Endpoint Protection

Hello all,

I have a user that has downloaded MultiMon from Resplendence Software (http://www.resplendence.com/multimon) and SEP keeps calling it a keylogger and sending it to the quarintine list. Before I allow them to keep it can anyone tell me if this really is a keylogger or not? If not, then why would SEP flag it as one?

Thanks in advance for your help with this!

If its a trialware version then it might be sending data back to its server which Symantec would find suspicious and would Detect it..

To allow it..

If your client is self managed or in Client control mode then

Open SEP client--Change Settings--Proactive Threat Protection--Commercial Application --Keylogger

Change the action to Ignore or Log.

If you want to do it from SEP Manager console..

Then do it from SEPM-Policies--Antivirus policy--Truscan Proactive threat scan--

According to the SoftPedia description (http://www.softpedia.com/get/Security/Keylogger-Monitoring/MultiMon.shtml) MultiMon does have the ability to perform keyboard monitoring. This appears to be a typical system monitoring software and as such would explain why we are detecting it.

I would recommend to create an exclusion only for this program however, because adding an exlusion for any keyloggers would be a bit of a security issue in my opinion.

Yeah, checked the MultiMon on Softpedia. SEP didn't allow me to download the installer. It is a monitoring tool and has a keyboard activity monitor among other spyware type features - it does spy on the user activities.