File transfer applications (such as FTP, SFTP servers, tnftp, FileZilla, etc.) can pose security and compliance risks if installed on enterprise endpoints without authorization. These applications may allow unauthorized movement of sensitive data outside the organization.
The Saner CVEM platform helps administrators detect, analyze, and block unauthorized file transfer applications across devices.
1. Detecting File Transfer Applications
Saner CVEM continuously monitors endpoints and generates Posture Anomalies when file transfer applications are found.
Steps to Detect:
Navigate to Posture Anomaly (PA) Dashboard.
- Locate the anomaly PA-2022-1061 – File Transfer Apps are installed.
This rule triggers whenever a known file transfer application is detected.
- Review the Summary Section:
- OS family with the most anomalies (e.g., Unix).
- Group with the most anomalies (e.g., Ubuntu).
- Operating System version with the highest anomalies (e.g., Ubuntu 24.04).
- Drill down into Posture Anomaly by Device:
- Lists affected hostnames, OS families, and anomaly counts.
- Check Posture Anomaly by Incidence:
- Shows the specific application name, publisher, and number of devices impacted.
- Example:
- ftp (Ubuntu Developers) – 2 devices
- openssh-sftp-server (Ubuntu Developers) – 2 devices
- tnftp (Ubuntu Developers) – 2 devices
- FileZilla 3.69.3 (Tim Kosse) – 1 device
- Visual dashboards (by Group, Family, OS) provide quick insight into distribution.
2. Investigating the Risk
Once identified:
- Check device groups (e.g., Ubuntu servers, Windows workstations).
- Verify if the installation was intentional (e.g., for development/testing) or unauthorized.
- Correlate with user activity and business use cases before blocking.
3.Blocking File Transfer Applications
Saner CVEM provides a direct Application and Device Control option for handling detected anomalies.
Steps to Block:
- Select Fix, and go to Detected Anomalies Action panel,
- Application and Device Control
- Or choose Software Deployment (for uninstall).
- Under Possible Actions, click Application Block to restrict execution of the detected file transfer app.
- To allow again (for approved apps), use Application Unblock.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article