I’ve been using Manjaro for a while, but last week a new icon appeared on the status bar. When right-clicking it says it is from Cybereason, but I did not install it.
Try to figure out from which package it comes from, but no good…
Is this legit?
Any idea of what this might be and how to remove it?
This shows it is not in PATH, meaning it can only be launched directly from its executable.
Considering your computer is in a company network, and that that software is security oriented, your IT department might know something about it.
Just talked with the IT department, and they do not use Cybereason.
Is there a way to see where the program is installed? It does not show up under “Add/Remove Software”.
Search the whole system for something called cybereason (supposing the name is actually used); it can take some time
find / -name cybereason
Check the processes in the Task Manager; that icon in the tray should have a running process. If you don’t find the name, you can also look for unusual processes – though many running in the background are usually unknown from the casual user.
If the programs starts on boot, then check the autostart folder for startup files at ~/.config/autostart/ for example, or system wide folder like /etc/xdg/autostart/, when you find it you could start going upstream and find if a package owns files and so on, but start from here, find what autostarts what on boot.
That may be - but you may have installed somehting which has installed it - the question is what .
The when can perhaps be looked up by examining the pacman logs - but I doubt it - as cybereason is not in any Manjaro repo and neither in AUR - under another name maybe but that’s too little to go on.
Then it is likely located somewhere in your home. Open a terminal in your home folder and run
grep -rl 'cybereason'
If you get no results - there’s even more reason to be suspicious - in that case you need to get your IT to help you - it could be the result of a drive-by-attack which could not execute because it is a Linux system - no forum comment can help you - talk to IT about your worries.
Doing some reading on cybereason .
Question
Do you have Windows also installed on this computer?
If so is it possible you installed some kind of Ransomware Protection?
Cybereason is included in some Ransomware protection software.
You can try removing these lines from that file and relog:
<value type="string" value="cybereason
your pc is protected"/>
<value type="string" value="cybereason your pc is protected"/>
What’s the content of your /opt folder?
Someone did install this on your machine. Question is if it was intentional or not. Cyberreason only seems to have Pro and above plans, which I assume costs money.
There are a lot of processes, but nothing that resembles cybereason. And no, Win is not installed on this computer.
@omano looked into the files, but it seems that it is bluetooth manager, MegaSync, and a bunch of xfce processes. In the general one, there are also some gnome processes (even though I don’t thing I have gnome installed), notifications, software update, print, and audio.
$ ll /opt/
total 8.0K
drwxr-xr-x 3 root root 4.0K May 17 11:48 cisco/
drwxr-xr-x 3 root root 4.0K Mar 16 09:47 Citrix/
Cisco folder is from AnyConnect, that I uninstalled recently (thought it could be the one that installed Cybereason).
Citrix folder is from Citrix client.