Jump to content

Search the Community

Showing results for tags 'security'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • MSPGeek
    • The Geek Cast
    • Code of Conduct
  • ConnectWise Automate / Labtech
    • ConnectWise Automate / LabTech
    • ConnectWise Automate / LabTech - Development


  • ConnectWise Automate
    • Scripts
    • Plugins
    • SQL Snippets
    • Role Definitions
    • Automate PowerShell Code
    • Reports
    • Internal Monitors
    • Remote Monitors
  • ConnectWise Manage
    • API Interacting Code

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



About Me


Agent Count













Found 5 results

  1. ConnectWise Control Used As Entry Point In Texas Ransomware Attack I would image that many, if not most, of the users of this site have heard of the increasing trend of MSPs being targeted by threat actors to distribute malware (sp. ransomware). That article (posted: September 17, 2019, 01:25 PM EDT) is of special note because of this statement: [Emphasis added] It also includes, and references, quotes by John Ford, CISO of ConnectWise, which seems to confirm that action by ConnectWise: The article does not state when that decision was made/announced or link to a formal, written announcement by ConnectWise. So far I have failed to locate anything "official" from ConnectWise regarding this, but openly acknowledge the very real likelihood that I have just failed to find it. Has anyone seen such an announcement by, or received an email from, ConnectWise regarding this?
  2. I just joined an MSP as the Automate administrator and they want a monitor that will open a ticket and close it when someone logs onto a specific server as an administrator. I know that Automate detects the last user ID to log on. Any ideas?
  3. Investigating an issue that we are seeing on a number of workstations at two clients. After scanning and cleaning with MBAM 1.80, Malwarebytes is re-flagging the registry string where REG_DWORD is UpdatesDisableNotify and value flips back from 0 to 1 after the full scan and clean. I ran REVO uninstaller and did not find remnants of old AV programs. It's difficult to believe that multiple machines at two clients have rootkits or other stealthy infections. What could be flipping the value back to 1?
  4. Hi All, Spent a lot of time working this one out but believe I have it, in case anyone else wants it. The below Internal Monitor has to be RAWSQL and it will return a list of all computers that have had over 500 'Failed Logins' (defined by the event ID's of the pre-built Internal Monitor) in a 1 day period Create Temporary Table IF NOT EXISTS Tcomp (INDEX (Computerid)) SELECT computerid FROM computers WHERE ComputerID NOT IN (Select ComputerID from AgentIgnore Where AgentID=4114); Select DISTINCT computers.computerid as TestValue,eventlogs.Message as IdentityField,computers.computerid,Computers.Name as computername,locations.locationid,locations.name as locationname,clients.Clientid,clients.name as clientname,agentcomputerdata.NoAlerts,AgentComputerData.UpTimeStart,AgentComputerData.UpTimeEnd FROM ((Computers LEFT JOIN Locations ON Locations.LocationID=Computers.Locationid) LEFT JOIN Clients ON Clients.ClientID=Computers.clientid) JOIN AgentComputerData on Computers.ComputerID=AgentComputerData.ComputerID INNER JOIN eventlogs ON Computers.ComputerID = eventlogs.ComputerID WHERE eventlogs.EventID IN (529, 644, 681, 4625) and eventlogs.timegen > DATE_SUB(CURRENT_DATE(), INTERVAL 1 DAY) GROUP BY Computers.ComputerID, Computers.Name, eventlogs.EventID HAVING COUNT(EventID) > 500 AND Computers.ComputerID IN (Select ComputerID From Tcomp) I hope this saves someone many hours! Cheers, James
  5. We're pleased to release Third Wall v2.2.0.1, improvements we know you'll appreciate! So what did we do? • In USB blocking (including USB Wall), we now block smart phones - so that nobody can download confidential files to their phone. • In USB Wall, we've added the ability to use Kingston encrypted USB sticks. Other brands may (or may not) work, but you've now got an option to register encrypted USB sticks. • We added a full Secure Free Space Delete to the tail end of Encrypted Annihilate, so that there aren't any "ghost" files sitting out there. • On the Computer Screen, we’ve added a ‘refresh’ button for Isolate. In the event a remote computer loses synchronization with Third Wall, you can easily reestablish the appropriate status with a button click. • For Alert on Excessive Logon Failures, we've added an option to include Type 3 (network) logon failures. These are normally excluded, but you may want to have that logon type trigger the policy actions. • For Encrypted Annihilate, Third Wall now generates a ticket upon initialization, and updates that ticket with a time estimate to completion. The ticket is closed upon completion. • Corrected the time stamp in the USB Wall Dataview showing all files transferred to registered USB sticks. • Added a capability on the Integration page to easily change the assigned Alert Template for all Third Wall alerts / tickets. • Add Utility buttons to the Integrations page, giving you direct control over certain administrative utilities. We strongly recommend that you install the update as soon as you are able. Just click on the Update Available (you have to be a Third Wall Admin to get this to launch), download directly from Third Wall, or reach out to us for assistance. We've got much more planned, so stay tuned. We know you are finding Third Wall extremely valuable, and will be protecting all of your clients soon. They deserve it, and so do you!
  • Create New...