Skip to main content

User behavior risks

Plain HTTP Credentials

OS: Windows

Description

Verifies whether or not the user has submitted credentials over insecure HTTP connections since the last scan.

Recommendation

Avoid using insecure HTTP sites (non HTTPS), especially submitting login / register forms.

High Risk Browsing

OS: Windows

Description

Verifies whether or not the user has browsed sites marked as phishing or fraud since the last scan.

Recommendation

Only access / browse trusted websites and make sure to read the URL before clicking it, to avoid becoming a victim of fraud or phishing.

High Detection Count

OS: Windows

Description

Verifies if the user has been exposed to a high number of threats since the last scan.

Recommendation

Avoid executing files coming from untrusted sources and limit your browsing to trusted sites only.

Removable Device Infection

OS: Windows

Description

Verifies whether or not the user has been exposed to a threat from a removable device (e.g., flash drive, external HDD) since the last scan.

Recommendation

Plug in only trusted removable devices, and disable AutoPlay to lower the risk of exposure to threats from corrupted external devices.

SMB Infection

OS: Windows

Description

Verifies if the user has accessed any malicious files over a network shared folder since the last scan.

Recommendation

Only access SMB shares that are trusted. You should also avoid accessing shares that are outside the internal network.

Browsing Infection

OS: Windows

Description

Verifies if the user has accessed any malicious URLs since the last scan.

Recommendation

Only access / browse trusted websites and make sure to read the URL before clicking it, to avoid becoming a victim of fraud or phishing.

Old User Password

OS: Windows

Description

Verifies if the user has not changed the login password for the account (local or domain) for more than 90 days.

Recommendation

Change the login password for the local / domain account at least every 90 days.

Shared HTTP Password External

OS: Windows

Description

Verifies if the user uses the same passwords across different external sites.

Recommendation

Avoid using the same password for multiple websites.

Shared HTTP Password Internal with External

OS: Windows

Description

Verifies if the user uses the same passwords shared between internal and external websites.

Recommendation

Avoid using a password for internal website as well as for external websites.

Old HTTP Password

OS: Windows

Description

Verifies if the user has not changed the login password for HTTP accounts (internal or external) for more than 60 days.

Recommendation

Update passwords for your HTTP accounts periodically (at least once every 60 days).

Public WiFi connection

OS: Windows

Description

Verifies if the user has been connected to a public, unprotected WiFi network since the last scan.

Recommendation

Avoid connecting to unprotected WiFi networks, or at least make sure also use a VPN service during the connection to that network.

Password not required

OS: Windows

Description

Verifies if the user accounts have the "password not required" attribute set to True, making it possible to set no password for that account and overwriting any in-place password policy.

Recommendation

Set "password not required" to False for every existent user account.

Password does not expire

OS: Windows

Description

Verifies if the user accounts have the "password does not expire" attribute set to True, thus lowering the chances of users changing the password periodically.

Recommendation

Set "password does not expire" to False for every existent user account and change it at least every 90 days.

Idle User

OS: Windows

Description

Verifies if any idle users have left their workstation unlocked since the last scan.

Recommendation

Always lock your workstation before leaving it idle.

Samba PlainText/LM/NTLM authentication

OS: Windows

Description

Verifies if any SMB connections have used plain text, LM hash, NTLMv1 or NTLMv2 authentication data since the last scan.

Recommendation

Restrict the use of plain text, LM hash, NTLMv1 or NTLMv2 authentication mechanisms on SMB clients and servers.

Low password complexity policy

OS: Windows

Description

Verifies if there is any password complexity policy in-place on the endpoint.

Recommendation

Avoid using the same password for multiple websites.