Detecting Instant Messaging Applications on the System

Modified on Tue, 30 Sep at 4:22 PM

Instant Messaging (IM) applications (such as HexChat) are designed for real-time communication. While useful in personal or open-source community contexts, in enterprise environments they may not always align with business or compliance policies because they can:

  • Introduce unmonitored communication channels.

  • Increase the risk of data leakage if misused.

  • Require additional patching and oversight to remain secure.

The Saner CVEM platform helps administrators detect, review, and control Instant Messaging applications installed on endpoints.


1. Detecting Instant Messaging Applications

Saner CVEM continuously monitors endpoints and generates Posture Anomalies when IM applications are installed.

Steps to Detect:

  1. Navigate to the Posture Anomaly (PA) Dashboard.

  2. Locate the anomaly PA-2022-1057 – Instant Messaging applications are installed.
        This rule is triggered whenever IM clients are found on devices.

  3. Review the Summary Section:

    • OS family with the most anomalies (e.g., Unix).

    • Group with the most anomalies (e.g., Ubuntu).

    • Operating System version with the highest anomalies (e.g., Ubuntu 24.04).

  4. Check Posture Anomaly by Device:

    • Example: node6-standard-pc-i440fx… (Unix) – 6 anomalies.

  5. Review Posture Anomaly by Incidence:

    • Lists detected IM applications and related packages.

    • Example:

      • hexchat – 1 device

      • hexchat-common – 1 device

      • hexchat-lua – 1 device

      • hexchat-perl – 1 device

      • hexchat-plugins – 1 device

      • hexchat-python3 – 1 device

  6. Use visual dashboards (Group, Family, OS) to quickly assess the distribution.


2. Investigating the Risk

After anomalies are detected:

  • Determine if the IM client is approved for business use or unauthorized.

  • Check if the IM client has been installed for development, testing, or external collaboration.

  • Validate whether the application is being used in compliance with IT and security policies.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article