Skip to main content

Hi, our network threat detection system is alerting about hundreds of PCs downloading TightVNC.  The URLs used to conduct these downloads look like this (defanged version): 

hxxps://d1ovafk2iqpmhdmdot]cloudfrontodot]net/automox.com/tightvnc/@v/v2.8.84.windows-amd64.zip

 

Can you please confirm if it is by design for the amagent.exe to download TightVNC even if no admin ever intentionally installed TightVNC on any PCs?  If so, why would this happen if we don’t use TIghtVNC or Automox for remote desktop control?

Automox uses TightVNC for the remote control console, that said if you’re not using it I am not sure that it should be downloading it - That would need somebody from the team to answer.

 

Should it help, we are NOT seeing TightVNC installed on our clients until the device has a Remote Control session initiated (or initiates one).

Reply


Terms & ConditionsCookie settings