Rogue agent installs ?
We've seen a flurry of unknown agent devices come into our client's Atera companies recently.
Does anyone else experience this ?
Today's machine was called "CELESTE" and yesterday we had "GEORGE" arrive, both of which were apparently from USA IP addresses.
Comments
-
Hi @stuarthill
have you sent the "Installer-Link" for the Agent via Email to an Office365 Email address?
I have experienced the same and this was caused by a security product scanning the email (e.g. Microsoft ATP, HornetSecurity etc..)I identified this since the device was registered shortly after I sent out the link and my customer never received the email.
3 -
Thanks for your reply @mbudke
This is a good thought, I'll ask around and bear it in mind in the future.
0 -
I have also seen this a couple times, it had been AV sandboxes or similar.
That is a bummer that we can't "expire" the agent links\installers. if they get out there they could be installed on lots of devices basically forever.
0 -
Heya - there is a resource that can be helpful - have a look:
https://support.atera.com/hc/en-us/articles/360021257599-Rogue-machines
let us know if it helps! @stuarthill0
Topics
- All Topics
- 60 Getting started
- 27 Read before posting
- 9 Meet and greet
- 316 General
- 73 News and announcements
- 2 Swag
- 5 Roadmap updates
- 1 Product Survey
- 94 Resources
- 17 Knowledge Base
- 18 Webinars
- 1 Shared Script Library
- 3 Blog
- 23 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 218 Remote Monitoring and Management
- 88 Remote Monitoring
- 29 Patch Management
- 118 Professional Services Automation
- 70 Helpdesk
- 18 Billing
- 24 Reporting
- 43 Integrations & add-ons
- 23 Integrations
- 11 Add-ons
- 113 Scripting and automations
- 62 Scripts
- 36 Automations