Windows Workstation: Unknown ScreenConnect Fingerprints
submitted
N
Noah Tatum
Replace the "xxxxxxxxxxxxxxxx" with your known ScreenConnect fingerprints. You can add additional fingerprints as needed with more "contains" statements separated by "||". These fingerprints can be found via software inventory (Add/Remove Programs, RMM, Liongard, etc). Look for the ScreenConnect entries and grab the 16-character string.
Software[?contains(Name,
ScreenConnect
) && !(contains(Name, xxxxxxxxxxxxxxxx
) || contains(Name, xxxxxxxxxxxxxxxx
))].join(:
, [Name,DisplayVersion]) | sort(@)T
Ted Thueson
I've adjusted this to not fuzzy match "ScreenConnect" since this vulnerability does not apply to client installations (from my understanding). Obviously, it's good to check over the client versions as well, but this will further scope things down to catch only SC server installations.Software[?Name ==
ScreenConnect
&& !(contains(Name, xxxxxxxxxxxxxxxx
) || contains(Name, xxxxxxxxxxxxxxxx
))].join(:
, [Name,DisplayVersion]) | sort(@)