Q&A Why does Trend Micro send telemetry to data mining firms?

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#1
Hi guys,

I usually run Trend Micro but decided to watch back end traffic coming from the core system files of Trend Micro. I found Trend Micro is sending constant telemetry to marketing and/or datamining firms.

Examining the data it appears they send system activity and websites visited to a couple different firms including Scorecardresearch. If I block these domains/IP addresses Trend Micro functions normally with no apparent issues. However they seem to change up where the data is sent on an irregular basis.

This is quite alarming to me, and I am thinking of uninstalling it. Thoughts?

 

Game Of Thrones

Level 5
Verified
Joined
Jun 5, 2014
Messages
199
OS
Windows 10
Antivirus
Norton
#2
there are some possibilities like it can be a link that one of your services is trying to access and trend is scanning it.
 
Likes: JB007

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#3
there are some possibilities like it can be a link that one of your services is trying to access and trend is scanning it.
No.. For Trend to scan it, it does it locally and then if necessary connects via core services to Trend Micro domains. The point here is, Trend is DEFINITELY connecting to telemetry harvesting domains during day to day use. You can test this yourself. There is no possible reason CoreServices should ever be connecting to a company like ScoreCardResearch.




Even more alarming to me.. CoreServices (Trend Internal Components) also connect to TMRG INC, otherwise known as RelevantKnowledge.
RelevantKnowledge by TMRG - Should I Remove It?
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#4
Perhaps this would help.. Essentially what I am doing is analyzing all of the activity with a service or process. What I am finding is 99% of the programs on my system aren't doing anything suspicious or hitting any backend redirects that would cause any alarm. About the only thing I found was CCLEANER internal process calls to BusinessInsider when launched (LOL), no big deal..

But Trend, different story; TMRG, Relevant Knowledge and ScoreCardResearch are all SLEEZEBALLS.


 

_CyberGhosT_

Level 52
Verified
Joined
Aug 2, 2015
Messages
4,180
OS
Linux Mint
Antivirus
Default-Deny
#5
Perhaps this would help.. Essentially what I am doing is analyzing all of the activity with a service or process. What I am finding is 99% of the programs on my system aren't doing anything suspicious or hitting any backend redirects that would cause any alarm. About the only thing I found was CCLEANER internal process calls to BusinessInsider when launched (LOL), no big deal..

But Trend, different story; TMRG, Relevant Knowledge and ScoreCardResearch are all SLEEZEBALLS.


Mess with them, in your hostfile block the destinations and see how Trend Reacts :p
If Trend is for sure doing this (just me) I would dump it like a hot potato. Have you contacted trend support and asked them ? I bet their answers would be very entertaining lol
 

motox781

Level 7
Verified
Joined
Apr 1, 2015
Messages
308
OS
Windows 10
Antivirus
Norton
#6
I don't know what any of this means (app your using to determine this), but would like to know the outcome ;)

Please keep us updated.
 
Likes: JB007

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#7
I don't know what any of this means (app your using to determine this), but would like to know the outcome ;)

Please keep us updated.
After the holidays I will be back to the NOC, we have a malware analysis/test lab there. We will take a look.

For now, I have reverted all of my systems in the home back to Emsisoft. I can't have my AV products transmitting telemetry to places like Relevant Knowledge, that's absolutely not cool. On the bright side, Emsisoft is one of the least chatty programs I have ever seen. Any communication ONLY traverses to their own domains.
 

EASTER

Level 3
Verified
Joined
May 9, 2017
Messages
113
OS
Windows 10
Antivirus
Microsoft
#8
ScorecardResearch, a service of Full Circle Studies, Inc. is part of the comScore, Inc. market research community, a leading global market research effort that studies and reports on Internet trends and behavior. ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet, what they like about it, and what they don’t.
Ugh.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#9
It's worse than this.. Full Circle is owned by comScore, which is based in Reston VA. and we all know what that means.. If that wasn't bad enough, comScore is a partnership formed by Kantar and WPP, another data mining firm.. WPP is largely known to be funded by the CIA and the CIA uses WPP to harvest telemetry from Spotify, Facebook and well - I wonder if Trend too? Curious partnerships for an antivirus firm to be involved with..

WPP Agency Takes Funding From CIA Investment Unit

So not only do you have some real sleaze-balls, you have firms based on the doorstep of the NSA and funded by the CIA.. Thinking back to Snowden releases, the Trend CEO said 'Spies aren't the bad guys, snooping on your private life" (or something simlar) that statement now makes more sense. These firms don't have to worry about things like the FISA court if they use private data mining firms to steal your secrets.

Trend was pulled from my home devices post-haste.
 

Game Of Thrones

Level 5
Verified
Joined
Jun 5, 2014
Messages
199
OS
Windows 10
Antivirus
Norton
#11
It's worse than this.. Full Circle is owned by comScore, which is based in Reston VA. and we all know what that means.. If that wasn't bad enough, comScore is a partnership formed by Kantar and WPP, another data mining firm.. WPP is largely known to be funded by the CIA and the CIA uses WPP to harvest telemetry from Spotify, Facebook and well - I wonder if Trend too? Curious partnerships for an antivirus firm to be involved with..

WPP Agency Takes Funding From CIA Investment Unit

So not only do you have some real sleaze-balls, you have firms based on the doorstep of the NSA and funded by the CIA.. Thinking back to Snowden releases, the Trend CEO said 'Spies aren't the bad guys, snooping on your private life" (or something simlar) that statement now makes more sense. These firms don't have to worry about things like the FISA court if they use private data mining firms to steal your secrets.

Trend was pulled from my home devices post-haste.
Wow just wow, i did not expect this, i will Uninstall this product, until more clarification. Thanks for perusing for the answer.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#12
Wow just wow, i did not expect this, i will Uninstall this product, until more clarification. Thanks for perusing for the answer.
This is disheartening to me. As a longtime supporter and user of Trend, especially given it's great performance in the last few years. Believe me, this is not what I wanted to see.

Also interesting.. Since ASUS routers use Trend Micro, ASUS has disclosed in their EULA that they can (and will) send sensitive data back to Trend and their Partners. This of course includes the router, but I really need to take a closer look at the Trend Micro Maximum Security EULA.

Asus router warnings on privacy and security
The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.
 

Game Of Thrones

Level 5
Verified
Joined
Jun 5, 2014
Messages
199
OS
Windows 10
Antivirus
Norton
#13
This is disheartening to me. As a longtime supporter and user of Trend, especially given it's great performance in the last few years. Believe me, this is not what I wanted to see.

Also interesting.. Since ASUS routers use Trend Micro, ASUS has disclosed in their EULA that they can (and will) send sensitive data back to Trend and their Partners. This of course includes the router, but I really need to take a closer look at the Trend Micro Maximum Security EULA.

Asus router warnings on privacy and security
The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.
yeah, i use an Asus router too with TrendMicro. but I disabled it a long time ago :)
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#14
Ugh.. The deeper I dig.. Remember, Booz Allen is a major NSA contractor, that's where Snowden worked.. It appears that by installing Trend Micro, one is not only joining their systems with extensive data mining firms, but also with both the CIA and NSA.

In fact, the NSA's contractors are WORKING AT TREND MICRO!

Trend Micro and Booz Allen Form Strategic Partnership For Threat Intelligence Services
Trend Micro and Booz Allen Hamilton today announced a strategic partnership that fuses Booz Allen’s Predictive Threat Intelligence consulting and integration services with Trend Micro’s best-in-breed threat intelligence, providing clients with a data-rich, on-demand view of their cybersecurity ecosystems backed by an integrated team of Booz Allen-Trend Micro analysts.

What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton
 

mekelek

Level 28
MH Trial
Verified
Joined
Feb 24, 2017
Messages
1,709
OS
Windows 10
Antivirus
Kaspersky
#15
Ugh.. The deeper I dig.. Remember, Booz Allen is a major NSA contractor, that's where Snowden worked.. It appears that by installing Trend Micro, one is not only joining their systems with extensive data mining firms, but also with both the CIA and NSA.

In fact, the NSA's contractors are WORKING AT TREND MICRO!

Trend Micro and Booz Allen Form Strategic Partnership For Threat Intelligence Services
Trend Micro and Booz Allen Hamilton today announced a strategic partnership that fuses Booz Allen’s Predictive Threat Intelligence consulting and integration services with Trend Micro’s best-in-breed threat intelligence, providing clients with a data-rich, on-demand view of their cybersecurity ecosystems backed by an integrated team of Booz Allen-Trend Micro analysts.

What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton
uhh this is juicy
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#16
It is puzzling to me that in this age of toxicity associated with US Intel (DISA, CIA, NSA,whatever) that a firm would willingly ink a deal with any of them. They must be getting enough govt. funds to not really care either way.
 

Slyguy

Level 37
Verified
Joined
Jan 27, 2017
Messages
2,678
OS
Other OS
#20
The country Trend Micro is based is fully under the control of uncle Sam so they have to follow command from uncle if intentionally or unintentionally
Trend obviously took the path of least resistance - full cooperation with the intelligence state. This may explain their fairly recent announcement of 'Major' expansion in their US Operations.. After all they are joined at the hip now with the intelligence complex and probably have near unlimited funds. Trend, by doing this, in my opinion have put consumer privacy and protection behind profit. I think we can safety assume they are whitelisting the toys intelligence uses, with those NSA and CIA contractors on staff - it's nearly a sure bet. Can you imagine the intelligence boon the telemetry of an AV would be? Trend is dead to me now.

Also note, the NSA's investment wing (Strategic Cyber Ventures) was formed by Trend Micro and the NSA (through Booz).. This is a bit similar to CIA's In-Q-Tel in that they are investing in firms that show promise in cyber security. One more way Trend is joined at the hip with US Intel.
 
Last edited:

Similar Threads

Similar Threads