[German]Here is an Information and Question addressing owners of HP Windows devices. It seems that Hewlett Packard silently installs a telemetry client on Windows computers. Here are a few details.
A German blog reader (Detlef Krentz) contacted me this weekend via e-mail and notified me about a strange development. He wrote:
I noticed that HP secretly installed the program “HP Touchpoint Analytics Client” on all my HP devices on November 20, 2017.
The program connects every day to HP. The files sent can be found under “Program Data/HP/HP Touchpoint Analytics Client/Transfer Interface”.
He uploaded the file TouchpointAnalyticsClient.exe to Virus Total – but the file is detected only by one program as malware.
Note: I’ve seen many reports based on the article here and on Woody Leonhard’s article in ComputerWorld, claiming, that HP Touchpoint Analytics Client has been installed as part of HP Touchpoint Manager. That’s not true! My sources had the HP Touchpoint Analytics Client installed, while the HP Touchpoint Manager (paid software) was never on their systems. At AskWoody it’s cited in the 1st version correct as ‘the infection vector isn’t known’. Woody has removed this note during an update.
One source told me, that he is guessing, that the Touchpoint Analytics Client has been installed secretly by HP Support Assistant. But another source (an external HP expert) told me, that he configured the HP Support Assistant to download only – and this tool haven’t reported a pending update. He had not installed the HP Touchpoint Manager, but found the HP Touchpoint Analytics Client on his system after reading my article here.
I got also a feedback from German blog reader, that HP systems with a clean install, using a Microsoft Windows image, didn’t install the Touchpoint Analytics Client. So I assume, that HP didn’t use ‘Windows Platform Binary Table’ (WPBT) to force some HP software beeing used after a clean Windows install. After all, I claim, the ‘infection vector’ is still unknown.
There is a discussion in forums
At HP forum I found this thread, dated from November 19, 2017, where a user reported the secret install of TouchpointAnalyticsClient.exe. It was mentioned, that the program drags a lot of CPU load. Also frensh HP forums containing some Entries, where people claiming high CPU load from this program.
At Bleeping Computer we have this forum thread, where someone noted an installation at November 15, 2017. Also Expert Exchange has this thread, mention an install at Nov. 20, 2017. A reddit Thread, where a user wrote:
“Harvests telemetry information that is used by HP Touchpoint’s analytical services.”
The description has been obtained from the service description (see below).
Note: In case you are interested in details, check this thread at Askwoody.com, where some users posted a few internals of the telemetry data collected from the tool. Overall the telemetry service is self configuring, and the data collected may be extended within the future.
Deactivate and uninstall
Blog reader Detlef Krentz wrote me, that he fired up the Services manager as Administrator. Then he disabled the service (see screenshot).
Ist’s also possible to uninstall the program via control panel. Are you affected?
Addendum: A statement from HP
HP Touchpoint Analytics is a service we have offered since 2014 as part of HP Support Assistant. It anonymously collects diagnostic information about hardware performance. No data is shared with HP unless access is expressly granted. Customers can opt-out or uninstall the service at any time.
HP Touchpoint Analytics was recently updated and there were no changes to privacy settings as part of this update. We take customer privacy very seriously and act in accordance with a strict policy, available here.
So it is confirmed by HP that this thing existst. And it seems, we catched HP with their fingers within the honey pot. Nevertheless what they say, that thing got quietly installed, this is a no go for me.
HP: Telemetry service is a routine program
Addendum 2: Laptop Magazin has published this article, where Mike Nash, HP VP of Customer Experience says:
All HP laptops recently received an update which installs HP Touchpoint Analytics, a utility which runs in the background and collects system data.
Nash explained to the magazine, that the program is not new, it just has a new name. A program with athe same function has been shipping on HP laptops as part of the Support Assistant software without controversy since 2014, according to Nash.
But I must say, this article addresses the word ‘Spyware’, used by many US sites, a term I’ve never used within my blogs – it’s a telemetry service, that has been installed without user consent – afaik.
My 2 cents:
The article is a little too much of an eulogy for me – and transports HP speech ‘the program captures only telemetry data of the hardware in anonymous form’. The main issue isn’t addressed: The sercice has been installed secretly – without user consent. And it would not be the first case where such PUP (potentielly unwanted software) was identified as a security hole. The telemetry client can be configured and updated for instance.
Nevertheless I find some details within the article interesting – if I assume, they are true (I got feedback from German users indicating, that this isn’t the case and the article is just a kind of transporting HP’s opinion). So the article says, in which cases the the telemetry data are transferred to HP (my German blog reader told me other experiences, after I pointed them to the article). HP’s statement that the telemetry client has been extensively tested and that it does not lead to any loss of performance is nice to read, but in my view – after weighthing the possible hardware and software combinations – just worthless (management and marketing bullshit – imho).