Support is often asked what information we collect during a survey or real-time security task sequence. While we are unable to provide proprietary information, we are able to provide a general understanding of the information that Infocyte uses to analyze a machine's health.
General information around each of the following is collected during a scan. This includes timestamps, HASHes, and any correlated data needed to make an informed decision about these objects. In general a completed analysis data package coming from the analyzed machine is less than 1 megabyte in size.
1) Active Processes Running on the machine. (Similar to what you see in Task Manager)
2) Modules loaded by any processes or applications running on the machine.
3) Memory Injects and file less objects running in volatile memory.
4) Applications and Objects Scheduled to run in the future.
5) Applications and Objects which have been ran in the past.
6) Usernames associated to the above actions.
7) Active Host connections / listeners.
8) All applications running on a machine to include versioning.
9) Census information (Host name, IP Address, OS Version, etc)
10) Behavioral Monitoring.
In the event that Infocyte's Machine Learning platform has not seen the specified object before, Infocyte may gather the code which generated the object. This gathered code is not shared with third parties and is required for static and dynamic analysis to be completed.
What is not collected
Personally Identifiable Information, Account Numbers, Normal data kept on the hard drive (confidential information) etc.
If in the process of analyzing objects for malicious activity, any confidential data IS discovered it is Infocyte's policy to remove the information from all Infocyte infrastructure machines, and notify the customer that confidential information had been found. This process allows the customer to prevent data loss in the future.