Welcome to our community!

What was the then current stable when Connectwise ran into the certificate problem?

Avatar
eNet
  • updated
  • Open

I just had a light bulb moment!  Does anyone know what the latest stable version was before ConnectWise started removing customizations?  I just looked through the output stream lists but can't really tell when, or remember when, it actually started changing. I would rather go back to that release and start over to stop the bleed from the frustration and complaints from my customers. And it will save us the maintenance renewal cost until I decide how to handle remote support for my clients moving forward.

Replies 7
Avatar
0
Erik van Putten

Hi eNet, the problem is the certificate that was used for that version has been revoked.

Any antivirus will most likely flag it as at least suspicious, most just remove it.

You would have to make sure it's excluded from antivirus on all your customer PC's. Tricky.

The changes for the certificate and removal of the customisation we're introduced in 25.4.9293 (june 2025)

Avatar
1
eNet

My thought being that the older version had an extension that allowed us to use our own code signing certificate, if I remember correctly. If I use that version and use my own certificate that I purchased when this all started, and just leave it at that version without updating, won't it just continue to run, as is, until I figure out a stable way out of this black hole? Which, in turn, would stop the chaos and instability that my clients are seeing from us?

I guess my real question is, after the client is installed on the user's machine, does the certificate still play any role? If it does, then this rabbit hole I'm going down won't pan out...  


I know ConnectWise wants us to continue following the model of being overly intrusive in our support process by putting banners and balloons on everything that my staff and my clients have to look at all the time, every day. But I install maybe one or two new workstation a month and have no need to look at those banners and balloons every day. I have a contract with each of my clients stating that they know I am using remote access software on all of the computers. And me and my staff all know we are online when we are connected with our clients.

We started down this road with ScreenConnect many years ago with the intent to "work smarter, not harder". That is really backfiring on us right now.

Avatar
0
Erik van Putten

Sadly the certificate and the end of the customizations (including popups) was in the same release as far as i can remember. Otherwise i would not have updated to the newer versions as well.

Avatar
0
eNet

Thank you for the input Erik. I appreciate it. 

Avatar
0
Shawn K. Hall

23.9.8 was the first certificate revocation fix but there were several in quick succession. 23.9.7 was the last one with the old cert and 25.4.16 was the last one with the ability to customize icons, menus and most other cosmetics. 

You can strip the revoked certificate from these older client installers (essentially what they've done on newer builds anyway) and continue to use the older version, though the other new features will be unavailable. 

Avatar
0
Mike Petry

I am using version 25.4.16.9293 with all of my customizations. My logo for the tray icon, my background for the main page, no banners & popups. I control all of my clients security suite, so I have made the needed exceptions to make it work.

For the record I have had bad actors try to install another copy of ScreenConnect on one of my client machines, and it was blocked by the security software.

Avatar
0
Andrew Aldridge

I stayed on 25.4.16.9293 too with all the customisations intact, for me almost all my customers are on Access clients which seem unaffected by the certificate revocation, I've never had an Access client blocked.

My Mac client (50%) are unaffected as the certs aren't used for that platform. 

The issue I have is with on-demand sessions to Windows where users get notified the application was blocked, but in fact it still runs, it's only the UAC for admin rights that gets blocked so I can do basic user support but no admin. 

So instead I have a pre-built Access client with company name set to "To be assigned" that I have the client download and run, no cert complaints, they pop into my "To be assigned" group in Access and I do what's needed and if it was an ad-hoc on demand call I trigger the end and remove at the end of the session. If it's a new long term client I update the company name and they stay in Access.

It's not a long term solution but it's bought me time to evaluate my options. Got to say it's not looking great for alternatives that allow customisation and branding to the extent we're used to but a few options do go beyond what we're allowed now at ScreenConnect so I'm getting close to taking the compromise and moving on.


Customer support portal powered by UserEcho