Adware via the IE Toolbar The Network: A Bank serving multiple states on the US East Coast with an HQ and several dozen branch offices; 500+ servers and 2000+ workstations. The Expectation: Employee workstations are secured with brand-name up to date Anti Virus (AV) and latest updates. The Catch: Adware observed launching on multiple branch workstations; also observed Internet Explorer (IE) toolbar installations for ShopAtHome. The Find: The EventTracker DFIR feature catches launch of new processes via MD5 checksum; these adware packages are reported as malware by 27 of the 56 AV programs at VirusTotal, but the brand-name AV in this network lets it launch. The Fix: Uninstall the toolbar (quite persistent and sticky); clean up the workstations; run a deep scan. The Lesson: Wear a belt to keep your pants up but consider suspenders for insurance against embarrassment.