Jump to content

srproductmanager

Members
  • Content Count

    21
  • Joined

  • Last visited

  • Days Won

    2

srproductmanager last won the day on January 14 2019

srproductmanager had the most liked content!

Community Reputation

11 Good

My Information

  • Location
    Tampa, FL
  • Agent Count
    > 6000 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. @nicecube have you reported this to securityresponse@connectwise.com ?
  2. From a Corporate Level, I have begun working on a resolution to this concern.
  3. @GeekOfTheSouth , I apologize that your report was not properly escalated. We were able to track your original ticket down and it appears that it was closed waiting on response. The ticket you opened on Thursday has been escalated to T3 support. We are going to pull that directly into development. We take security reports seriously, and I want to make sure they are escalated to development to be handled as soon as possible. On the issue that you are reporting: Our documentation is in error. The file reporting service is purely meant for communication on a single server via localhost or in a split web server installation between the web servers hosted in a DMZ and the Automation Server. In both cases the IIS worker processes communicate via this port to download/upload files from the Automation server. At no time should port 12413/TCP be opened to any other systems just as we recommended that MySQL 3306/TCP is also closed. We have requested that documentation be changed be to avoid other partners configuring their servers in this way. We have verified with our cloud team that instances maintained or created by them have 12413/TCP firewalled. We have verified that implementation documentation does not list 12413/TCP as a required open port for Automate servers. Our architecture team has reviewed the traversal behavior and we are working to address that issue in an upcoming patch. We are also going to separately assess the file service communication to increase security between Web Servers in a DMZ environment and the Automate server for further enhancements. If anyone has open access to 12413/TCP configured to their Automate server, we recommend that it be closed as soon as possible. We are assessing our options internally to identify partners that may have their servers with this port open so we can reach out to them directly. While we failed to get the original ticket escalated due to issues reproducing the problem, Thursday’s ticket was moving through the proper escalation path. Development relies on the reproduction steps generated by T3 as an important requirement to quickly analyze and solve issues. If you feel you are not getting a response please touch base with your Account or Support Manager and they will directly escalate issues to product so we can look into the ticket to get the reproduction steps we need. We also ask that before publically disclosing potential vulnerabilities that you consider the impact on the Automate community of a zero day disclosure.
  4. ScreenConnect/LabTech integration that supports Mac Deployment is currently in Pilot and due to be released soon. The plugin is not bundled with LabTech 10.5, it will actually be released sooner.
  5. All "Stable" versions of ScreenConnect are supported with the LabTech Integration. PLEASE, make sure that you update your LabTech Integration Extension on the ScreenConnect server too. There are typically changes that have been made from version to version, to better support the changes.
  6. The upcoming release of the LabTech/ScreenConnect plugin v1.2 has the functionality to capture the audit data from the ScreenConnect Server. This is information is not yet in a report, but will be available to you as soon as it releases from Pilot.
  7. The LabTech/ScreenConnect integration works with ScreenConnect 5.3. BUT you must update the LabTech Integration Extension on your ScreenConnect Server.
  8. The update to the ScreenConnect integration plugin is due out with LabTech 10.5. It is actually due out much sooner.
  9. It's Coming... http://www.labtechsoftware.com/roadmap.php The next phase of the ScreenConnect plug-in includes support for Mac agents, enhanced deployment options to exclude by client, location or computer, and the ability to upgrade the ScreenConnect server when new versions are released.
  10. It's Coming... http://www.labtechsoftware.com/roadmap.php The next phase of the ScreenConnect plug-in includes support for Mac agents, enhanced deployment options to exclude by client, location or computer, and the ability to upgrade the ScreenConnect server when new versions are released.
  11. If you upgrade your ScreenConnect server the agents don't automatically upgrade. This will allow you to Auto-Update your ScreenConnect Agents 1. The 'web.config' is created upon installation. 2. File Location on the ScreenConnect Server- C:\Program Files (x86)\ScreenConnect\ 3. The following key can be updated (Change from FALSE to TRUE) i.
  12. There are 3 webinars on Thursday that will demo the full integration that is being released with LabTech 10 Register Here - http://www.labtechsoftware.com/webinars.php
  13. You will be able to install a New installation of ScreenConnect OR use your existing ScreenConnect server. There are 3 webinars on Thursday that will demo the full integration that is being released with LabTech 10 Register Here - http://www.labtechsoftware.com/webinars.php
  14. Hope the in-line responses help you with your concerns. 1. User in ScreenConnect is always your admin user (this is simply for the integration, the permissions within LabTech regulate whether or not your technicians/users have access to the ScreenConnect button) 2. No prompt for permission currently possible, so prompt then allow or prompt then deny depending on your clients requirements (Stay Tuned for updates to the LabTech Roadmap) 3. No ticket integration, ScreenConnect sessions do not (as far as I can tell) trigger an event to create a ticket to track who, when, and for how long (Stay Tuned for updates to the LabTech Roadmap) 4. No removal of VNC . . (This can be done with Templates inside LabTech) 5. No Company information passed to ScreenConnect, all systems currently show as the pc name, no company name. (No API's existed when integration was developed, (Stay Tuned for updates to the LabTech Roadmap)) 6. Lack of Client for Android, iOS, MacOS and *nix within Labtech (There should be, at the very least, documentation on work arounds) 7. Somehow Integrate MDM and ScreenConnect not a new app, MDMScreen? (Hmm.... This could get interesting)
  15. Love seeing this chatter. The integration looks amazing. You guys ROCK!
×
×
  • Create New...