azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
251adf355817c3b6bc8591d8bdfa3b461f694d1b
claudetools/.claude/memory/reference_acg_msp_stack.md
Mike Swanson 0c000109dc chore(memory): consolidate scattered feedback/project/reference files 
Compressed memory store 104 -> 71 files via four passes:

- Syncro: 19 scattered feedback_syncro_* files merged into 3 rule files
  (api/billing/workflow) + an on-demand feedback_syncro_history.md for
  incident detail, quotes, and tech/product ID tables.
- Four near-duplicate merges: Howard paste-safety, Pluto build server,
  Howard backend deferral, IX server access (ssh+tailscale).
- Per-cluster rule/state/history split applied to GuruConnect (2->1),
  Dataforth (3->2), Cascades (7->3), GuruRMM (13->3).
- New reference_resource_map.md: single auto-loaded cheatsheet for
  "do I have access to X and how do I connect from this machine?"
- MEMORY.md rewritten to match the new layout.

Health: broken backlinks 8->7, overlap clusters 12->5, orphans 17->0.
2026-06-01 16:25:45 -07:00

1.4 KiB
Raw Blame History

name, description, metadata
name description metadata
reference_acg_msp_stack ACG's own MSP tool stack — do not flag these as foreign/threat agents on managed machines
type
reference

Arizona Computer Guru's own MSP management/security stack. When found on an ACG-managed endpoint these are expected ACG tooling, NOT a prior MSP's leftovers or a threat — do not treat as a security finding.

Confirmed by Mike (2026-05-29):

  • ConnectWise Control / ScreenConnect — remote access
  • Splashtop (SOS/Streamer) — remote access
  • Syncro (Kabuto agent) — PSA / RMM

Also part of the stack (seen on ACG-managed machines incl. Birth Biologic + Rednour; confirm if ever in doubt):

  • Datto RMM (CagService/Aemagent)
  • Datto EDR / Datto AV — the managed AV. Note: when Datto AV is the active AV, Windows Defender real-time protection is OFF by design (Windows disables Defender when a 3rd-party AV registers) — that is expected, not a gap.
  • GuruRMM — ACG's own RMM (the agent doing the monitoring)

Relevance: the onboarding diagnostic (reference_gururmm / .claude/scripts/onboarding-diagnostic.ps1) currently flags these as CRITICAL "foreign management/remote-access agent" — a known false positive being tuned (allowlist them as INFO; downgrade Defender-off when a managed AV is present). The genuine prior-MSP-leftover scenario still matters for non-ACG remote tools (Ninja, Atera, Kaseya, TeamViewer, LogMeIn, AnyDesk, etc.).

Reference in New Issue View Git Blame Copy Permalink