IBM Security Trusteer

Expand all | Collapse all

Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

  • 1.  Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Mon June 17, 2019 08:40 AM
      |   view attached
    Trouble with Trusteer/Rapport pushed to us by Citizens Bank.

    Mac system slows to a crawl. In Activity Monitor, find that daemon rooksd has 60,000 ports open. Google tells me this is part of Trusteer/Rapport.

    Big question: Bank pushes this software to customers, but leaves no hint for getting updates/maintenance. How is this software supposed to be updated by consumer end-users? If no update process, then frankly I cannot recommend this software.

    Thanks for any info.

    ------------------------------
    Richard Karash
    ------------------------------


  • 2.  RE: Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Tue June 18, 2019 05:00 AM

    IBM Trusteer Rapport is a powerful fraud prevention tool detecting and removing financial malware. For more than ten years, IBM Trusteer Rapport has been protecting dozens of millions of Win/Mac end points for some of the largest banks in the world.

    The IBM R&D and Security teams invest a lot of efforts to ensure a safe and smooth on-line banking experience, while maximizing their defenses from sophisticated financial malware. As part of that, Rapports functionality is constantly being optimized to ensure a conflict free operation. 

    Having said that, due to the fact that we operate at all levels of the operating system, there have been cases where we have faced issues, as with this case. Our teams will investigate this and will take care of it. 

    For that we need few more details as:

    • OS version
    • Rapport version
    • Browser version
    Our support team will reach out to get those details.


    ------------------------------
    MEIR ASISKOVICH
    ------------------------------



  • 3.  RE: Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Tue June 18, 2019 09:02 AM
    Meir - Per your request: MacOS 10.14.5
    Chrome 75.0.3770.90 (Official Build) (64-bit)
    Firefox 63.0.1 (64-bit)
    Safari 12.1.1

    Rapport version? How would one tell? Last I see is a .dmg from the original installation.

    I do have some questions which I hope can be answered here.

     1. Is the daemon rooksd part of your product?
     2. How does the user manage this product? Alerter to updates, select and install them? Know what version and whether it has been updated?
     3. There was a vulnerability identified last August, not patched by December, and publicized. Has that been patched? In which version of Trusteer?  Reference this page:  

        https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/kernel-buffer-overflow-in-trusteer-rapport-for-macos/

    Thanks!

    ------------------------------
    Richard Karash
    ------------------------------



  • 4.  RE: Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Tue June 18, 2019 09:58 AM
    More:

     4. is the daemon rapportd your daemon?
     5. Ditto for trustd?

    ------------------------------
    Richard Karash
    ------------------------------



  • 5.  RE: Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Tue June 18, 2019 06:52 AM
    Dear Richard, 

    Thank you for your feedback regarding our product, we apologize for any inconvenience it may have caused. If you wish to investigate this matter, please visit our Support website - IBM Trusteer Support kindly submit a ticket and we would be happy to assist you.

    Kind regards,

    ------------------------------
    Galit Ravid
    Enterprise Support Group Manager
    IBM Trusteer
    ------------------------------



  • 6.  RE: Trusteer/Rapport killing Mac system (rooksd 60,000 ports)

    Posted Tue June 18, 2019 09:34 AM
    Galit, done, per your request.

    However, I have basic questions (posted above). More interested in answers to these than in usual tech support.

    ------------------------------
    Richard Karash
    ------------------------------