Question Why does Trend Micro send telemetry to data mining firms?

Status
Not open for further replies.
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
Hi guys,

I usually run Trend Micro but decided to watch back end traffic coming from the core system files of Trend Micro. I found Trend Micro is sending constant telemetry to marketing and/or datamining firms.

Examining the data it appears they send system activity and websites visited to a couple different firms including Scorecardresearch. If I block these domains/IP addresses Trend Micro functions normally with no apparent issues. However they seem to change up where the data is sent on an irregular basis.

This is quite alarming to me, and I am thinking of uninstalling it. Thoughts?

Trend_Score.png
 
  • Like
Reactions: Sunshine-boy, JB007, motox781 and 1 other person
Game Of Thrones

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
225
there are some possibilities like it can be a link that one of your services is trying to access and trend is scanning it.
 
  • Like
Reactions: JB007
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
Game Of Thrones said:
there are some possibilities like it can be a link that one of your services is trying to access and trend is scanning it.
Click to expand...

No.. For Trend to scan it, it does it locally and then if necessary connects via core services to Trend Micro domains. The point here is, Trend is DEFINITELY connecting to telemetry harvesting domains during day to day use. You can test this yourself. There is no possible reason CoreServices should ever be connecting to a company like ScoreCardResearch.

Trend_score2.png



Even more alarming to me.. CoreServices (Trend Internal Components) also connect to TMRG INC, otherwise known as RelevantKnowledge.
RelevantKnowledge by TMRG - Should I Remove It?
 
  • Like
Reactions: JB007 and darko999
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
Perhaps this would help.. Essentially what I am doing is analyzing all of the activity with a service or process. What I am finding is 99% of the programs on my system aren't doing anything suspicious or hitting any backend redirects that would cause any alarm. About the only thing I found was CCLEANER internal process calls to BusinessInsider when launched (LOL), no big deal..

But Trend, different story; TMRG, Relevant Knowledge and ScoreCardResearch are all SLEEZEBALLS.


trend2.png
 
  • Like
Reactions: JB007, EASTER, Handsome Recluse and 1 other person
_CyberGhosT_

_CyberGhosT_

Level 53
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Aug 2, 2015
4,300
Slyguy said:
Perhaps this would help.. Essentially what I am doing is analyzing all of the activity with a service or process. What I am finding is 99% of the programs on my system aren't doing anything suspicious or hitting any backend redirects that would cause any alarm. About the only thing I found was CCLEANER internal process calls to BusinessInsider when launched (LOL), no big deal..

But Trend, different story; TMRG, Relevant Knowledge and ScoreCardResearch are all SLEEZEBALLS.


trend2.png
Click to expand...
Mess with them, in your hostfile block the destinations and see how Trend Reacts :p
If Trend is for sure doing this (just me) I would dump it like a hot potato. Have you contacted trend support and asked them ? I bet their answers would be very entertaining lol
 
  • Like
Reactions: Brie, Al-Faqir, JB007 and 2 others
motox781

motox781

Level 10
Verified
Well-known
Apr 1, 2015
497
I don't know what any of this means (app your using to determine this), but would like to know the outcome ;)

Please keep us updated.
 
  • Like
Reactions: JB007
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
motox781 said:
I don't know what any of this means (app your using to determine this), but would like to know the outcome ;)

Please keep us updated.
Click to expand...

After the holidays I will be back to the NOC, we have a malware analysis/test lab there. We will take a look.

For now, I have reverted all of my systems in the home back to Emsisoft. I can't have my AV products transmitting telemetry to places like Relevant Knowledge, that's absolutely not cool. On the bright side, Emsisoft is one of the least chatty programs I have ever seen. Any communication ONLY traverses to their own domains.
 
  • Like
Reactions: Al-Faqir, DDE_Server, JB007 and 2 others
EASTER

EASTER

Level 4
Verified
Well-known
May 9, 2017
150
ScorecardResearch, a service of Full Circle Studies, Inc. is part of the comScore, Inc. market research community, a leading global market research effort that studies and reports on Internet trends and behavior. ScorecardResearch conducts research by collecting Internet web browsing data and then uses that data to help show how people use the Internet, what they like about it, and what they don’t.
Click to expand...

Ugh.
 
  • Like
Reactions: MeltdownEnemy, JB007, frogboy and 2 others
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
EASTER said:
Ugh.
Click to expand...

It's worse than this.. Full Circle is owned by comScore, which is based in Reston VA. and we all know what that means.. If that wasn't bad enough, comScore is a partnership formed by Kantar and WPP, another data mining firm.. WPP is largely known to be funded by the CIA and the CIA uses WPP to harvest telemetry from Spotify, Facebook and well - I wonder if Trend too? Curious partnerships for an antivirus firm to be involved with..

WPP Agency Takes Funding From CIA Investment Unit

So not only do you have some real sleaze-balls, you have firms based on the doorstep of the NSA and funded by the CIA.. Thinking back to Snowden releases, the Trend CEO said 'Spies aren't the bad guys, snooping on your private life" (or something simlar) that statement now makes more sense. These firms don't have to worry about things like the FISA court if they use private data mining firms to steal your secrets.

Trend was pulled from my home devices post-haste.
 
  • Like
Reactions: MeltdownEnemy, JB007, Fritz and 2 others
Game Of Thrones

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
225
Slyguy said:
It's worse than this.. Full Circle is owned by comScore, which is based in Reston VA. and we all know what that means.. If that wasn't bad enough, comScore is a partnership formed by Kantar and WPP, another data mining firm.. WPP is largely known to be funded by the CIA and the CIA uses WPP to harvest telemetry from Spotify, Facebook and well - I wonder if Trend too? Curious partnerships for an antivirus firm to be involved with..

WPP Agency Takes Funding From CIA Investment Unit

So not only do you have some real sleaze-balls, you have firms based on the doorstep of the NSA and funded by the CIA.. Thinking back to Snowden releases, the Trend CEO said 'Spies aren't the bad guys, snooping on your private life" (or something simlar) that statement now makes more sense. These firms don't have to worry about things like the FISA court if they use private data mining firms to steal your secrets.

Trend was pulled from my home devices post-haste.
Click to expand...
Wow just wow, i did not expect this, i will Uninstall this product, until more clarification. Thanks for perusing for the answer.
 
  • Like
Reactions: DDE_Server, JB007 and Fritz
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
Game Of Thrones said:
Wow just wow, i did not expect this, i will Uninstall this product, until more clarification. Thanks for perusing for the answer.
Click to expand...

This is disheartening to me. As a longtime supporter and user of Trend, especially given it's great performance in the last few years. Believe me, this is not what I wanted to see.

Also interesting.. Since ASUS routers use Trend Micro, ASUS has disclosed in their EULA that they can (and will) send sensitive data back to Trend and their Partners. This of course includes the router, but I really need to take a closer look at the Trend Micro Maximum Security EULA.

Asus router warnings on privacy and security
The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.
 
  • Like
Reactions: JB007, Fritz and Game Of Thrones
Game Of Thrones

Game Of Thrones

Level 5
Verified
Well-known
Jun 5, 2014
225
Slyguy said:
This is disheartening to me. As a longtime supporter and user of Trend, especially given it's great performance in the last few years. Believe me, this is not what I wanted to see.

Also interesting.. Since ASUS routers use Trend Micro, ASUS has disclosed in their EULA that they can (and will) send sensitive data back to Trend and their Partners. This of course includes the router, but I really need to take a closer look at the Trend Micro Maximum Security EULA.

Asus router warnings on privacy and security
The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.
Click to expand...
yeah, i use an Asus router too with TrendMicro. but I disabled it a long time ago :)
 
  • Like
Reactions: JB007 and Fritz
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
Ugh.. The deeper I dig.. Remember, Booz Allen is a major NSA contractor, that's where Snowden worked.. It appears that by installing Trend Micro, one is not only joining their systems with extensive data mining firms, but also with both the CIA and NSA.

In fact, the NSA's contractors are WORKING AT TREND MICRO!

Trend Micro and Booz Allen Form Strategic Partnership For Threat Intelligence Services
Trend Micro and Booz Allen Hamilton today announced a strategic partnership that fuses Booz Allen’s Predictive Threat Intelligence consulting and integration services with Trend Micro’s best-in-breed threat intelligence, providing clients with a data-rich, on-demand view of their cybersecurity ecosystems backed by an integrated team of Booz Allen-Trend Micro analysts.

What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton
 
  • Like
Reactions: bayasdev, JB007, Fritz and 2 others
mekelek

mekelek

Level 28
Verified
Well-known
Feb 24, 2017
1,695
Slyguy said:
Ugh.. The deeper I dig.. Remember, Booz Allen is a major NSA contractor, that's where Snowden worked.. It appears that by installing Trend Micro, one is not only joining their systems with extensive data mining firms, but also with both the CIA and NSA.

In fact, the NSA's contractors are WORKING AT TREND MICRO!

Trend Micro and Booz Allen Form Strategic Partnership For Threat Intelligence Services
Trend Micro and Booz Allen Hamilton today announced a strategic partnership that fuses Booz Allen’s Predictive Threat Intelligence consulting and integration services with Trend Micro’s best-in-breed threat intelligence, providing clients with a data-rich, on-demand view of their cybersecurity ecosystems backed by an integrated team of Booz Allen-Trend Micro analysts.

What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton
Click to expand...
uhh this is juicy
 
  • Like
Reactions: JB007, EASTER, Fritz and 1 other person
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
It is puzzling to me that in this age of toxicity associated with US Intel (DISA, CIA, NSA,whatever) that a firm would willingly ink a deal with any of them. They must be getting enough govt. funds to not really care either way.
 
  • Like
Reactions: JB007 and Fritz
Slyguy

Slyguy

Level 44
Thread author
Verified
Jan 27, 2017
3,318
ravi prakash saini said:
The country Trend Micro is based is fully under the control of uncle Sam so they have to follow command from uncle if intentionally or unintentionally
Click to expand...

Trend obviously took the path of least resistance - full cooperation with the intelligence state. This may explain their fairly recent announcement of 'Major' expansion in their US Operations.. After all they are joined at the hip now with the intelligence complex and probably have near unlimited funds. Trend, by doing this, in my opinion have put consumer privacy and protection behind profit. I think we can safety assume they are whitelisting the toys intelligence uses, with those NSA and CIA contractors on staff - it's nearly a sure bet. Can you imagine the intelligence boon the telemetry of an AV would be? Trend is dead to me now.

Also note, the NSA's investment wing (Strategic Cyber Ventures) was formed by Trend Micro and the NSA (through Booz).. This is a bit similar to CIA's In-Q-Tel in that they are investing in firms that show promise in cyber security. One more way Trend is joined at the hip with US Intel.
 
Last edited:
  • Like
Reactions: JB007, Game Of Thrones, Fritz and 1 other person
Status
Not open for further replies.

Similar threads

oldschool
    • Like
    • +Reputation
    • Applause
Security News Security Firms Aiding Ukraine During War Could Be Considered Participants in Conflict
Replies
3
Views
502
Security News
Bumblebee Uncle
Bumblebee Uncle
SpyNetGirl
    • Like
    • +Reputation
    • Hundred Points
Harden Windows Security | Only with official documented methods | Always up to date
Replies
51
Views
2,955
Other Security for Windows
SpyNetGirl
SpyNetGirl
oldschool
    • Like
    • Wow
    • +Reputation
Why You Suddenly Need To Delete Google Chrome
Replies
17
Views
2,743
News Archive
Dave Russo
D

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top