Include Mouse Movers/Jigglers/Wigglers in Potentially Unwanted Programs Listing.

[Bob Kelsall 0]

Could mouse movers which stop unattended screen locks from functioning be included in the Potentially Unwanted Program checks, these applications bypass security checks and leave unattended systems open open to abuse.

[Marcos 5,077]

Could you please provide an example of such application? As far as I remember, those are typically detected as joke applications and are not malicious as long as they only move the mouse cursor but don't do anything bad.

[Bob Kelsall 0]

They bypass security settings which lock unattended screens set through GPOs and as such could leave organisations open to direct abuse on any unattended, unlocked systems.
Mouse Jiggler for Windows - Download it from Uptodown for free
Move Mouse - Microsoft Apps
Wiggler - The mouse moving app - Microsoft Apps
There are many more and USB devices.  They might be designed to stop companies spying on workers but they leave a gaping hole in security and are becoming more widespread.
How to Detect a Mouse Jiggler? And Other Ways Employees Try to Trick Monitoring Software (linkedin.com)

[Marcos 5,077]

Seems to be a legit tool, there seems to be no reason for detecting it:

A utility to continuously jiggle the mouse pointer to prevent screen saver activation.

[Bob Kelsall 0]

So when an ISO 27001 Auditor asks for proof that our unattended screen policies are working (which they do on random devices) we can say one of our Security Providers spokespersons, Marcos at ESET, doesn't see a problem with Jigglers?

I don't think that will help us keep our accreditation somehow!

The whole point of screen savers these days is to secure systems, anything that bypasses any security setting is dangerous and a threat.

[Marcos 5,077]

It's basically only one (Rising) out of 71 security software vendors that detect it at VirusTotal. If the tool turns out to be misused in attacks, we'll reconsider detection:

https://www.virustotal.com/gui/file/1ce344ef37998f2d2bdd6abcb121a08ef17f02ccfdc601f2da9bef6d02b00f7e

[TheStill 29]

50 minutes ago, Bob Kelsall said:

So when an ISO 27001 Auditor asks for proof that our unattended screen policies are working (which they do on random devices) we can say one of our Security Providers spokespersons, Marcos at ESET, doesn't see a problem with Jigglers?

I don't think that will help us keep our accreditation somehow!

The whole point of screen savers these days is to secure systems, anything that bypasses any security setting is dangerous and a threat.

I think you need to review your security policies.

Why are you allowing users to install random pieces of software? If they require specific software then they should be requesting it. You should also remind people if their computers are found to have unauthorised software then they will face whatever punishment your company deems necessary. 

The same goes for computers being locked when they are not present. Your policy should require that if a user steps away from their computer then they are responsible for locking it. If the computer won't lock then they need to report it so that it can be fixed. 

Relying on a screensaver to lock a computer is a last line of defence. An auditor would very likely ask you why users don't lock computers themselves. 

[Bob Kelsall 0]

Unapproved actions by trusted employees who have a genuine business needs to have administration rights to systems is not something we can discus here for obvious reasons.

It would be nice if our security products could at least alert us to potential risks where our steps to guard against forgetfulness are being subversed, we have also asked our vulnerability management solutions provider a similar question re, detection of these apps so we can at least identify whether we have a problem here or not.  It has been identified as a risk so we need to be able to it.