Search the Community
Showing results for tags 'security'.
Found 4 results
I just joined an MSP as the Automate administrator and they want a monitor that will open a ticket and close it when someone logs onto a specific server as an administrator. I know that Automate detects the last user ID to log on. Any ideas?
Investigating an issue that we are seeing on a number of workstations at two clients. After scanning and cleaning with MBAM 1.80, Malwarebytes is re-flagging the registry string where REG_DWORD is UpdatesDisableNotify and value flips back from 0 to 1 after the full scan and clean. I ran REVO uninstaller and did not find remnants of old AV programs. It's difficult to believe that multiple machines at two clients have rootkits or other stealthy infections. What could be flipping the value back to 1?
Hi All, Spent a lot of time working this one out but believe I have it, in case anyone else wants it. The below Internal Monitor has to be RAWSQL and it will return a list of all computers that have had over 500 'Failed Logins' (defined by the event ID's of the pre-built Internal Monitor) in a 1 day period Create Temporary Table IF NOT EXISTS Tcomp (INDEX (Computerid)) SELECT computerid FROM computers WHERE ComputerID NOT IN (Select ComputerID from AgentIgnore Where AgentID=4114); Select DISTINCT computers.computerid as TestValue,eventlogs.Message as IdentityField,computers.computerid,Computers.Name as computername,locations.locationid,locations.name as locationname,clients.Clientid,clients.name as clientname,agentcomputerdata.NoAlerts,AgentComputerData.UpTimeStart,AgentComputerData.UpTimeEnd FROM ((Computers LEFT JOIN Locations ON Locations.LocationID=Computers.Locationid) LEFT JOIN Clients ON Clients.ClientID=Computers.clientid) JOIN AgentComputerData on Computers.ComputerID=AgentComputerData.ComputerID INNER JOIN eventlogs ON Computers.ComputerID = eventlogs.ComputerID WHERE eventlogs.EventID IN (529, 644, 681, 4625) and eventlogs.timegen > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY) GROUP BY Computers.ComputerID, Computers.Name, eventlogs.EventID HAVING COUNT(EventID) > 500 AND Computers.ComputerID IN (Select ComputerID From Tcomp) I hope this saves someone many hours! Cheers, James
We're pleased to release Third Wall v184.108.40.206, improvements we know you'll appreciate! So what did we do? • In USB blocking (including USB Wall), we now block smart phones - so that nobody can download confidential files to their phone. • In USB Wall, we've added the ability to use Kingston encrypted USB sticks. Other brands may (or may not) work, but you've now got an option to register encrypted USB sticks. • We added a full Secure Free Space Delete to the tail end of Encrypted Annihilate, so that there aren't any "ghost" files sitting out there. • On the Computer Screen, we’ve added a ‘refresh’ button for Isolate. In the event a remote computer loses synchronization with Third Wall, you can easily reestablish the appropriate status with a button click. • For Alert on Excessive Logon Failures, we've added an option to include Type 3 (network) logon failures. These are normally excluded, but you may want to have that logon type trigger the policy actions. • For Encrypted Annihilate, Third Wall now generates a ticket upon initialization, and updates that ticket with a time estimate to completion. The ticket is closed upon completion. • Corrected the time stamp in the USB Wall Dataview showing all files transferred to registered USB sticks. • Added a capability on the Integration page to easily change the assigned Alert Template for all Third Wall alerts / tickets. • Add Utility buttons to the Integrations page, giving you direct control over certain administrative utilities. We strongly recommend that you install the update as soon as you are able. Just click on the Update Available (you have to be a Third Wall Admin to get this to launch), download directly from Third Wall, or reach out to us for assistance. We've got much more planned, so stay tuned. We know you are finding Third Wall extremely valuable, and will be protecting all of your clients soon. They deserve it, and so do you!