Red Canary's detection of Unwanted Software is primarily based on the identification of certain software products running on your endpoints. For the majority of teams, Red Canary's determination that a product is unwanted matches the company's beliefs and policies.
In certain cases, these unwanted software products may either fulfill a business purpose (eg, secure communications via Tor) or may be a risk accepted by the organization (eg, Caffeine for production or kiosk systems).
Red Canary allows you to tailor unwanted software detection to your organization's needs using the Applications page.
Learning more about Unwanted Software products
The Applications page shows Red Canary's catalog of the most commonly identified unwanted software products. Each catalog entry includes product names, classifications, and why we have deemed the product as Unwanted Software.
Muting detection for certain products
To mute the detection of certain unwanted software products, select the product and use reporting tags, endpoint hostnames, and usernames to scope the muting. For example, if Caffeine is accepted for macOS endpoints in the Gotham office that have hostnames starting with "dev-", create the rule:
- Endpoint Tag operating_system = OS X
- Endpoint Tag office = Gotham
- Endpoint Hostname = dev-*
Note that the individual fields inside a muting rule must ALL match for the rule to be applied (ie, they are ANDed together). Each rule is evaluated separately when an unwanted software product is identified executing on one of your endpoints.
Muting detection for products in response to a Red Canary Detection
Oftentimes your decision to mute an unwanted software product will come as a result of Red Canary detecting the product and alerting you. When recording the remediation state of an unwanted software detection, a link will take you from the detection to the unwanted software controls.
Adding products to our catalog of Unwanted Software
Do you frequently encounter a product that you believe should be classified as Unwanted Software but is not on Red Canary's list? Send us a note at firstname.lastname@example.org and we'll chat about whether it belongs on our list.