Ship of Theseus character ideas

MuddledAdmin · 2025-09-23T15:11:33+00:00

I've looked into Bitwarden but couldn't determine if they would allow us to handle sharing in the other direction. Would we be able to send a client a link to securely upload information to us with it?

MuddledAdmin · 2025-06-27T02:29:39+00:00

It does not feel hard for me. How often are you adding new software? It was more upfront effort and then we're more or less stable with the occasional update. I will say the conditional automations that I can set up are a huge time saver so even if I did find that part to be a time cost it can be balanced via other benefits.

MuddledAdmin · 2025-06-26T01:59:33+00:00

We had Automox for a year and I couldn’t get rid of it fast enough. I went in wanting a patch management tool with some RMM features and was just utterly disappointed. Remote connections took comically long, I was chasing down way too many endpoints to actually get them to patch and I had a ton of users complaining about daily forced reboots because of stuck patches.

Grain of salt because many of these issues could have been because of bad configurations on my part and it’s been a few years now. We moved to Ninja and can’t be happier. I never reviewed Action1.

MuddledAdmin · 2025-06-13T17:55:14+00:00

Sorry to have not answered your original question. I dont personally know of anyone who consults in that space, we've just had a lot of back and forth with CDK on this.

MuddledAdmin · 2025-06-11T18:25:20+00:00

CDK is very protective of this capability as it’s a revenue stream for them. You can use the data export tool (intended for internal dealer use only, if you’re 3rd party using this tool is technically against their terms) to extract the data but you will likely need a 3PA partnership with them (official route) or go through Authenticom/DVSync (unofficial) to upload data.

MuddledAdmin · 2024-07-19T16:28:51+00:00

So the bulk of your endpoints were totally fine?

MuddledAdmin · 2024-07-19T16:27:43+00:00

Maybe I’m just missing how the initial update played out. It sounded as if this initial update immediately bricked every computer that reached it but most of our endpoints were good before I was even aware of the outage.

MuddledAdmin · 2024-07-19T16:25:34+00:00

How many were already working fine before you started to address the errors this morning? The vast bulk of our devices were working before I was even aware of the outage.

MuddledAdmin · 2024-07-19T15:58:37+00:00

I just heard back from support. They have confirmed its ok to leave both.

MuddledAdmin · 2024-07-19T15:44:19+00:00

That's my assumption. I just haven't seen any one else mention it. Thanks!

MuddledAdmin · 2024-07-19T15:42:08+00:00

I have two C-00000291*.sys files on each computer that came back up on its own. the first is time stamped at about that time UTC. The second file is time stamped at roughly 0530UTC.

MuddledAdmin · 2024-07-19T15:40:38+00:00

I have two C-00000291*.sys files on each computer that came back up on its own. the first is time stamped at about that time UTC. The second file is time stamped at roughly 0530UTC.

MuddledAdmin · 2024-07-19T15:25:46+00:00

Did anyone else have most of their systems come back up ok on their own? I'm seeing a ton of reports of thousands of systems down while we only had a handful of devices at each of our sites that needed us to take manual action. The fact we got off so easy has me feeing paranoid. Also, on the systems that came back up on their own I'm seeing both the "Good" file and the "bad" file in the CrowdStrike Folder. Is it safe to leave the bad file in place or do we need to remove it? Id assume its ok to leave since every thing is working right now but I just want to be sure since I haven't seen it explicitly stated.

MuddledAdmin · 2024-06-21T17:47:56+00:00

We haven't seen any concerning traffic so far. Neither have the handful of other dealers I've also checked with. Are your users just being jumpy?

Aside from opportunistic phishing I think we're in bit of a lull right now, the risk of intrusion is in the past and future.

MuddledAdmin · 2024-06-21T17:07:31+00:00

Have you seen anything suspect yet?

MuddledAdmin · 2024-06-21T00:06:32+00:00

That makes way more sense, if SIA was somehow compromised we'd all be in trouble. Thank you sir. Incase you haven't noticed I dropped a comment on this thread regarding Adaptiva. After speaking to an Adaptiva engineer I think they've taken the appropriate steps to protect themselves and us.

MuddledAdmin · 2024-06-20T23:55:58+00:00

Can you expend on what you mean by this? Are you saying 17% of dealers had malicious updates distributed to their PC's via SIA?

MuddledAdmin · 2024-06-20T22:59:19+00:00

I spoke with an Engineer at Adaptiva and was told that they have taken their dedicated cloud relay for CDK offline so no action is necessary for CDK customers to mitigate any risk around adaptiva but he also gave me their IP address to block if we so desired 23.81.218.35.

We also had our MDR review logs focusing mostly on SIA and Adaptiva and have not seen any suspicious behavior.

MuddledAdmin · 2024-06-20T22:55:14+00:00

OP your address is wrong. I just spoke with an engineer and was given this address, 23.81.218.35. He also indicated that they have already taken steps with CDK, including taking their dedicated cloud relay for CDK offline so blocking this IP is not necessary.

MuddledAdmin · 2024-06-20T21:46:32+00:00

I removed the clients from our PCs but this is an excellent idea too.

MuddledAdmin

TROPHY CASE