0

A few days ago, in the office, we were asked by our bosses to install a program. This was supposed to be an Antivirus program.

But after installing this program many of our colleagues have been facing some issues like a performance problem, application slow responsiveness, slow network connection.

  1. We can't uninstall the problem. It asks for the password. We don't know that.
  2. We can't stop this process. If we kill this from the task manager it restarts again.

I have a suspicion that it might be monitoring all of our actions like every keypress (keylogger).

We asked the management if we should worry about this they said nothing to be worried about.

We use this laptop to access our personal emails, facebook, bank account. It will be a great violation of privacy if they are keylogging or somehow managed to monitor our SSL communication like HTTPS websites skype, facebooks messages

Is there any way to be sure of if they are doing anything like and confront them?

Al-Alamin
  • 121
  • 5
  • 2
    Is this a laptop given out by your work or a personal laptop used under a BYOD scheme? – Doomgoose Sep 12 '18 at 09:52
  • The company provided the laptop but they said they are not monitoring – Al-Alamin Sep 12 '18 at 11:02
  • Are there any guidelines that allow or forbid 1) you to use the device for personal affairs 2) the company to monitor the device? – Tom K. Sep 12 '18 at 11:09
  • Most modern AV will show significant "slow down" for a few reason i. scanning web content ii.file scan. iii. query the AV server for latest bad website. Usually issue i)ii) can be "solved" with SSD. issue iii) is kinda difficult to deal with. – mootmoot Sep 12 '18 at 12:04

1 Answers1

2

This was supposed to be an Antivirus program.

But after installing this program many of our colleagues have been facing some issues like a performance problem, application slow responsiveness, slow network connection.

That is completely normal and expected behavior from many Antivirus programs, especially during scheduled scans. In other words, those aren't reasons for you to say "Hey! I think this might not be Antivirus!".

We can't uninstall the problem. It asks for the password. We don't know that.

Also completely normal. That's a standard feature to prevent users from turning off their protections in order to regain the performance they lost - and, incidentally, to make it harder for attackers to turn off the Antivirus to evade detection.

We can't stop this process. If we kill this from the task manager it restarts again.

Again, completely normal, for the same reasons.

I have a suspicion that it might be monitoring all of our actions like every keypress (keylogger).

Nothing you've indicated so far suggests this - keyloggers are usually far less intrusive than Antivirus programs.

We use this laptop to access our personal emails, facebook, bank account. It will be a great violation of privacy if they are keylogging or somehow managed to monitor our SSL communication like HTTPS websites skype, facebooks messages

Depending on your location, it would be a violation of your privacy, but might still be completely legal. In the US employers have the full right to monitor anything you do on the equipment and networks they provide for you to do work for them.

...but I really don't see anything here that suggests that. Sounds like they just installed Antivirus.

Is there any way to be sure of if they are doing anything like and confront them?

This question discusses detecting keyloggers, but the short version is, "not really."

This question discusses detecting corporate MITM, which usually boils down to examining the certificates of sites you visit, and checking your computer's Trusted Root Certificate Authorities. This is relatively easy to detect; the modern (lovely) tendency to use TLS for everything increases transparency.

gowenfawr
  • 71,975
  • 17
  • 161
  • 198