Good morning (NZ Time)
We are an IT support business
We use connectwis's screenconnect product to remotely support all of our clients, and have done for 6 years.
From Yesterday afternoon (NZ Time) our Sophos Central alerts are going off with the below.
Sophos Central Event Details for <customer name>
What happened: We attempted to restore a cleaned up application but failed.
Where it happened: <machine name>
Path: C:\Windows\Temp\ScreenConnect\22.9.10589.8370\ScreenConnect.ClientSetup.exe
What was detected: Generic ML PUA
User associated with device: <machine name>\<username>
How severe it is: Medium
Can you "globally" stop this nonsense please - or work with connectwise - Its part of the Thoma Bravo group - so also are Sophos.
You dont need to troubleshoot MY control panel (as your support agents are often wanting to do) - This is a GLOBAL SOPHOS issue and Thoma Bravo
I'm posting this in the forum as well as in a support ticket as I find support tickets are slow due to timezones and the "follow the sun" system not really working.
Edited TAGs
[edited by: Gladys at 9:30 AM (GMT -8) on 1 Mar 2023]