Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Jacobsa last won the day on July 29

Jacobsa had the most liked content!

Community Reputation

19 Good

1 Follower

My Information

  • Location
    Sydney, Australia
  • Agent Count
    3000 - 4000 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Study this page if you haven't already, and pay attention to the ap process and the * - https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Documentation/060/040 If you are getting a different av, vs a blank av, then it will likely be another definition taking priority over this one. Remove the av of you can. Make sure you update config after you make new ones, and I suggest using the Web to check how it's going. The control centre needs cache reloaded and what not after making new ones, the Web can make the procedd a little easier.
  2. I can't recommend using ltposh enough. Now you need to use installer tokens, but everything you need is done for you right here.
  3. Nice, this is what I was envisioning to build for us internally, so I appreciate it. Question, is there any upper limit on the installer tokens that you have come across? For example, is 120 months a valid input? I assume no process from CWA rolls through and wipes these tokens out that we have found yet?
  4. Hey mate, so what issues you having with Sophos deployments when you say you need to fix them? We have the same if not more endpoints and are not seeing them fail, so keen to know what you are seeing. In regards to the suspicious health status, where are you seeing that? Do you mean within Sophos Central or on the endpoint itself? We are just starting to look at options now. Ben Verschaeren has put some stuff up on Git here to interface with the Partner CLI. https://github.com/0xBennyV - @Gavsto tagging you just FYI as well in the event you wanted to play with the Central API.
  5. I had to build this up for a client a while back, they dont use it anymore so I cant give live advice, but have a look here: https://forums.connectwise.com/community/f/connectwise-automate/41642/virus-scan-configuration-for-carbon-black-cb-defense
  6. If it helps, we took the approach of just deleting the Defender definitions. We use sophos, so if only Defender is there and not sophos, then we consider that as missing AV.
  7. Holding back a month would be a solid theory if they didnt release bugs into every single release and then take three to six months to fix them. Its a vicious circle the current patch model. I'd still love if they would adopt the Manage model and get their releases right quarterly then fix the bugs in-between.
  8. Hit up the agents table in the database. Filter on what you want to remove and bin them.
  9. You ever get to update this @markwiater
  10. Cheers bud, that fixed it up.
  11. Any chance you can post that as a file? Copying and pasting is giving errors, and I think its the formatting coming from the forums.
  12. Hey there, great looking plugin. Is this able to handle local accounts on machines? For example the creation / password rotation of a local user account on all workstations?
  13. Perhaps a remote powershell monitor using get-winevent you will be able to filter down to what you want and only look back xx number of hours or minutes for the event. For example you could play with this to suit your needs. "%windir%\system32\WindowsPowerShell\v1.0\powershell.exe" -command "& {$evtFilter=@{'StartTime'=$([datetime](Get-Date).AddHours(-24)); LogName='Application'; ID=(1511);}; (Get-WinEvent -FilterHashTable $evtFilter -MaxEvents 1 -EA 0 | Select-object -Property * | out-string).Trim()}"
  • Create New...