Windows Server: Unknown ScreenConnect Fingerprints
submitted
N
Noah Tatum
Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs, RMM, Liongard, etc). Look for the ScreenConnect entries and grab the 16-character string.
Software[?contains(Name,
ScreenConnect
) && !(contains(Name, xxxxxxxxxxxxxxxx
) || contains(Name, xxxxxxxxxxxxxxxx
))].join(:
, [Name,DisplayVersion]) | sort(@)T
Ted Thueson
Ignore the query in my original comment, I pasted the wrong one!Software[?Name ==
ScreenConnect
&& !(contains(Name, xxxxxxxxxxxxxxxx
) || contains(Name, xxxxxxxxxxxxxxxx
))].join(:
, [Name,DisplayVersion]) | sort(@)T
Ted Thueson
I've adjusted this to not fuzzy match "ScreenConnect" since this vulnerability does not apply to client installations (from my understanding). Obviously it's good to check over the client versions as well, but this will further scope things down to catch only SC server installations.Software[?contains(Name,
ScreenConnect
) && !(contains(Name, xxxxxxxxxxxxxxxx
) || contains(Name, xxxxxxxxxxxxxxxx
))].join(:
, [Name,DisplayVersion]) | sort(@)