Remote Administration tools are a useful method of managing hosts that you cannot physically access. However, if not properly secured they can be used by threat actors to gain access to hosts and gain access to your network through your threat surface.
This alert is highlighting you have remote administration tools within your network and where they are installed.
You can use these AROs to review what tools we have detected and take action to secure or query why they exist.
Dismissing this ARO will prevent future alerts for ANY host that has the specified remote administration tool installed. Field Effect will still alert if it detects a different remote administration tool, regardless of which host it's detected on.
Resolve this ARO if you expect changes regarding this activity (i.e the tool will be added to multiple other hosts). Field Effect will generate a new ARO of the same type with an updated overview of the remote administration tools installed in your environment.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article