ScreenConnect/Connectwise control client exe (marked as malicious)

JaredBusch

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

that's what I was expecting. If you deploy early, you get a new hash that no one has seen yet.

You misunderstand. Every install will have a unique hash because the executable is BUILT by the system on the fly.

scottalanmiller

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

that's what I was expecting. If you deploy early, you get a new hash that no one has seen yet.

You misunderstand. Every install will have a unique hash because the executable is BUILT by the system on the fly.

Oh, right, duh. That too. That's way bigger as it is ONLY you ever submitting them.

dbeato

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

JaredBusch

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

That is the entire point of this thread though.

dbeato

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

That is the entire point of this thread though.

You are correct, that's why I wanted to move the portion of VirusTotal conversation out this thread.

scottalanmiller

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

That is the entire point of this thread though.

You are correct, that's why I wanted to move the portion of VirusTotal conversation out this thread.

But that's the basis of his concern is that tools like that were identifying it. Take out that stuff, and there is no thread.

scottalanmiller

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

And in those unrelated cases, lots of things flagging the would be more meaningful.