11/9/2023 0 Comments Supremo remote desktop portableI had a similar thing, one of my users managed to download a cryptovirus from a spreadsheet macro (despite me sending an email to make users aware less than 1 week before) Teamviewer is one of them I use from time to time to help users out remotely when all other remote option fail. We do have a few users were I allow them to use approved portable applications. Maybe put all new users in a security group that limits there interaction with executable files and as I trust them more, remove them when they show they know what there doing. That sounds like the direction I will need to go. Even stopped an app I install for 3D printer slicing for some kids because I didn't put it in the right place. I can't find the article I used when setting it up, but it's worked well to keeping kids from running games and VPN clients from usb flash drives and SD cards. Be more than happy to share what I have if you want. Then you can add rules for individual apps and allow different groups to run anything if you want. When setting it up the first time, it asks you to allow all the default windows programs and stuff needed, which should allow the Windows system folders and Program Files (x86 and 64 bit). Uses the settings under GPO -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> System Services -> Application Identity Service set to enabled and auto start.Īlso uses the settings under GPO -> Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Application Control Policies -> AppLocker. It also has some special rules to block certain portable executables we were having issues with at the time like TunnelBear, FireFox portable, etc. I have a policy for certain computers that blocks everything from running unless it comes from the Windows or Program Files folders, OR you are a local admin. If there is a better way to do it, I am open to suggestions. I have read that some network managers can block the portable applications via a group policy, but they also need to write in exceptions to allow programs like Firefox or chrome browser to run properly. The software in question was not an installer. I have Eset antivirus software running on all network computers and noting has popped up as suspicious in the Eset remote admin portal yet. So my question to the community is, now that I have the computer isolated, how bad is this and should I completely scrub her computer or should just wiping out the user profile be enough? It appears that the link contained a portable executable setup with a predefined user ID that allowed the remote user immediate access to the computer. Still looking on how to prevent that again. It is also odd that my firewall (WatchGuard XMT 330) even allowed the download to happen, because it should be blocking any EXE from being downloaded without admin permission. Xxxx:///download.aspx?file=Supremo.exe&id_sw=7&ws=supremocontrol.xxx I have replaced some of the content of the link to make the like unclick able but you get the just of it. I told her to keep the computer off until i get into the office in the morning and disconnected it from the rest of the network.Īfter doing a little bit of investigating I found the email link she was sent. So as soon as she saw that someone else was controlling here mouse she turned off the computer. They then told the user that if we want to get the refund she needed to download this software. They said they were calling about an amazon refund we were trying to process. It would be great if you could implement these improvements in the future.So last night one of my users got scammed into letting someone remote into there work computer. (AnyDesk closes the request elevation window, and every time I fail to enter a password, I have to re-do the request elevation, which is inconvenient.) When transmitting the username and password, if I entered the password incorrectly, then display a hint next to the password or popup, but then allow me to immediately re-enter the password.(I can do this in Zoho Assist, and it's handy since I can't get the computer name/domain and username wrong.) If I want to transmit the administrator username and password, then I can choose from a list of predefined names.If a UAC window appears on the host, then RustDesk should detect this and offer a window requesting for elevation.(TeamViewer only allows me to do this when connected, which is very inconvenient.) Request elevation can be done at any time while I am connected to the host.A few ideas on how to improve the UX of this feature:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |