Your comments
Given the existence of the clipboard history feature available in Windows this is even more important than I originally thought. Any modification to a client's clipboard could literally be saved even if you manually clear the clipboard. Nothing short of actually viewing the clipboard history and removing unwanted entries or completely disabling the clipboard history on the client would prevent potentially sensitive data leakage. Obviously disabling clipboard history on a client machine is not a viable solution. So even if we default to a disabled shared clipboard enabling it at all, even for a short period, represents a real security risk.
What we really need is a shortcut to send keystrokes without involving the client-side clipboard at all. While manually clicking the "send clipboard keystrokes" button in the ScreenConnect interface works fine, there is absolutely no reason to not give ScreenConnect customers the ability to define simple shortcuts for features that are critical to the security of an environment. Forcing us to waste time by hovering over icons and clicking buttons just doesn't make sense for something that is so important (and such an easy thing to implement).
@SConsulting That's interesting. Hopefully that means it's already in the works, but likely is just an assumption by Mandiant that they already supported it. Hopefully it's coming soon. It really is essential at this point and should take precedence over any other UI enhancements or features.
@SConsulting support for custom variables in headers is a great idea, but it's important to also support the proper parsing of X-Forwarded-For. It's critical to grab the last X-Forwarded-For header and the rightmost value in the list (if there are multiple IPs). This would be the most effective at preventing any spoofed value from passing through if you don't have access to a custom header.
As others have stated, ConnectWise needs to seriously up their game when it comes to security. Support for basic identifying headers is something that should have been standard long ago. Without this the audit logs are virtually useless for anyone hosting an instance behind a proxy. It also means that we can't block or allow anything based on IP either.
PLEASE, PLEASE listen to your customers who are trying to help you make the product better. Now that you have dropped Linux and Mac server support years ago there needs to a consistent push to increase security (and to offer features that customers can use to enhance security even further).
This is NOT resolved with v23.8 (at least for Sonoma 14.2.1). Pretty much destroys the ability to remotely work on a Mac if you can't reboot without needing manual intervention on the remote side. I know Apple changes things with different releases but if something as basic as this doesn't work then ScreenConnect just isn't a viable remote access solution for Macs.
Yes, this would be quite useful, as it would essentially allow for the convenience of the "shared clipboard" feature without the security problems of actually sharing a clipboard. Given the small amount of work that it would take to simply add a new keyboard shortcut, a key combination to "paste" from the host side without actually populating the clipboard on the client side should be a high priority.
Yeah, except they are rapidly increasing prices (at least 10-15% increases every year for the past 4 years) even for the legacy on-premise licensing, so the argument that they are "cheap" compared to other options is gradually going away. Overall I do still like the product, but the development pace isn't where it should be given the constant cost increases. In many aspects it seems like ConnectWise has it in maintenance mode which is odd since it appears to be one of their most popular products.
Yes, this situation is extremely frustrating. ConnectWise spent a ridiculous amount of time stringing us along to finally release an updated 20.2 "Linux-specific" version, and since then there has been no activity at all. The original thread with TONS of feedback was also closed (why was that necessary?).
The ConnectWise Control development team needs to commit to the required resources to modernize the codebase (for both Windows and Linux). If they don't then their user base will slowly fade away as the product ages on a legacy platform. I've said it many time before, but I'll state it again here since the old thread was closed: Move to .NET Core/.NET 5.x and you no longer have to deal with Mono or special Linux builds, as all the code will work on any supported .NET runtime environment. You'll gain increased performance on all platforms and won't be stuck dealing with tricky edge-case scenarios that Microsoft won't help with because they've moved on to newer, better things.
Please, please stick with your promises over the last several years that you won't abandon your long-time users and the Linux platform. It really shouldn't be a hard decision at all since you wouldn't have to dedicate special resources for a "Linux" version if you just migrated to the latest .NET architecture. Linux (and MacOS) compatibility would be there pretty much without you even needing to do anything extra at all. And then you'd also be current with the latest Windows platform features as well.
I'd think you would have a replacement ready before shutting down the old forum. It also appears that years of posts have been lost. Did no one think to make regular backups? I came to the forums looking for any updates on v7.0 and found that the "output streams" for much of the last 2-3 years of releases is gone.
Customer support service by UserEcho
You're right, I did miss that particular note. However, there appears to be a new bug related to this fix that causes more clipboard issues. See: https://www.reddit.com/r/ScreenConnect/comments/1d9nopw/significant_clipboard_bug_in_v241/
Bottom line I don't think it's safe to leave the clipboard sharing on at all (and as you mentioned it can be permanently disabled). Of course it comes down to various levels of risk management, but even one time forgetting to clear a client clipboard of an important admin password still leaves the sensitive data on the clipboard (even if it doesn't show up in clipboard history). One thing that should be configurable (or even the default in my opinion) would be to have the client ScreenConnect service clear the clipboard upon disconnection of the host. Of course, all this could be avoided anyway if we simply had an easy way to assign a keyboard shortcut to the "send clipboard keystrokes".