Natwest two factor is worthy of Joseph Heller
Hah.
I've had a lot of runins with Natwest Business banking lately.
They have a browser based malware scanner of some form that runs in the background when the user logs in. If this detects what it thinks is malware, it disables the users account, and then their system deletes the user.
We have to recreate the account from scratch from another admin account, and then wait a week for the pin code to be sent out by their central mail centre. There is no way to speed this up.
Upon receipt of which the user logs back in, triggers the system again, and the account is promptly redeleted.
We phone the helpline and they simply advise that Malware X was detected on IP Y for that user.
The IP is the public gateway for our network. The malware X isn't detected locally, nor on our virtual desktops. We ask for info on specifically what malware was detected. "I can't tell you that".
How was it detected? "I can't tell you." "You can't, or you won't?" "I can't tell you that either"
Is there a second line team I can speak to? No, it is based in India, and doesn't talk to end users.
Can you advise how to get around this? "Install Rapport. We provide it free and it will protect your pc" The user is in a Citrix desktop, via thin client, they don't have a pc. "Install Rapport. It will fix it"
We tried logging in via Chromebook and guest adsl link. Same result. "Install Rapport" "How?!!"
All they record for diagnostic purposes is User, Malware family, Public IP & DateTime. Really freaking useful, not even specific to strain of malware.
Eventually we replaced every item of hardware in the office, rebuilt every accounts user's Citrix profile, and reinstalled windows from scratch on their machines and a month later the system finally gave up deleting the accounts. Only took three months of new account every other week.