DKB has discovered an unintentional flaw in the functionality of two third-party applications published by Dell and Intel that allow these applications to prevent the user endpoint (laptop or desktop) from being automatically locked after a set time of inactivity.
Automatically locking a machine if inactive is a crucial security control that prevents unauthorized access/usage to endpoints that have been left logged on while the user walks away from the endpoint. This is especially crucial in shared or public work environments and is required for several regulatory/compliance organizations. As part of DKB best practice implementation, we enforce an automatic screen lockout policy that automatically locks the endpoint (sends it back to the login screen) when a user is inactive.
The issue was first noticed in small batches across our client base by our service desk in partnership with our clients and slowly became more rampant. This deserved a thorough investigation, so we hopped on the case, leveraging our deep analytics for ticket creation, causation, and correlation, along with our asset software inventory reports, including installation time stamps, to narrow the issue to these Dell and Intel applications as the culprit.
In short, these applications have features to sense the user presence and use their own user inactivity measurements, which override organization-enforced policy...not good! We tested our findings on several endpoints, which quickly confirmed this to be the root source, and the removal to be the resolution. Next, our automation teams created scripts and monitors to not only find and remove the applications today but to find and remove the applications in the future to guarantee long-term scalable security control alignment. These removals, as usual, are entirely silent, so your users won't notice any changes.