Why does Trend Micro send telemetry to data mining firms?

Discussion in 'Trend Micro' started by Slyguy, May 26, 2017.

  1. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    Hi guys,

    I usually run Trend Micro but decided to watch back end traffic coming from the core system files of Trend Micro. I found Trend Micro is sending constant telemetry to marketing and/or datamining firms.

    Examining the data it appears they send system activity and websites visited to a couple different firms including Scorecardresearch. If I block these domains/IP addresses Trend Micro functions normally with no apparent issues. However they seem to change up where the data is sent on an irregular basis.

    This is quite alarming to me, and I am thinking of uninstalling it. Thoughts?

    [​IMG]
     
  2. Game Of Thrones

    Game Of Thrones Level 5

    Jun 5, 2014
    200
    625
    IT professional, real estate developer
    Windows 10
    Norton
    there are some possibilities like it can be a link that one of your services is trying to access and trend is scanning it.
     
    JB007 likes this.
  3. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    No.. For Trend to scan it, it does it locally and then if necessary connects via core services to Trend Micro domains. The point here is, Trend is DEFINITELY connecting to telemetry harvesting domains during day to day use. You can test this yourself. There is no possible reason CoreServices should ever be connecting to a company like ScoreCardResearch.

    [​IMG]


    Even more alarming to me.. CoreServices (Trend Internal Components) also connect to TMRG INC, otherwise known as RelevantKnowledge.
    RelevantKnowledge by TMRG - Should I Remove It?
     
    JB007 and darko999 like this.
  4. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    Perhaps this would help.. Essentially what I am doing is analyzing all of the activity with a service or process. What I am finding is 99% of the programs on my system aren't doing anything suspicious or hitting any backend redirects that would cause any alarm. About the only thing I found was CCLEANER internal process calls to BusinessInsider when launched (LOL), no big deal..

    But Trend, different story; TMRG, Relevant Knowledge and ScoreCardResearch are all SLEEZEBALLS.


    [​IMG]
     
  5. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    Mess with them, in your hostfile block the destinations and see how Trend Reacts :p
    If Trend is for sure doing this (just me) I would dump it like a hot potato. Have you contacted trend support and asked them ? I bet their answers would be very entertaining lol
     
    JB007, ravi prakash saini and frogboy like this.
  6. motox781

    motox781 Level 5

    Apr 1, 2015
    242
    745
    USA
    Windows 10
    Kaspersky
    I don't know what any of this means (app your using to determine this), but would like to know the outcome ;)

    Please keep us updated.
     
    JB007 likes this.
  7. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    After the holidays I will be back to the NOC, we have a malware analysis/test lab there. We will take a look.

    For now, I have reverted all of my systems in the home back to Emsisoft. I can't have my AV products transmitting telemetry to places like Relevant Knowledge, that's absolutely not cool. On the bright side, Emsisoft is one of the least chatty programs I have ever seen. Any communication ONLY traverses to their own domains.
     
  8. EASTER

    EASTER Level 3

    May 9, 2017
    110
    352
    SouthWest Indiana (Evansville)
    Windows 10
    Microsoft
    Ugh.
     
    JB007, frogboy, Fritz and 1 other person like this.
  9. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    It's worse than this.. Full Circle is owned by comScore, which is based in Reston VA. and we all know what that means.. If that wasn't bad enough, comScore is a partnership formed by Kantar and WPP, another data mining firm.. WPP is largely known to be funded by the CIA and the CIA uses WPP to harvest telemetry from Spotify, Facebook and well - I wonder if Trend too? Curious partnerships for an antivirus firm to be involved with..

    WPP Agency Takes Funding From CIA Investment Unit

    So not only do you have some real sleaze-balls, you have firms based on the doorstep of the NSA and funded by the CIA.. Thinking back to Snowden releases, the Trend CEO said 'Spies aren't the bad guys, snooping on your private life" (or something simlar) that statement now makes more sense. These firms don't have to worry about things like the FISA court if they use private data mining firms to steal your secrets.

    Trend was pulled from my home devices post-haste.
     
  10. _CyberGhosT_

    _CyberGhosT_ Level 52
    Trusted

    Aug 2, 2015
    4,170
    27,465
    Retired
    Central US
    Linux Mint
    Default-Deny
    I know right lol
     
    JB007, frogboy and EASTER like this.
  11. Game Of Thrones

    Game Of Thrones Level 5

    Jun 5, 2014
    200
    625
    IT professional, real estate developer
    Windows 10
    Norton
    Wow just wow, i did not expect this, i will Uninstall this product, until more clarification. Thanks for perusing for the answer.
     
    JB007 and Fritz like this.
  12. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    This is disheartening to me. As a longtime supporter and user of Trend, especially given it's great performance in the last few years. Believe me, this is not what I wanted to see.

    Also interesting.. Since ASUS routers use Trend Micro, ASUS has disclosed in their EULA that they can (and will) send sensitive data back to Trend and their Partners. This of course includes the router, but I really need to take a closer look at the Trend Micro Maximum Security EULA.

    Asus router warnings on privacy and security
    The EULA also contains language holding the router’s owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro.
     
    JB007, Fritz and Game Of Thrones like this.
  13. Game Of Thrones

    Game Of Thrones Level 5

    Jun 5, 2014
    200
    625
    IT professional, real estate developer
    Windows 10
    Norton
    yeah, i use an Asus router too with TrendMicro. but I disabled it a long time ago :)
     
    JB007 and Fritz like this.
  14. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    Ugh.. The deeper I dig.. Remember, Booz Allen is a major NSA contractor, that's where Snowden worked.. It appears that by installing Trend Micro, one is not only joining their systems with extensive data mining firms, but also with both the CIA and NSA.

    In fact, the NSA's contractors are WORKING AT TREND MICRO!

    Trend Micro and Booz Allen Form Strategic Partnership For Threat Intelligence Services
    Trend Micro and Booz Allen Hamilton today announced a strategic partnership that fuses Booz Allen’s Predictive Threat Intelligence consulting and integration services with Trend Micro’s best-in-breed threat intelligence, providing clients with a data-rich, on-demand view of their cybersecurity ecosystems backed by an integrated team of Booz Allen-Trend Micro analysts.

    What do National Intelligence Director Clapper and NSA Whistleblower Snowden Have in Common? Booz Allen Hamilton
     
    JB007, Fritz, mekelek and 1 other person like this.
  15. mekelek

    mekelek Level 21

    Feb 24, 2017
    1,012
    4,410
    Hungary
    Windows 10
    Kaspersky
    uhh this is juicy
     
    JB007, EASTER, Fritz and 1 other person like this.
  16. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    It is puzzling to me that in this age of toxicity associated with US Intel (DISA, CIA, NSA,whatever) that a firm would willingly ink a deal with any of them. They must be getting enough govt. funds to not really care either way.
     
    JB007 and Fritz like this.
  17. Fritz

    Fritz Level 11

    Sep 28, 2015
    516
    4,130
    Germany
    Windows 10
    Emsisoft
    That's why it's so important to vote with your wallet.
     
    rockstarrocks and JB007 like this.
  18. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    Agreed, and I voted Emsisoft with my wallet today.. 15 seats and I'm about to buy their mobile security for another 6 seats.
     
    Cehson, JB007 and Fritz like this.
  19. ravi prakash saini

    Apr 22, 2015
    604
    3,199
    india
    Windows 10
    Kaspersky
    The country Trend Micro is based is fully under the control of uncle Sam so they have to follow command from uncle if intentionally or unintentionally
     
    JB007 and Game Of Thrones like this.
  20. Slyguy

    Slyguy Level 21

    Jan 27, 2017
    1,083
    4,346
    Fortinet Engineer
    USA
    Other OS
    #20 Slyguy, May 30, 2017
    Last edited: May 30, 2017
    Trend obviously took the path of least resistance - full cooperation with the intelligence state. This may explain their fairly recent announcement of 'Major' expansion in their US Operations.. After all they are joined at the hip now with the intelligence complex and probably have near unlimited funds. Trend, by doing this, in my opinion have put consumer privacy and protection behind profit. I think we can safety assume they are whitelisting the toys intelligence uses, with those NSA and CIA contractors on staff - it's nearly a sure bet. Can you imagine the intelligence boon the telemetry of an AV would be? Trend is dead to me now.

    Also note, the NSA's investment wing (Strategic Cyber Ventures) was formed by Trend Micro and the NSA (through Booz).. This is a bit similar to CIA's In-Q-Tel in that they are investing in firms that show promise in cyber security. One more way Trend is joined at the hip with US Intel.
     
Loading...
Similar Threads Forum Date
trend micro does not Trend Micro Feb 17, 2015
What does this mean ? What should I click please? HitmanPro (Sophos) Dec 18, 2017
Kaspersky 2018 does not update automatically Kaspersky Dec 14, 2017