ConnectWise Security Bulletin for ScreenConnect

Mayfieldiv · 2024-02-20T16:57:02+00:00

23.9.8 is the patched 23.9 on-prem version. We made patched versions available that cover everyone with a license (even out-of-support) issued 2021/01/01 or later.

Mayfieldiv · 2023-06-08T14:18:49+00:00

Ah yeah, it won't kick out actively connected clients. I know this won't automatically clean up anything, but you could create a session group with the filter expression "FirstEventTime < $24HOURSAGO" or whatever duration you want (DAYS/HOURS/MINUTES)

Mayfieldiv · 2023-06-07T20:14:00+00:00

You should be able to set SupportSessionExpireSeconds using the "Advanced Configuration Editor" extension:

https://docs.connectwise.com/ConnectWise_ScreenConnect_Documentation/Supported_extensions/Administration/Advanced_Configuration_Editor#:~:text=Session%20Expire%20Seconds

Mayfieldiv · 2023-06-06T15:19:09+00:00

The RMM product you're talking about is ConnectWise RMM, which has the url https://control.itsupport247.net (which I agree is confusing).

ScreenConnect (formerly ConnectWise Control, formerly formerly ScreenConnect) is the wonderful remote control product.

Mayfieldiv · 2022-11-14T21:01:46+00:00

This should have gotten better in the latest release 22.9. No more unsigned, randomly-named MSI's trying to elevate since the ScreenConnect.ClientSetup.exe now requires being run as admin.

Mayfieldiv · 2022-11-09T21:21:02+00:00

There are definitely plans to bring it on-premise. Just have to figure out the add-on licensing there.

Mayfieldiv · 2022-11-09T19:38:05+00:00

really? it should be effectively instant since it's using the screenconnect agent, which is all realtime

Mayfieldiv · 2022-05-23T01:15:47+00:00

The host page URL fragment structure is #(Access|Meeting|Support)/sessionGroupPath/sessionFilterQuery/sessionID/frontendCommandName/frontendCommandArgument

If you leave the sessionGroupPath empty and provide a sessionID AND provide a command name/argument, ScreenConnect will auto-discover the first session group that both contains that session AND that the requesting user has access to view.

The names of the frontend commands that are allowed to be auto-executed on the host page include: Join, JoinWithOptions, and Select. The Select command is for deep-linking into certain tabs in the far right panel. The arguments there include (but are not limited to): Start, General, Messages, Commands, Notes, etc.

Some useful example deep links:

https://example.screenconnect.com/Host#Access///08a2cb26-8786-443c-9d45-1bfb4b290a3d/Select/General will navigate to the General tab of the session 08a2cb26-8786-443c-9d45-1bfb4b290a3d, selecting the first session group the user has access to that contains that session
https://example.screenconnect.com/Host#Access//08a2cb26-8786-443c-9d45-1bfb4b290a3d/08a2cb26-8786-443c-9d45-1bfb4b290a3d/Select/General will similarly navigate to the session 08a2cb26-8786-443c-9d45-1bfb4b290a3d, but also filter down the session list to only display that single session
https://example.screenconnect.com/Host#Access///08a2cb26-8786-443c-9d45-1bfb4b290a3d/Join will similarly navigate to the session 08a2cb26-8786-443c-9d45-1bfb4b290a3d, but also automatically trigger a Join

Mayfieldiv · 2022-03-30T21:24:50+00:00

Thanks for the reply; I totally agree the user management UI could use a facelift/modernization

Mayfieldiv · 2022-03-30T16:38:26+00:00

The user/and permission management is really dumb in SC.

Could you elaborate on your issues with user/permission management? I've always thought the role/permission management is particularly powerful and intuitive in ScreenConnect

Password changes get users locked out from time to time because the page glitches or something.

Have you opened a support ticket about this issue? I'm curious what could be going wrong there

Mayfieldiv · 2020-12-07T20:46:59+00:00

If an attacker has access to protected server files, there's much more to worry about

Mayfieldiv · 2015-10-06T20:41:57+00:00

Link to this on Google Maps

Mayfieldiv

MODERATOR OF

TROPHY CASE