How to Detect Mouse Jigglers and Activity-Mimicking Tools in ActivTrak

Workforce analytics can be skewed when activity-mimicking tools like mouse jigglers are used to imitate active work sessions through fake keyboard or mouse interactions. Whether these fake interactions are created by software apps or hardware devices, ActivTrak has built-in detection tools to help you identify them.

Review the steps below or watch an on-demand webcast tutorial.

Automatic Detection

ActivTrak can identify and alert you to potential mouse jiggler and activity mimicking activity via two automatic detection features:

1. A list of known applications and other tools.

Our team constantly catalogs and updates the list of known activity-mimicking tools that can be automatically detected in ActivTrak. Once detected, an entry is created in the Activity Log labeled POTENTIAL FALSE ACTIVITY, as reflected in the screenshot below. The recorded activity time, however, does not automatically change from Active to Passive. Please note you will need to use the filter in the top left of the Activity Log to sort by "Computer" to see the POTENTIAL FALSE ACTIVITY entry as it will not be present if filtered by "User".

Tip: To ensure Admins are immediately alerted of potential false activity and the detection of activity-mimicking tools in your account, create a new Alarm with the condition "Description Contains POTENTIAL FALSE ACTIVITY" or "Titlebar Contains POTENTIAL FALSE ACTIVITY" (if you have the Screen Details add-on).

Availability: Windows and macOS Agents version 8.2.16 and later

Note: If you would like to request a new tool be added to our list of known activity-mimicking tools, please reach out to Support.

Activity Log entry detail for detected mimicked activity

2. Regular interaction patterns.

ActivTrak can automatically recognize and flag software or hardware-based mimicked activity through interaction patterns consistent with the use of these tools. Once detected, ActivTrak will end the Active state of the activity and begin recording it as Passive Time in the Activity Log.

Note: Due to the ongoing evolution of these tools, some mimicked activities may not be detected.

Availability: Windows Agents version 8.2.16 and later

NOTE: Plans are underway to generate an entry in the Activity Log labeled POTENTIAL FALSE ACTIVITY for this method as well.

Other Detection Methods

To strengthen the detection of activity-mimicking devices and software in your account, please consider these additional safeguards:

• Create new alarms triggered by identified executables. An example of what the alarm conditions/triggers for activity-mimicking tool executables may look like is reflected in the screenshot below. Learn more.

An example of Alarm conditions for an activity-mimicking executable

• Create an activity duration alarm to help identify potentially suspicious scenarios that may not have been caught by our automatic detection features. For example, it is very rare to record single activities of more than 30 minutes to 1 hour that are uninterrupted. An example of what this condition may look like is included in the screenshot below. Note: The value is entered in seconds, so '1800' = 30 minutes.

Conditions of an activity duration alarm to detect potential mimicked activity

• Adjust your Active Time Settings. Set a custom maximum time threshold for single activity reporting with ActivTrak’s Active Time Settings. The Active Time Setting defaults to 60 minutes but can be configured to any number between 30 and 120 minutes. To adjust your account’s Active Time maximum time threshold, navigate to Settings > Account Configuration and scroll to “Active Time Settings”. Update the time in minutes and click “Save” to apply changes. 

The Active Time Settings

Learn more:

• The Activity Log
• ActivTrak Alarms Guide
• On-demand: How to use ActivTrak to Identify Mouse-Jigglers and More
• Contact Support