Nagios Support Forum

Hi Team,

I know the NCPA is supposed to do stuff that could look malicious (collect info on a system, send info to a third party url, accept checks from the remote Nagios Server etc) but I am curious if you have considered reaching out to the Anti-Virus vendors to have them not classify the files as malicious or examine as a false positive?

The reason I ask is, in my company we have to demonstrate an application has a clean bill of health before installing on our more sensitive servers and results like the one below make it harder to get approval, even if it is only the minority of Anti-Virus vendors that have an issue.

https://www.hybrid-analysis.com/sample/ ... 5037889c7b

https://www.virustotal.com/gui/file/d3a ... /detection

I notice the app is not digitally signed either is that something you could rectify as it helps from a trust perspective? Do not mean to be critical of your NCPA agent at all - it's just these days with Security being everything it's very important in my company.

We certainly understand the importance of having high security standards, and are always working to make our software as secure as possible.

The sources that you linked raise several concerns they have with our software. Depending on the scenario, some of those could be mitigated by other security measures, related features could be configured to be off, or we could submit a feature request to our development team to add a feature in a future release.

It is also important to note that security scanners can detect a wide range of things as security faults. Something like opening a port or offering up a bit of information about the operating system could provide the opportunity for reconnaissance by a bad actor, but it is also a necessary action to conduct monitoring.

I should also mention that your Nagios XI server will be protected from some of these threats if it is behind a firewall, and is on a separate server than whatever contains your sensitive information.