@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

PUP is an indicator for software that could be bad, but isn't. ALL remote access and monitoring can be used for malicious purposes. So it is often marked as PUP. Even if every tool ever made marked something as PUP, this would never give reason for concern unless you hadn't meant to install a remote access too. But you did, you knowingly installed ConnectWise, so you should be expecting PUP warnings from to time if you don't exclude it, just like all tools will do sometimes. Since you know that you installed it intentionally, you know that the PUP warning does not apply to you.

We do get PUP alerts on our environment and most of them are ignored. In this case if you look at the results I shared, PUP is on just my AV, some others shows as Trojan

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@Ambarishrh said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

PUP doesn't mean malicious. Lots of remote access software gets marked as PUP. PUP is really an essentially meaningless category.

Agreed, we've been using screenconnect for almost 2 years now, never had the AV marking this as PUP/malicious. The support agent session and the reports from virus total/hybrid-analysis making me think twice about the client upgrade on machines

Should more make you question your AV, not ScreenConnect. That you know what SC is, there's zero reason for concern. PUP for known software is meaningless. However, the real reaction should be "why is my AV flagging something so well known and obvious?" This means that your AV is crying wolf on something really simple to have avoided.

If it was just my AV I would just add exclusion and move forward, but as I mentioned, the combined result of virustotal, hybrid-analysis and response from connectwise support makes me nervous. I've contacted connectwise support again to see of they can provide some valid reasons or confirmation.

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

PUP doesn't mean malicious. Lots of remote access software gets marked as PUP. PUP is really an essentially meaningless category.

Agreed, we've been using screenconnect for almost 2 years now, never had the AV marking this as PUP/malicious. The support agent session and the reports from virus total/hybrid-analysis making me think twice about the client upgrade on machines

I just upgraded my ConnectWise Control to the latest version this morning (19.0.23234.7027) and as usual tried to upgrade my client to the latest version. Our AV caught this exe and marked as PUP

On such cases, I generally add an exclusion, but just wanted to double check before I add the exclusions and did scan on virus total & hybrid-analysis with the following results:

Virus total

Hybrid-Analysis

I had a chat with Connectwise support and the agent mentioned that we have to disable AV or add exclusions, then I shared the above links and the next thing I could see is my next chats that had hybrid-analysis link and other messages has gone, giving me a message that I've been inactive for 5 minutes and session ended!

Anyone else got an alert from AV?

Something like https://cachethq.io ?

The size difference on files on my computer was an issue with dropbox on the latest version of Win10. I used my mac to download all files and then moved the Dropbox folder inside OneDrive and got all synced. Apart from some files not being synced all looks good now. I am almost ready to cut Dropbox, part of that I already switched from yearly plan to monthly (was due for renewal on sep), just keeping it a month or two more to finalize.

With the new option of getting MS offoce on unlimited devices and concurrent sign in to 5 devices with the O365 plan ( https://techcommunity.microsoft.com/t5/Office-365-Blog/You-re-about-to-get-even-more-from-your-Office-365-Home-or/ba-p/234907) along with smart sync, I guess its a great deal

I personally use 1Password but was looking at options which are self-hosted. Need to test Bitwarden

I got the AmpliFi HD and really like it!

I was getting slow connections for a very long time and did a few tests before and after setting up the device. With the old setup, my wifi connected device speed was variable at different locations, but with AmpliFi HD, its almost stable at all locations/rooms.

Before AmpliFi

After AmpliFi

You mean the mesh router would be sufficient? or still suggesting the router+AP combo?

I couldn't find the ERX & AP on the local online store, but the Amplifi mesh router is available. There are some distributors and resellers number in the region where I can check

Haven't heard anyone discussing about the Amplify Mesh. No one used this yet?

@scottalanmiller said in New WiFi router recommendation:

Ubiquiti ERX

I am currently looking at the ERX and AP as well, just so much of products on their page, trying to find what suits my need!