Security Improvements

Dear Xcitium Community,

At Xcitium, our mission is to provide unparalleled cybersecurity to protect your environments, devices, and data. As part of our ongoing commitment to this mission, we continuously review and enhance our security measures to address emerging threats and potential vulnerabilities.

Recently, we have undertaken an internal review of certain third-party tools used for remote connections. While these tools serve legitimate purposes, they also pose potential risks if exploited by malicious actors. Specifically, in scenarios where privileged user credentials are compromised, these tools could be used to uninstall our security agents, thereby weakening your defenses.

To mitigate this risk and reduce the attack surface, we have made the decision to remove these tools from our safe lists. This change will enable us to detect these tools as malware or classify them as unknown, ensuring they are not executed without Xcitium’s patented Zero-Dwell Containment technology and thus preventing the removal of our security agents.

We understand that some customers have concerns regarding the removal of these tools. Therefore, we are providing a list of the affected tools below. We believe it is crucial to communicate this change clearly and provide a reference point for any future inquiries.

Removed Tools from Safe List

  • IObit.com
  • IObit CO., LTD
  • RealVNC
  • uvnc bvba
  • Remotesoft, Inc.
  • RealVNC Ltd
  • LogMeIn, Inc
  • LogMeIn Inc
  • LOGMEIN, INC.
  • LogMeIn, Inc.
  • LogMeIn Inc
  • AWERAY LIMITED
  • Sysgem AG
  • NetSarang Computer, Inc.
  • NetSarang Computer, Inc
  • EduIQ.com Damjan Kriznik s.p.
  • ZOHO Corporation
  • Zoho Corporation Pvt. Ltd.,
  • ZOHO Corporation private limited
  • ZOHO Corporation private Limited
  • Zoho Corporation Private Limited
  • ZOHO CORPORATION PRIVATE LIMITED
  • ZOHO Corporation Private Limited
  • ZOHO Corporation
  • BeyondTrust Software Inc
  • ConnectWise
  • ConnectWise, LLC
  • CONNECTWISE, LLC
  • Connectwise, LLC
  • ConnectWise, Inc.
  • Splashtop Inc.
  • AOMEI International Network Limited
  • Aomei Technology Co., Limited
  • ChengDu AoMei Tech Co., Ltd
  • CHENGDU AOMEI Tech Co., Ltd.
  • Chengdu AoMei Technology Co., Ltd
  • CHENGDU AOMEI TECHNOLOGY CO., LTD.
  • PURSLANE
  • German Gorodokuplya
  • HuoRongBoRui (Beijing) Technology Co.,Ltd
  • CRYSTAL RICH LTD.
  • Crystal Rich Ltd
  • Wen Jia Liu
  • 一普明为(北京)信息技术有限公司
  • Xi’an Expand Network Technology Co, Ltd.
  • Open Source Developer, Marcin Szeniak

While these tools are not inherently malicious, their misuse by unauthorized parties poses a significant risk. To ensure the continued security of your systems, we are committed to taking any necessary actions. Should you require the use of these tools for your operations, we offer several methods for whitelisting them on a per-customer basis. Portal administrators can utilize these whitelisting options to add the necessary tools to a safe list, ensuring that all other tools remain unknown or blocked.

We appreciate your understanding and continued trust in Xcitium. Our dedication to providing you with the highest level of cybersecurity remains unwavering.

Best regards,
Product Management Team

6 Likes

Hi @ilgaz

Isn’t Teamviewer also on the list?

Also, if you are likely to be blocking more vendors, please could you try to provide us with advance notice?

2 Likes

Hi support @nivedithab

Please could you publish instructions on https://wiki.xcitium.com/ with details of the exact exclusions required for some of the more popular tools in case we need to allow them on profiles.
Perhaps you could start with Teamviewer, ConnectWise and Splashtop?

Thanks

1 Like

hi @nct

I will forward it to the backend team to check for feasibility.

thank you

Hi @ilgaz / @Umut

Please could you help with documentation?

Hi @nct ,

Sure, we will create the required wiki and share it with you here.

Kind Regards,
PremJK

1 Like

Do we have any follow-up on whitelisting per-environment?

hi @BeeHiveCyberSecurity

team is working on it to update the whitelisting details in the wiki, we shall update you once everything is ready.

thank you

@BeeHiveCyberSecurity is there a particular package you are trying to whitelist?

Not so much, whitelist a specific package as - the changes in actions were not as clearly documented as they could be and we ran into a specific issue with a piece of software that, while listed, could also have been impacted by other modules and so were hoping there was, proper documentation on the functionality here so we could compare and determine what the cause was.

I’d be interested to know what you’re referring to. Would you be ok sharing more info on the post or a DM?

1 Like

Although below wiki is specific for whitelisting a DLP application, same approach can be applied to any kind of application.
https://wiki.xcitium.com/frontend/web/topic/whitelisting-guidelines-for-trusted-applications

ilgaz, if i may offer, it could help if the documentation clarified/named which modules each type of whitelisting applies to just for, those looking to sanity check.


Whitelisting an application from blocks or quarantines

Applies to:
- AntiVirus
- Auto-Containment
- HIPS
- Data Loss Protection

etc, in that format if there are different types of whitelists to be differentiated between.