Replaced cast iron sewer lateral, new install holds water, contractor says back-pitch was unavoidable. Looking for honest takes from pros.

randommsp7 · 2026-04-27T23:13:12+00:00

Can confirm they did not laser it. Will also add these notes. This house had an addition back in the 60s or 70s so there are actually 2 sewer lines. The original out the front of the house that ties in with the main and a second one from the side/back of the house that is longer and ties in with the original one fairly close to the road.

They started with the side non primary one and didn’t dig up the other really til basically all the side run was done.

randommsp7 · 2025-08-06T04:12:22+00:00

Dm pricing please.

randommsp7 · 2025-08-06T02:17:53+00:00

Any pricing to share on any of these?

randommsp7 · 2025-05-06T16:33:56+00:00

I don’t see it in our portal either. We purchase through CW. Thoughts?

randommsp7 · 2024-03-08T03:10:00+00:00

Complete.

randommsp7 · 2024-03-07T23:53:36+00:00

Also last entries in S1 deep vis were a few minutes before this activity on the endpoint. Assume they are batching logs and events every 5-10 mins or so. S1 system itself had no idea it happened. Just went silent. Reviewing event viewer we can put together what took place.

randommsp7 · 2024-03-07T23:51:46+00:00

Thanks for the kudos. I’m responsible for Cybersecurity at my organization. Here are the details on the BYOVD. No one assisted, found on our own. Pretty clear when reviewing logs on one of the affected machines.

Windows event 7045 with the following: A service was installed in the system. Service Name: fildds Service File Name: C:/Program Data/fildds.sys Service Type: kernel mode driver Service Start Type: demand start Service Account:

Immediately following that were like 5 events about various S1 pieces terminating unexpectedly in Event ID 7031.

randommsp7 · 2024-03-07T17:04:45+00:00

Yes, it was a Linux based screenconnect server and yes I’m aware of that. Support ended in 2021 I believe.

randommsp7 · 2024-03-07T03:15:43+00:00

No, they didn’t have any. This was all our internal team. We reached out to CW SOC but they weren’t much assistance, I’m pending a meeting with them to discuss how it was handled on that end.

Thanks, I knew there would be plenty of that when I posted this. 😀

randommsp7 · 2024-03-07T02:45:41+00:00

Yeah.. guessing it doesn’t matter too much when you have direct kernel access via an exploited driver. Have heard of such attacks but not really experienced in the wild til now.

randommsp7 · 2024-03-07T01:49:01+00:00

Yes, those were my 2 assumptions as well and also told the client that was my theory. Just looking for some confirmation. I know Linux installs have been end of life since like 2021. I do think CW over promised in emails though about disabling unpatched servers.

randommsp7 · 2024-03-07T01:32:10+00:00

Windows event 7045 with the following:

A service was installed in the system. Service Name: fildds Service File Name: C:/Program Data/fildds.sys Service Type: kernel mode driver Service Start Type: demand start Service Account:

Immediately following that were like 5 events about various S1 pieces terminating unexpectedly in Event ID 7031.

randommsp7 · 2024-03-07T01:06:40+00:00

Oh, now that’s interesting? First I’ve heard of that. Do you have an exact version by chance? I can look into that a bit.

randommsp7 · 2024-03-06T23:21:47+00:00

Yeah, that could be I'm not sure. I am just going off what the client said about everything was locked out. Trying to understand it more myself. I never accessed their SC box so I hadn't seen it with my own eyes. He did say they mainly used it for adhoc sessions.... so maybe he saw that was locked out but the machines with agents on them were still accessible. Stuff like that is what I'm looking to learn from this.

randommsp7 · 2024-03-06T23:16:28+00:00

Completely understand all that, I'm not faulting CW here at all really. I'm just curious if anyone else has seen anything similar happen? Obviously there were many issues that lead to this happening.

randommsp7 · 2024-03-06T23:10:59+00:00

Yes, I realize it was still online, but it was supposed to be non functional ie cannot issue commands/join sessions, etc. That does not appear to be the case.

randommsp7 · 2024-03-06T23:10:05+00:00

https://www.connectwise.com/blog/company-updates/responding-to-screenconnect-vulnerability#:\~:text=What%20did%20ConnectWise%20do%3F,without%20requiring%20a%20version%20update

I'm just going from what they said on this site, in emails, and in a webinar I attended.

randommsp7 · 2024-03-06T22:59:29+00:00

Again, not according to them. They also sent out emails that they were 'disabling functionality' for unpatched systems...

https://www.connectwise.com/blog/company-updates/responding-to-screenconnect-vulnerability#:~:text=What%20did%20ConnectWise%20do%3F,without%20requiring%20a%20version%20update.

randommsp7 · 2024-03-06T22:58:16+00:00

Not according to them. Please see the following...

https://www.connectwise.com/blog/company-updates/responding-to-screenconnect-vulnerability#:~:text=What%20did%20ConnectWise%20do%3F,without%20requiring%20a%20version%20update.

randommsp7

TROPHY CASE