Orbital and osquery - How to Disable

[Valerius66]

Is there a way to disable both Orbital and osquery? Also, these should be clearly defined in Immunet's configuration settings.

Both Orbital and osquery are intrusive tools/services that run alongside Immunet and should not be enabled by default without prompting the user.

Thank you.

[ritchie58]

I'm sorry to say that the Orbital code can't be disabled or deleted once it's installed. It's now an integral part of how Immunet's protection works for you.

Not everyone gets the Orbital code actually. I never got the code installed on my PC. A person gets the Orbital code if Immunet detects one or more security weaknesses with your Operating System. That fills the gap for those possible vulnerabilities so to speak.

Interesting idea to let the user decide if he/she wants to use it though. You could start a new topic in the "Ideas" section of the forum regarding the subject. That's not a bad idea!

Regards, Ritchie...

[Valerius66]

Thanks Ritchie,

Really no advantage to the end user to run Orbital. Cisco doesn't need to know things like my hostname, which applications I'm running, which certificates I have installed, which services I have running etc.

Basic description of Cisco Orbital: (https://orbital.amp.cisco.com/help/what-is-orbital/)

"Cisco Orbital is a service that uses Osquery to provide you and your applications with information about your hosts. Osquery exposes an entire operating system as a relational database that you can query with SQL to gather information about the host. Orbital can be used by both Cisco customers and their applications to query their computers wherever Orbital has been deployed."

I'm sure they have this covered somewhere in their policy, however, from the perspective of a privately owned endpoint, this is huge intrusion even for a free product. By all standards this is creepy big brother tool (check for "expose" in the summary).

I will start a new topic.