Known Good RMM Instances
R
Ryan Sipes
It would be helpful to be able to add known RMMs in an organization so that the Huntress team has more insight into anomalous RMM installs in co-managed environments. For example, we have a software team that installs CWC/SC across some of our client environments. Being able to add those instances to a whitelist would allow Huntress to know that those CWC/other RMM installs are allowed but any other instances should potentially be investigated/looked at more closely
Michael
Something to think about is that you can have multiple versions of ScreenConnect / ConnectWise Control installed simultaneously. Would have to either have an integration with the RMM / RAT to grab an install version on that system and verify that it was matching and there were no non-matching ones or something.
Bad guys can use CWC/SC as well - you can sign up for a one-person account for free.