Instant Messaging (IM) applications (such as HexChat) are designed for real-time communication. While useful in personal or open-source community contexts, in enterprise environments they may not always align with business or compliance policies because they can:
Introduce unmonitored communication channels.
Increase the risk of data leakage if misused.
Require additional patching and oversight to remain secure.
The Saner CVEM platform helps administrators detect, review, and control Instant Messaging applications installed on endpoints.
1. Detecting Instant Messaging Applications
Saner CVEM continuously monitors endpoints and generates Posture Anomalies when IM applications are installed.
Steps to Detect:
Navigate to the Posture Anomaly (PA) Dashboard.
Locate the anomaly PA-2022-1057 – Instant Messaging applications are installed.
This rule is triggered whenever IM clients are found on devices.
Review the Summary Section:
OS family with the most anomalies (e.g., Unix).
Group with the most anomalies (e.g., Ubuntu).
Operating System version with the highest anomalies (e.g., Ubuntu 24.04).
Check Posture Anomaly by Device:
Example:
node6-standard-pc-i440fx…
(Unix) – 6 anomalies.
Review Posture Anomaly by Incidence:
Lists detected IM applications and related packages.
Example:
hexchat
– 1 devicehexchat-common
– 1 devicehexchat-lua
– 1 devicehexchat-perl
– 1 devicehexchat-plugins
– 1 devicehexchat-python3
– 1 device
Use visual dashboards (Group, Family, OS) to quickly assess the distribution.
2. Investigating the Risk
After anomalies are detected:
Determine if the IM client is approved for business use or unauthorized.
Check if the IM client has been installed for development, testing, or external collaboration.
Validate whether the application is being used in compliance with IT and security policies.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article