Sometimes customers see entries for offline Explorers turning up in their console. These Explorers typically have randomly generated names consisting of strings of letters and digits, such as CLVRAV409808303. These Explorers typically have IP addresses on the public Internet, and the IP addresses are often on lists of suspicious hosts, such as lists of TOR nodes.
This can happen because of malware protection scanners that submit downloaded files or their URLs to a cloud server. When you download the installer for the runZero Explorer, the anti-malware system uploads a copy and runs it in a sandbox in a cloud VM. The Explorer installs itself as normal, and reports back to the runZero hub; the anti-malware system then terminates it. The result is a new Explorer, briefly connected, from an unexpected Internet IP address. Because the cloud VM is used to check for malware, it ends up on lists of suspicious IP addresses.
There is no security impact to runZero from these unexpected Explorers. Explorers can't download any of your data from runZero, they can only upload new scan data. Even if the unexpected Explorers are online, they won't do anything unless you choose to schedule a scan using one.
You can tell the console to forget unexpected offline Explorers using the X button to the right of each one. Because they are annoying and cause concern, we are planning to introduce a quarantine/approval mode in the future.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article