Threat Description



Category: Riskware
Type: Monitoring-Tool
Platform: W32
Aliases: Monitor, monitoring-tool, not-a-virus:Monitor, Monitoring-Tool:​w32/, Monitor.win32


A program that monitors and records all actions on a computer, including keystrokes entered.


Automatic action

Once detected, the F-Secure security product will block the suspect file until further user confirmation is received.


If you are aware of and accept the potential risks associated with a program classed as Riskware, you may choose to exclude it from future scans by the F-Secure security product.


Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.

Suspect A False Alarm?

If you suspect a file has been incorrectly identified as malicious, (that is, it is a False Alarm or False Positive), please first ensure your F-Secure security program is up-to-date with the latest detection database updates, then rescan the suspect file.

If you continue to suspect a False Alarm, you may submit a sample of the suspect file to our Security Labs for further analysis via the Sample Analysis System (SAS).

Technical Details

Monitoring-tools are programs that allow a user to monitor the activities taking place on a computer system where the software is installed. Monitoring may either be done in real time, or the data may be logged in a file for later retrieval.

Usage of monitoring-tools in a business environment may be considered legal, depending on the workplace policies or legal guidelines applicable in that particular country.

In a malicious context, monitoring-tools may be dropped onto a target machine by trojans and spyware, which carry them as part of their payload.


The Type designation 'Monitor' was previously used by F-Secure to identify a program that can monitor and record all computer activities, including each keystroke typed on the keyboard.

With changes in the threat landscape today, programs previously identified as 'Monitor' would now be classified under the Riskware Category, with the Type designation 'Monitoring-Tool'.

The update in naming better clarifies the program's overall security profile in the current, more complex threat landscape.

Description Created: 2009-11-05 07:52:11.0

Description Last Modified: 2011-11-10 3:00:00.0


Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More