1.4 KiB
name, description, metadata
| name | description | metadata | ||
|---|---|---|---|---|
| reference_acg_msp_stack | ACG's own MSP tool stack — do not flag these as foreign/threat agents on managed machines |
|
Arizona Computer Guru's own MSP management/security stack. When found on an ACG-managed endpoint these are expected ACG tooling, NOT a prior MSP's leftovers or a threat — do not treat as a security finding.
Confirmed by Mike (2026-05-29):
- ConnectWise Control / ScreenConnect — remote access
- Splashtop (SOS/Streamer) — remote access
- Syncro (Kabuto agent) — PSA / RMM
Also part of the stack (seen on ACG-managed machines incl. Birth Biologic + Rednour; confirm if ever in doubt):
- Datto RMM (CagService/Aemagent)
- Datto EDR / Datto AV — the managed AV. Note: when Datto AV is the active AV, Windows Defender real-time protection is OFF by design (Windows disables Defender when a 3rd-party AV registers) — that is expected, not a gap.
- GuruRMM — ACG's own RMM (the agent doing the monitoring)
Relevance: the onboarding diagnostic (reference_gururmm_api / .claude/scripts/onboarding-diagnostic.ps1) currently flags these as CRITICAL "foreign management/remote-access agent" — a known false positive being tuned (allowlist them as INFO; downgrade Defender-off when a managed AV is present). The genuine prior-MSP-leftover scenario still matters for non-ACG remote tools (Ninja, Atera, Kaseya, TeamViewer, LogMeIn, AnyDesk, etc.).