HP stealthily installs new spyware called HP Touchpoint Analytics Client

Hard to imagine in this age of privacy scandals, but HP is installing a telemetry client on its customers’ computers — and it isn’t offering any warning, or asking permission, before delivering the payload.

Dubbed “HP Touchpoint Analytics Service,” HP says it “harvests telemetry information that is used by HP Touchpoint’s analytical services.” Apparently, it’s HP Touchpoint Analytics Client version 4.0.2.1435.

There are dozens of reports of this new, ahem, service scattered all over the internet. According to Günter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said:

After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test.

Thus pointing the finger at this month’s Windows updates — but that isn’t the only way it could be spreading. It isn’t clear to me if the new driver came bundled with the latest official Windows cumulative updates and/or Monthly Rollups and/or Security-only updates, or if it’s being downloaded by HP’s own HP Support Assistant routines. Regardless of the infection vector, lots of HP customers are livid. Rightfully so.

‘Telemetry’ program installed without permission

All of the reports I’ve seen so far emphasize the point that HP (or Microsoft?) has installed this “telemetry” program without advising customers or requesting permission to install.

The HP support site has numerous complaints, such as this one from PurplePassion22:

On 11/18/2017 Hp Touchpoint Analytics Client was installed on my computer without my consent. I’m assuming it was installed in the background as an update to Hp support or framework. However it happened I don’t appreciate it’s sneaky take over of my computer’s system resources. From yesterday to today it’s been making my computer work so hard I can hear it like cranking away and the light in the back of my computer is flashing rapidly in-tune with the cranking. In Task Manager I can see it starting and stopping numerous applications, it’s client service and installer, console window host, command prompts, timeout-pause command prompt, it’s causing a lot of up and down use of antimalware service executable and local system.

If HP has responded to its customers, I certainly haven’t seen anything.

The official HP Touchpoint Manager website says:

The HP Touchpoint Manager technology is now being delivered as a part of HP Device as a Service (DaaS) Analytics and Proactive Management capabilities. Therefore, HP is discontinuing the self-managed HP Touchpoint Manager solution.

Reassuringly, the official productivity description says:

From helping you enforce a mobile security policy to wiping a device, HP Touchpoint Manager features the tools you need to ensure all your managed devices’ security—and brings you greater peace of mind.

Martin Brinkmann on ghacks has a detailed accounting of the spyware and how to remove it. He gives step-by-step instructions for disabling the HP Touchpoint Analytics Client in your Services listing, as well as deleting the HP Touchpoint Manager.

What were they thinking?

Help us connect the dots on the AskWoody Lounge.