OPNsense Forum

English Forums => Zenarmor (Sensei) => Topic started by: silvertree on October 16, 2020, 01:16:08 pm

Title: Application detection accuracy
Post by: silvertree on October 16, 2020, 01:16:08 pm

Hi, I'm new to Sensei, using the free edition at the moment, 
I have found some traffic labelled as 'proxy' which shows 'NordVPN' when drilled down. The devices are android tablets without a NordVPN app visibly installed. Spotify clients are installed.  I'm not sure how Sensei identifies specific applications by their traffic. Is it likely that this is a false positive identification of the NordVPN application or a malicious non-visible app using NordVPN to ex-filtrate data? 
Many thanks

Title: Re: Application detection accuracy
Post by: mb on October 16, 2020, 06:03:34 pm

Hi @silvertree, I'd approach this with some caution, however a mis-classification is also possible - though rare.

Can you reach out to support with some screenshots? Let us have a closer look together.

Title: Re: Application detection accuracy
Post by: silvertree on October 17, 2020, 06:20:04 pm

Hi mb,
I have sent some screenshots to support.
Many thanks