Add configurable automatic expiration for unattended installer

Avatar
  • updated
  • Considering for Future Release

Currently, the unattended installer file will work forever. However, partner would like the unattended installer file to stop working after X days so that anyone who uses an older installer won't be able to randomly add it to any machines.

Duplicates 1
Ability to disable previous installation versions or installers

Random machines show up in our instance. 

This may be due to a published installer for my instance. 

Want the ability to delete or disable previous installers.

Avatar
0
anonymous
  • Pending Review
Avatar
0
anonymous
  • Considering for Future Release
Avatar
0
Jacob Benavides

i would really love this feature. one for security reasons, two for ease of mind. i have a client that got there machine infected and started to pass the MSI install file around on random machine. it is scary if you don't know how it happens just see a ton of machines in your console. i also have some techs of my accidentally leaving the installation on machines.


Avatar
0
Miguel Jose Leeuwe

Please add to to the list. I'm having some funny connections showing up:

https://control.product.connectwise.com/communities/6/topics/1890-connectwise-connects-to-non-authorized-computers-around-the-world#

Not sure if I should be worried, I'm told not to, but then others say I might have to.

Avatar
0
Jason Guillory

It would also be nice to be notified when a new session is created along with the originating public IP address.

Avatar
0
Roy A. V.

This is a critical needed feature. We are currently looking at switching to a competitor - we need to be able to block this.

Avatar
0
Ronnie Alcorn

Seeing repeated installers WITHOUT MY CONSENT is a security issue.  This is a good idea to begin rectification.  I would also like an option to request a code to run the physical EXE///MSI installer.  That way virtual play labs and hackers can't consistently get as much success as they are currently.   They told me it was a Antivirus that sent the file for a scan, which could happen.  But in my case, the client that came back repeated, no longer existed, nor did the computer from which it originally was on.  SOMEWHERE a hacker had old data.  The expiration then in deed would help!

Avatar
0
Quote from Ronnie Alcorn

Seeing repeated installers WITHOUT MY CONSENT is a security issue.  This is a good idea to begin rectification.  I would also like an option to request a code to run the physical EXE///MSI installer.  That way virtual play labs and hackers can't consistently get as much success as they are currently.   They told me it was a Antivirus that sent the file for a scan, which could happen.  But in my case, the client that came back repeated, no longer existed, nor did the computer from which it originally was on.  SOMEWHERE a hacker had old data.  The expiration then in deed would help!

A bit late on my response, but the good news at least is that there is no way for the Guest client to gain access to the protected data of the server - so even with the agents popping up into the list, your data is safe. The Guest checks in and allows you access to that machine, but it's one way only. I definitely see how this situation could be an inconvenience and annoyance though!

Avatar
1
connectwise com

Windows defender has started more agressive, and persistent .exe downloading of files of all ages and running them in AV VM sandboxes for amalysis. 

It's now at a level of 20-40/week of fake agents and rising.

Please raise this in the consideration list. I'm also going to do some work to see if there are other risks from this asymmetrickey embedded in the .exe and msi installers.

If I had bad intentions, I'd extract this key, and create a script that would start generating agents. I wonder what would happen to Screenconnect with say, 2 million dummy agents (I bet it'll fall over well before that). Sounds like quite an effective way of killing every screenconnect server on the planet because there are no protections at this time.

Avatar
0
Doyle Mallory II

Hi I wanted to follow up on this thread to see if this will be in production soon. We too have this issue of old installers being used to test access to our instance. Driving my InfoSec team crazy! Thanks



Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar