Detecting Mouse Jigglers and Activity-Mimicking Software & Devices

While the ActivTrak application focuses on surfacing productivity and workforce analytics, some similar software offerings emphasize employee monitoring, sometimes causing adverse reactions by employees. ActivTrak is aware of the data manipulation that can occur when software or physical devices are leveraged to fake mouse or keyboard movements in order to mimic productive digital activity. ActivTrak can detect and filter out input from some of these methods, but it is limited to reporting their existence.

Automatic Detection

Windows and Mac Agents from version 8.2.16 and later include two automatic mouse jiggler/activity mimicking device detection features.

  1. Detection of regular movements from software or hardware-based movement mimicking ends the Active state of the current activity and switches it to Passive. Note: Irregular movements may not be caught.
  2. Detection of an application from a list of known software culprits creates an entry in the Activity Log (Live Reports > Activity Log) labeled POTENTIAL FALSE ACTIVITY, as reflected in the screenshots below.

Activity Log entry detail for detected mimicked activity

Tips and Tricks

For faster awareness and response to the detection of activity-mimicking devices and software, follow these tips and tricks:

  • Within the ActivTrak application, create a new alarm with the condition "Title Contains POTENTIAL FALSE ACTIVITY" to alert your Admin(s) as soon as these apps are discovered.
  • When a specific activity-mimicking device or app is identified, classify it with the Ignore category to exclude it from reports (It will still appear in the Activity Log). Note: Customers using ActivConnect will still see "Ignored" activity in the records pulled via SQL, but it can be easily identified by looking at the category and flagging/ignoring it.
  • Create alarms when the identified executables appear. An example of what the conditions may look like is reflected in the screenshot below.


An example of Alarm conditions for an executable

  • An activity duration alarm can also be created to help identify potentially suspicious scenarios that may not have been caught by our automatic detection features. It is very rare to have single activities of more than 30 minutes to 1 hour that are uninterrupted. An example of what this condition may look like is included in the screenshot below. (Note: The value is entered in seconds, so '1800' = 30 minutes).


Conditions of an activity duration alarm to detect potential mimicked activity


Learn more:

Was this article helpful?

11 out of 12 found this helpful


No comments