic look like to the admins?
It would be simple enough to identify the traffic as belonging to TeamViewer - from both statistical methods on the packets and the destination IP. It would not be surprising if corporate firewalls already have explicit detection for TeamViewer connections.
I would heavily advise against attempting to launch teamviewer on a corporate machine without written admin approval. Depending on the organisation and legal jurisdiction you might find your employment ending in a matter of minutes and/or requiring a legal team.
Yes they can if they are looking. Most corporate device management and or antivirus packages can report/log running applications regardless of what drive they are executing from. The fact that it is running from a usb drive might even make it more visible as they could be alerted to software running from an untrusted source (this is a favorite way of hackers with physical access to introduce malware into a network).
Your Admins have root/admin access to your work desktop, I can pretty much guarantee that, therefore they could see whatever you're doing (encrypted traffic or not).
Note, they 'could' not necessarily they 'do', these things require setup, and are not often implemented until someone abuses the system. Don't be that someone. As entrop-x and Hector point out, if you have a work-related need talk to your IT department first.