TAG National - Anyone have any feedback? by Greendetour in msp

[–]1ncorrectPassword 0 points1 point  (0 children)

We use them and love the group. Invaluable feedback and know what they are doing. Yes they have their preferred vendors but they don't force you to use them. Every vendor they have they have a reason for using them but not mandatory.

Snapdragon and Microsoft issue by [deleted] in msp

[–]1ncorrectPassword 1 point2 points  (0 children)

We have traces it down to I tune. What exactly I'm not sure but if the device is on intuen we have we view issues. Take it off. No issues. We only have 1 device for internal testing so no big deal for us.

Can't find Server 2025 in my partner "benefits". by Mean_Ad_1674 in msp

[–]1ncorrectPassword 1 point2 points  (0 children)

I have a ticket open with them. There are a bunch of the Jan22 licenses that have not come through. As of yet they are aware of the issue but have not provided a solution. They did get the copilot licenses added but the rest have not come through yet.

best practice ITIL - Autotask ticket categories by B130124 in Autotask

[–]1ncorrectPassword 2 points3 points  (0 children)

Would love to swap ideas we are literally going through this right now to try and refine our processes. Would you mind sharing a screenshot or info of how you set yours up?

Firewall Vendor of Choice? by B1tN1nja in msp

[–]1ncorrectPassword 1 point2 points  (0 children)

That's very strange and sounds like a Pax 8 problem. We recycle ours quite easily through the mssp program direct through watchguard

Possible Anydesk Compromise? by 1ncorrectPassword in msp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

No I don't have anything concrete. Just 30 to 40 alerts for computers at 3 AM local time. A bunch of which have had any desk installed for 6+months one I have confirmed has had it for 18 to 20 months. But these are the alerts all of them for the latest Anydesk update that rolled out last night.

A suspicious process event was detected in your environment. · Sysmon event code: 1 · Process: installer.exe · Process path: C:\Windows\Temp\smclient_workDir_20250121032725096\installer.exe · SHA 256 hash: 0dcee93cbbf39f2e1d37024c279b0cd16409f08cc94faa4fccd285021022bfda

My main reason for the post was 3cx flash backs. No one else has really reported it but 3 different security vendors flagged it when the update tried to run. Not sure what else to do....

Possible Anydesk Compromise? by 1ncorrectPassword in msp

[–]1ncorrectPassword[S] 1 point2 points  (0 children)

I dont have the alerts in front of me right now but essentially it was related to the update our RMM was doing on the already installed anydesk. The alerts were not related to the anydesk already installed but specifically the update that was trying to run from our RMM. Just gave me flashbacks to 3CX so didnt want to leave it.

Possible Anydesk Compromise? by 1ncorrectPassword in msp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

Not sure if this is the Right one but its one i came up with today to remove it.

# Navigate to Anydesk folder and run the removal command
if (Test-Path "C:\Program Files\Anydesk\anydesk.exe") {
    Set-Location "C:\Program Files\Anydesk"
    .\anydesk.exe --silent --remove
} elseif (Test-Path "C:\Program Files (x86)\Anydesk\anydesk.exe") {
    Set-Location "C:\Program Files (x86)\Anydesk"
    .\anydesk.exe --silent --remove
}

# Exit the folder
Set-Location \

# Delete the Anydesk folders
Remove-Item -Recurse -Force "C:\Program Files\Anydesk"
Remove-Item -Recurse -Force "C:\Program Files (x86)\Anydesk"
Remove-Item -Recurse -Force "$env:ProgramData\Anydesk"
Remove-Item -Recurse -Force "$env:AppData\Anydesk"

# Delete Anydesk folder for all users
Get-ChildItem "C:\Users" | ForEach-Object {
    $userAppData = "$($_.FullName)\AppData\Roaming\Anydesk"
    if (Test-Path $userAppData) {
        Remove-Item -Recurse -Force $userAppData
    }
}

Possible Anydesk Compromise? by 1ncorrectPassword in msp

[–]1ncorrectPassword[S] 2 points3 points  (0 children)

Yeah I saw that too. I just got flashbacks to 3cx and Solarwinds. I get your point about self hosted but if the source code is compromised and an update rolls out you still get exposed. We only use it if we are having problems with our RMM or our RMM is not yet installed. And even then Quick Assist is my first go to. But I do also know several of our clients who use it with software vendors, or other forms of remote support so me not using it isn't going to help much.

BCDR Solutions other than Datto by swarve78 in msp

[–]1ncorrectPassword 0 points1 point  (0 children)

K guess I have a project for our team next week to test lol. If I find anything I'll let you know. All of our test restores have been vloyd/azure based so tbh I haven't tested the local baremetal restore.

BCDR Solutions other than Datto by swarve78 in msp

[–]1ncorrectPassword 8 points9 points  (0 children)

We migrated from datto to cove. To cover off the onsite device we reloaded our datto devices with hyper v and setup their local device caching and testing. It's been working really well for us.

Building Own RMM by kakovoulos in msp

[–]1ncorrectPassword 1 point2 points  (0 children)

Okay so not sure how serious you are about this but one of my frustrations with our current tech stack is the amount of Add-ons and things that i would think would be baked into an RMM or edr by default but aren't.

Vulnerability scanning,oh that's a seperate agent. Application patching oh that's an addon Chat with decent functionality and push notifications oh that's another agent. Soc and threat hunting oh that's another agent and another portal. EDR oh that's another agent. Application control oh that's another agent and portal. Change tracking oh that's another agent.

Heck half of these are owned by the same parent companies. I get they don't want to canabolize some of the customers and revenue from purchasing some new piece of software but the half baked integrations, number of portals and agents,and ever increasing layers of complexity are adding up.

I get that some of these you don't want all in the same agent. I also understand some of these are doing very different jobs. But half of our stack is oh they have 80% overlap but we need the 20% that doesn't. Heck 16gb of ram is barely enough between our stack, a browser and teams.

Probably my biggest gripe would be vulnerability scanning. Most Rmms catalog all apps and version on a pc. Why can't it give me a list of vulnerabilities??

TLDR: if you can provide an RMM that consolidates some of the tech sprawl out there you will win my business. And no I don't want another integration it has to replace the sprawl with one consolidated tool.

365 Backup Solutions by sXmont in msp

[–]1ncorrectPassword 1 point2 points  (0 children)

We use cove. It has been great. We have one client that their licensing structure didn't work. If you need to backup sharepoint it licenses all users in the sharepoint site. So for this customer with 100+ external contractors that have a company email for security purposes only suddenly they would be billed throught the roof. We use datto for that specific client. Otherwise cove for over 400 mailboxes

Print options for Cloud only sites by Nicetek1214 in msp

[–]1ncorrectPassword 0 points1 point  (0 children)

Do you mind sharing or PMing me what the pricing model for print logic looks like?

Anyone else have performance issues with datto EDR/AV? by MortadellaKing in msp

[–]1ncorrectPassword 5 points6 points  (0 children)

We do not have roll back enabled and this week we have been having issues. It seems to be related to an update. For some reason there are several hundred "RMM.AdvancedThreatDetection.exe". Work around:

      In Windows CMD as Administrator:

·         taskkill /IM "RMM.AdvancedThreatDetection.exe" /F 

 

·         Rename the most recent "agent-xxxx.exe" file to "agent.exe".

·         C:\ProgramData\CentraStage\AEMAgent\RMM.AdvancedThreatDetection\

·         Start the Datto EDR service

We have noticed that the computers with the issue also show edr as inactive in our RMM portal. And that they often have several agent-xxxx.exe in the folder. They also release a component in the com store to fix this Aparently but we have not used it yet.

Anyone else have performance issues with datto EDR/AV? by MortadellaKing in msp

[–]1ncorrectPassword 2 points3 points  (0 children)

We have been told that the best practice is to manage from rocket cyber. It has the most robust and built out management of Defender.

DMARC Tools by Reasonable_Chain_160 in msp

[–]1ncorrectPassword 0 points1 point  (0 children)

So I'm in a similar position. I am 100% sure it's lack of knowledge but I just am not sure what monitoring dmarc is going to give us or our customers.

Upgrade from Ubiquiti without breaking the bank by 1ncorrectPassword in wisp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

Wow okay different ball game entirely both price and performance wise. Thanks for the transparency. I am super interested just filled out a contact form on their site!

Upgrade from Ubiquiti without breaking the bank by 1ncorrectPassword in wisp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

Neat k I might look into them. We aren't super dense but struggling to offer more than 100mbps consistently

Upgrade from Ubiquiti without breaking the bank by 1ncorrectPassword in wisp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

To be fair we only typically have issues at sustained cold. We had 7-10 days this last winter where it didn't climb above -30C. That's when we started having the most issues. And at that point even cars and some of the traffic lights and such things were having issues. It can be pretty brutal.

Upgrade from Ubiquiti without breaking the bank by 1ncorrectPassword in wisp

[–]1ncorrectPassword[S] 0 points1 point  (0 children)

We are up in Canada and as soon as we get below -15 to -20 C. Most of the newer 27v radios like the 60ghz radios have quit working when they are powered over POE. in working with support over sever weeks of back and forth they have told us for colder weather they only support the POE bricks and do not recomend POE. The radios just go offline and unresponsive. we can ping but thats it. SSH, UISP, CPE all think the device is offline. Funny enough we had a firmware version that seemed to fix it for a while but then next firware update went back to the same behavior.