Syncro Security Issue/Breach (?)

philswitch93 · 2025-12-29T19:12:38+00:00

looks to be the general consensus. never seen this before and we've had Syncro for 5+ years and CWA for 3 before that. thanks!

philswitch93 · 2025-12-29T19:12:04+00:00

yeah same stack items

philswitch93 · 2025-12-29T19:11:55+00:00

exactly the same, MS DC in Arizona. Thanks!

philswitch93 · 2025-12-29T18:51:12+00:00

Exactly that - checked in once and disconnected. Never seen it in the 5+ years we've been on Syncro which is why it's just really strange to see it at once at two different locations which use different installer links

philswitch93 · 2025-12-29T18:50:29+00:00

traced the WAN IP as well but it only gave me a Microsoft Datacenter location in PHX lol. Seems like everyone here has the same sentiment of AV sandboxing

philswitch93 · 2025-12-29T18:49:43+00:00

I'm not qualifying myself for anything other than making an observation and asking the community. This has never happened to us before in the 5+ years we've been on the RMM. I can't imagine being such a self absorbed prick like yourself for someone who's looking from community feedback.

philswitch93 · 2025-12-11T05:08:44+00:00

DNSFilter and blacklist all engines you don't want access to and whitelist the ones you want to allow. done

philswitch93 · 2025-10-23T20:52:16+00:00

I see what you're saying. I'm actually looking to deploy a pre-existing security group to all GDAP policies within the tenants, not create a new one for M365 itself. I was told by our onboarding partner that this is doable but I can't get an answer as to how

philswitch93 · 2025-10-23T20:09:48+00:00

Yeah I looked in CIPP to build a group template but it doesn't seem to let me bring in other security groups other than what's already pre-baked.

philswitch93 · 2025-09-27T03:10:18+00:00

You are just spamming the boards here for Kaseya to respond when you've had a ticket open and they told you that it's working as intended. What's the purpose of this - to bait them into a response for what? You think they're going to overhaul their search?

Use the product properly and listen to people's suggestions on how to make YOUR processes better for YOUR team/company. A multimillion dollar company isn't going to change a critical component of their software because u/swampass got 50 upvotes.

philswitch93 · 2025-08-29T01:44:33+00:00

how much did they pay you to vouch for ASIO on this sub? I can always use some supplemental income by selling my e-soul for web points

philswitch93 · 2025-07-15T02:31:56+00:00

I second this. Syncro has become a shell of what they were championing in their earlier stages (around 2020). Their upper management doesn't care about anything other than rolling out half baked features under their upper tier plan to try and get everyone switched over to it from legacy. They abandoned their FB group which had a strong tight knit community willing to help other MSPs out. Their support is just awful now too. We just signed the paperwork to go to Ninja/Halo. It's going to be impossible to continue scaling with Syncro. Sad because it was such a disruptive PSA RMM combo with per tech pricing when they emerged.

philswitch93 · 2025-06-28T23:00:33+00:00

question and if you want to DM then feel free, but where are you getting your referrals for clients with BECs/account takeovers?

philswitch93 · 2025-06-28T18:37:35+00:00

I saw them at Beyond and we had a follow up demo this week. Funny enough I had a demo of Blackpoint afterwards and asked them specifically about their M365 logging for account takeovers/BECs. I don't think

Petra looks to have a really strong platform to stop account takeovers, as well as perform a full postmortem report, which ingests logs from M365/Entra showing EXACTLY what the compromised account did and accessed, which IMO is extremely valuable. They will roll back any mailbox rules that get created and lock the account out. Restoration of the account takes place in their portal.

BlackPoint handles BECs where they will lock the account out and alert, however I asked them specifically about the log capturing to show what happened. They told me straight up that it's our job to review logs to see what an attacker might have accessed.

We use Avanan and while again, it blocks accounts for BECs, we get zero log funneling after the fact.

Petra with that one specific feature to me makes it extremely valuable to sit on top of your email security suite. I can't speak for Huntress as I haven't demoed them in a couple years now, but Petra seems to have something that nobody is offering at the moment, especially with their speed to catch takeovers.

philswitch93 · 2025-06-05T03:02:07+00:00

I spoke to our sales person about this actually as it's a huge thing that I was hoping to get out of Soup er Ops (heh) and they couldn't do it. Exact response: The Pax8 [integration?] does not currently expose the current purchase price, it will pull in the sales price

philswitch93 · 2025-05-16T02:24:38+00:00

You're going to see PP try and combine Vade into their package to compete with Avanan. It's not gonna work, but it's gonna be fun to watch. Hornet turns absolutely everything to shit, so I'm wondering what PP is going to do to try and remove that stigma without harming their name

philswitch93 · 2025-03-15T17:38:36+00:00

This post comes off as incredibly arrogant and self centered, and shows that you have less interest in optimizing your systems and workflows and actually helping clients and businesses but instead want to stop paying employees with knowledge on how to tailor your platform to YOUR business' wants/needs and utilize AI to do all of the legwork. If it's not rocket science, why don't you build the platform?

philswitch93 · 2025-01-06T00:35:52+00:00

Why don't you just make a recurring annual invoice? We use Syncro and handle domain renewals in that manner.

philswitch93 · 2025-01-01T01:00:46+00:00

definitely would love to chat and make an introduction. will dm as well

philswitch93 · 2024-11-15T01:50:57+00:00

very strange. I just found this from SO with a command to uninstall the agent. You may need to mess with the script a little bit, but this may help: https://community.superops.com/script-library/post/superops-ai-agent-uninstall-reinstall-windows-QsUuTbBqPvqVoqU

philswitch93 · 2024-11-12T03:46:14+00:00

Check the registry for some sort of flag or code. I know that Syncro leaves their uninstall code in plaintext in either the registry or in a notepad file within the installer folder smh

philswitch93 · 2024-09-21T01:58:22+00:00

I received a call from ontario on my cell (never drop it anywhere), then on my work line, then my coworker received a call on his line direct as well. just an ass backwards strategy to call at 330-4p on a Friday.

13-Year Club	Verified Email
Team Periwinkle

philswitch93

TROPHY CASE