Skip to main content
Solved

XDR alerting about hundreds of machines downloading tightvnc

  • December 16, 2024
  • 2 replies
  • 47 views
A
Forum|alt.badge.img

Hi, our network threat detection system is alerting about hundreds of PCs downloading TightVNC.  The URLs used to conduct these downloads look like this (defanged version): 

hxxps://d1ovafk2iqpmhd[dot]cloudfront[dot]net/automox.com/tightvnc/@v/v2.8.84.windows-amd64.zip

 

Can you please confirm if it is by design for the amagent.exe to download TightVNC even if no admin ever intentionally installed TightVNC on any PCs?  If so, why would this happen if we don’t use TIghtVNC or Automox for remote desktop control?

Best answer by automox_admin_8732

Support said that because the HTTP request being made from our PCs are “HEAD” and not “GET” the file is not actually being downloaded.  They said that this is just the amagent checking to see what the most recent version of TightVNC is.

View original
How helpful was this post to you?

2 replies

Marshyp
Forum|alt.badge.img
  • Marshyp
  • Pro
  • 7 replies
  • January 13, 2025

Automox uses TightVNC for the remote control console, that said if you’re not using it I am not sure that it should be downloading it - That would need somebody from the team to answer.

 

Should it help, we are NOT seeing TightVNC installed on our clients until the device has a Remote Control session initiated (or initiates one).

~ Shouting at computers.
A
Forum|alt.badge.img

Support said that because the HTTP request being made from our PCs are “HEAD” and not “GET” the file is not actually being downloaded.  They said that this is just the amagent checking to see what the most recent version of TightVNC is.

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings