Publication Date – January 13, 2020
When classifying observations as Potentially Exploited events, we look for the presence of potentially unwanted programs (PUP) and potentially unwanted applications (PUA).
These types of software usually present a low risk to the organization. The impact of these types of events on security ratings are much lower than the impact of a malware infection. However, the presence of these types of software still present the following risks:
- These types of software are known to collect data on the users in an abusive way, which can affect system performance by constantly displaying ads or makes the system slower;
- There is an indirect risk of infection with its ability to install malware or direct the user’s browser to malicious advertising websites;
- Indicates a lack of control of the software installed on endpoint devices (e.g., users able to install software, control over approved software);
- Indicates that users have a low security-awareness. There are risks when installing software, as these types of software usually originate from unknown/untrusted sources.
For the above reasons, we have chosen to use these events as a way to measure the security posture of organizations.