Trusteer Rapport

[my.computer]

Has anyone tried it out?
I think it works great, I am just curious in what others know and their opinions.


http://forums.spybot.info/showthread...505#post409505

[tashi]

Hi there,

If you haven't already seen this article by Brian Krebs you may find it and the comments of interest.

A Closer Look at Rapport from Trusteer

http://krebsonsecurity.com/2010/04/a...from-trusteer/

Cheers.

[my.computer]

Ahh, very helpful.

It only been a matter of time before the criminals started targeting it as the CEO said.

My rapport blocked an attempt to capture a Trusteer Rapport cookie
I do hope it was a false positive, but maybe it wasn't my rapport is being targeted.

[my.computer]

You know after hours of reading about Rapport, I'm starting to doubt it.
Partially do to their customer service, where they try to block up false positives.

As for the Banks recommending it, i think its all about money.

Then theres that thing where they ask you to download the version from your bank, as though every rapport version where different based on the banking.
Maybe its just that, maybe its not.

Finally one company, having control of all of this?



PS. I dont understand the reason you added the link @ Tashi

[my.computer]

Thank you for contacting Trusteer Support. A support representative will be with you shortly.

You are now chatting with 'Rony'

Rony: Hello and Welcome to Trusteer Support online response !

Rapporter: Hi i have a question of over 30 possitivesfound by rapport and i was wondering if they where false possitives.

Rapporter: I was jsut speaking to someone and i mailed the report but my window closed accidentley

Rony: Yes, I am going over what you have sent us. One moment please.

Rony: These events reflect Rapport's activities - protecting your typing from keylogging and blocking access to your cookies.
That doesn't mean there was an actual attempt by something illegitimate to retrieve the typed characters or cookies - it means that if there ever would be such an attempt, it would fail because Rapport is successfully protecting the typing/cookies.

Rapporter: How about the other reports?

Rony: Do you have a question regarding a specific section or in general?

Rapporter: the IP adresses that it blocked

Rapporter: and the screen catpure

Rony: Some applications may take screen shots as part of their regular operation.
The process mentioned in the report tried to capture an image of a protected website.
Rapport will continue blocking screen capturing attempts as long as sensitive information is presented.
It doesn't mean that any malicious attempt had been made by the application, and therefore you can ignore this alert.

Rapporter: Csn ou name the last blacoked screen capture attempt form my report that you are reading

Rony: From the report it states that the last attempt was today at 12:00.

Rapporter: yes thats ture

Rapporter: true

Rony: The process that was blocked was dwm.exe

Rapporter: i have never had these things pop up before, and i have been using rapport for about a year now.

Rapporter: Whats the explanation for the IP adresses?

Rony: The IP addresses mentioned in the report did not match Rapport's list of good addresses for that website. Rapport then replaced the IP address with a known one.

Rapporter: SO what deos that mean?

Rapporter: Those IP adresses belong to Akamai Technologies, why does it say doesn't match Santander UK

Rony: There are several possible scenarios and we cannot determine what exactly happened. However, you shouldn't be concerned since Rapport's protection is working.

Rapporter: Can these be intrepted as attacks on my computer by a hacker or program etc?

Rony: No. You will be informed by Rapport if something of that sort happens.

Rapporter: Oh okay thanks

Rapporter: ONe more thing can you try to answer this question please, i rely dont understand

Rapporter: Those IP adresses belong to Akamai Technologies, why does it say doesn't match Santander UK

Rony: Since Rapport compares the IP address to an internal list of IP addresses it is possible that those IP address are not registered there yet. However, if you haven't experienced any problems while accessing the web site, and if Rapport's icon was green, you shouldn't be concerned.

Rapporter: But I did not acces THE SANTANDERUK bank or the AKAMAI technologies bank., so how did those to cross each other?

~~~~2-3 minute gap~~~~~

Rony: One moment please.

~~~~at this point it took about 7 minutes~~~~~

Rony: While on the internet it is possible that your browser contacted the Santander website in the background. If you accessed a site which contained a link to Santander (our website http://www.trusteer.com/ is one such example) or a site that hosted Santander ads - your browser can pre-fetch the Santander address in order to improve navigation and site loading speeds, should you go to that site next. This is the reason why you received these events and you are not required to take any action.

Rapporter: okay. thanks

Rapporter: so im safe and its safe to resume banking, etc.

Rony: Yes, as long as Rapport's icon is green when accessing the site.

Rapporter: okay thank you

Rony: Thank you for choosing Trusteer's on-line chat support. We would like to encourage you to contact us for any question/problem related to Rapport by submitting a ticket.

Rapporter: one more thing

Rapporter: why did the screen capture vents suddenly start after 1 year of using rapport?

Rony: This might be due to many reasons. It is possible that you have accessed a new website or that the settings of an existing one has changed. However there is no need to be alarmed since Rapport is blocking any attempt.

Rapporter: so the websites setting cause the screen caprtures to take effect/

Rony: The anti screen capture was always working unless you have manually changed the settings. It might not always report that it is active if there was no threat or no attempts.

Rapporter: so then there is a threat since ther now are attempts? but im safe becaus erapport blocks it right? can rapport detect what the threat is?

Rony: It only states the name of the process as seen in the report.

Rapporter: very well that is all thanks, have a great day




~~~~~~END~~~~~~



I confess ive pretty much been on the same site everytime i logged in during these incidents "www.relmofthemadgod.com" Ive been on the site before the incidents even began.
Did some research on Akamai technologies and the services they provide.

See the link Tashi posted, for a complete log.

This is not a Malware help post but a peak at the Rapport software.


Rapport:a sympathetic relationship or understanding


Please Leave comments and opinions, especially if you have used the service.

References being made to reports :

IP captures/blocks
Jul 22 2011 12:50 IP address 184.30.254.196 doesn't match Santander UK
Jul 22 2011 12:50 IP address 184.30.254.196 doesn't match Santander UK
Jul 21 2011 13:31 IP address 96.6.62.196 doesn't match Santander UK
Jul 21 2011 12:09 IP address 96.6.62.196 doesn't match Santander UK



The first one is the one i questioned him on to see if he actually had a report at hand.


Jul 22 2011 12:00 dwm.exe is permanently blocked from capturing sensitive data
Jul 22 2011 11:41 plugin-container.exe is permanently blocked from capturing sensitive data
Jul 21 2011 10:23 dwm.exe is permanently blocked from capturing sensitive data
Jul 20 2011 22:21 plugin-container.exe is permanently blocked from capturing sensitive data
Jul 20 2011 17:42 AcroRd32.exe is permanently blocked from capturing sensitive data

Jul 21 2011 12:09 IP address 96.6.62.196 doesn't match Santander UK