Create RMM Profiles | Voters

Create RMM Profiles

Alex Payne

Partners could establish what RMM they use and if another RMM appears on a machine under their management, an alert/isolation could take place. This could prevent an attacker from leveraging what's typically viewed as trusted RMM software as a persistence mechanism other than an autorun.

September 1, 2021

Elliott Campbell

Bumping this post the Connectwise issue I think this is a great Idea

Dale Stratil

This same idea should be established for remote access software. Right now it is my understanding that Huntress does not flag things like ScreenConnect or well know legitimate remote screen sharing solutions. These too should be flagged and the MSP should be able to choose if they want to allow or remove them.

Andy Smith

Great idea!

Jackelyn'la McDermott'la

Wrong link, but its still the same point.
Setup a free trail of any RMM software, NABLE, Kaseya, Datto whoever using a fake CC. Deployed that as your Foothold then smash the network. 
All AV Vendors trust All RMMS that are known pretty well
.. Huntress could be even further ahead of the pack ..with this change on top of normal AV vendors protecting their client base.

Jackelyn'la McDermott'la

Alex Payne
https://www.reddit.com/r/msp/comments/ocggbv/crticial_ransomware_incident_in_progress/
The idea behind this request:
The MSP selects the software package "RMM" software template they use. Anything deployed on the systems with this software is classed as "trusted" 
any other RMM tooling, is class as "not trusted"
The idea being that if another rmms is deployed it should be treated as a take over or worse attackers using trusted RMM to get in to the network and setup footholds.
We trust this software so much how days and so does Huntress, but its by far the easiest way in? 
This is 0 trust model
Come see me for more great idea! -> maybe I should get 1 month free? :)

Alex Payne

Jackelyn'la McDermott'la what was the article you were referencing where this happened?