This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Conexant MicTray Keylogger detections

So, we have started seeing these messages:

--------------------------------------------------------------------------------------------

Sophos Central Event Details for *****

What happened: We detected a potentially unwanted application (PUA) on a computer. PUAs are not malicious but are often considered unsuitable for corporate networks.

Where it happened: *****

Path: C:\Windows\System32\mictray64.exe

What was detected: Conexant MicTray Keylogger

User associated with device: *****

How severe it is: Medium

What Sophos has done so far: We blocked access to the PUA.

What you need to do: In the Sophos Central Admin console, go to the Alerts page. Select the PUA alert. To remove the PUA, click Clean up PUA(s). If you want to let it run, click Authorize PUA(s). Authorize PUAs will apply to all your computers, not just the one in this alert.

--------------------------------------------------------------------------------------------

It is only detecting on a small handful of our computers, but we have a large number using the 'defective' driver.  How can we be sure all the affected computers have been protected?



This thread was automatically locked due to age.
Parents
  • There are some instances in my console where "Manual cleaning is required".  There are others where a person other than myself acknowledged the alert so now I am not given the option to clean.  Please advise the best way to handle these situations.

     

    Thanks

Reply
  • There are some instances in my console where "Manual cleaning is required".  There are others where a person other than myself acknowledged the alert so now I am not given the option to clean.  Please advise the best way to handle these situations.

     

    Thanks

Children