Also voting for this to come back - I agree with TJ below. See this a lot and no one ever knows what it is. I believe the uptick in denied reports stems from paranoid IT professionals who are afraid an end user 'might need it!'

My theory is that those same "paranoid IT professionals" don't bother actually asking their end user if they want Wave Browser, need it, or even know what it is.

I have auto-remediated a substantial amount of these LOW PUP reports in the past and have not yet once found an end user who wants the app, let alone knowing what it even is or how it got on their PC.

This is one of the ultimate low-hanging fruit incidents and it troubles me knowing that people may be commonly disregarding the alert just because they don't want to put in a few extra minutes of work to talk to their end users. The app is objectively parasitic, and removing it seems to be the logical move in pretty much every case I've ever seen.

I am curious for others' opinions - particularly if anyone has ever actually seen a need for this application. The fact that this report was denied a lot by Huntress admins, which Huntress has mentioned in this thread, does not count.

I attribute this to my argument above which amounts to "those guys are lazy and don't talk to their end users." and NOT "The end users actually need this app." We don't know because the admins are almost certainly not even asking these questions. If they WERE, they would find that none of their end users actually know WTF it is. Any objections to this whole notion? Any evidence that I'm wrong? This is the discussion I am fishing for here...

We see this browser on peoples computers every day and no one ever knows where it came from. Would love for Huntress to recognize this as a PUP and flag it.

In the past WaveBrowser was detected as PUP with the option to use assisted remediation for removal. More recently, WaveBrowser is no longer being monitored for. I've been told this was due to the amount of rejections by partners for the WaveBrowser alerts, purporting that WaveBrowser had legitimate use cases for partners and their customers.

Partners need to have the ability to make account-level or organization-level decisions on PUP exceptions rather than having past functionality removed (which our processes may be reliant upon).

If changes like this are made, we need a centralized location to let partners know what changes were made so that we can adjust.

It would be even better to be able to label and classify these types of softwares ourselves. A blocklist. I already submitted another request similar, but this seems to be a great use case.

Until they change this - I had to get one off remediation reports for all affected endpoints with Wave Browser a few weeks ago.

I agree, we also ran into this.