Rogue agent installs ?
We've seen a flurry of unknown agent devices come into our client's Atera companies recently.
Does anyone else experience this ?
Today's machine was called "CELESTE" and yesterday we had "GEORGE" arrive, both of which were apparently from USA IP addresses.
Comments
-
Hi @stuarthill
have you sent the "Installer-Link" for the Agent via Email to an Office365 Email address?
I have experienced the same and this was caused by a security product scanning the email (e.g. Microsoft ATP, HornetSecurity etc..)I identified this since the device was registered shortly after I sent out the link and my customer never received the email.
3 -
Thanks for your reply @mbudke
This is a good thought, I'll ask around and bear it in mind in the future.
0 -
I have also seen this a couple times, it had been AV sandboxes or similar.
That is a bummer that we can't "expire" the agent links\installers. if they get out there they could be installed on lots of devices basically forever.
1 -
Heya - there is a resource that can be helpful - have a look:
https://support.atera.com/hc/en-us/articles/360021257599-Rogue-machines
let us know if it helps! @stuarthill0
Topics
- All Topics
- 61 Getting started
- 27 Read before posting
- 9 Meet and greet
- 330 General
- 77 News and announcements
- 2 Swag
- 6 Roadmap updates
- 1 Product Survey
- 101 Resources
- 1 Onboarding
- 17 Knowledge Base
- 23 Webinars
- 1 Shared Script Library
- 3 Blog
- 24 Pro Tips
- 30 Got an idea?
- 3 Atera Academy
- 8 ActionAI
- 5 Copilot
- 223 Remote Monitoring and Management
- 91 Remote Monitoring
- 29 Patch Management
- 120 Professional Services Automation
- 72 Helpdesk
- 18 Billing
- 24 Reporting
- 44 Integrations & add-ons
- 23 Integrations
- 12 Add-ons
- 115 Scripting and automations
- 64 Scripts
- 36 Automations