--- name: GuruRMM security scope — integrate AV, don't replace it description: GuruRMM product scope on security/AV — the RMM does NOT build native virus/malware removal; it integrates AV products (monitor their reports + send commands to them) and its own built-in value is helping techs FIND issues. Program/software removal is a separate, distinct feature. type: project --- Product-direction decision (Mike, 2026-06-22). When weighing security/diagnostic features for GuruRMM: - **No native AV / virus / malware removal in the RMM.** Dedicated AV products (Bitdefender GravityZone, Datto EDR/AV — see [[reference_acg_msp_stack]]) do that work. Don't pitch building a RogueKiller-style scanner/quarantine engine into the agent. - **The RMM's AV role is integration:** monitor/surface the AV products' reports + status, and send commands/actions to those AV products *through* the RMM. Manage AV, don't be AV. - **The RMM's own built-in value is helping techs FIND issues** — diagnostics, health surfacing, "what's wrong with this box" tooling — not performing endpoint security remediation itself. - **Program/software removal is a DISTINCT feature** (the ARP-registry silent-uninstall engine, SPEC-030 `remote-software-uninstall`), unrelated to AV. It was being worked in a separate session as of this date. **Why:** avoids reinventing mature AV engines, keeps the RMM RMM-first (mission.md non-goals), and plays to the self-hosted-management strength rather than competing with security vendors. **How to apply:** for security-flavored feature ideas, frame as "monitor + command the existing AV/security product" or "help the tech locate the problem," not "build the security capability natively." Related: [[project_gururmm]], [[feedback_no_manufactured_guardrails]].