azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
295126ee6c4abe2588f94de0e022eabdbb1c925d
claudetools/clients/rednour/onboarding-baselines/REDNOURCARRIEVI-20260529T202250.json
Mike Swanson c6c79d8f3e data(rednour): onboarding baseline for REDNOURCARRIEVI (3rd machine, RED) 
Completes Rednour first-baseline set. Note: ScreenConnect/Splashtop/Syncro/Datto
RMM+EDR flagged critical are ACG's own stack (false positives - detection tuning
tracked separately). Real issues: Win10 22H2 EOL, RDP without NLA, no BitLocker,
C: 12% free.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 13:24:10 -07:00

1366 lines
44 KiB
JSON
Raw Blame History

{
"host": "REDNOURCARRIEVI",
"collected_at_utc": "2026-05-29T20:21:21Z",
"os": {
"caption": "Microsoft Windows 10 Pro",
"version": "10.0.19045",
"build": "19045",
"install_date": "2023-07-26T21:21:01Z",
"last_boot_utc": "2026-05-29T14:29:33Z",
"architecture": "64-bit"
},
"facts": {
"builtin_admin_enabled": false,
"os_eol": {
"eol_date": "2025-10-14",
"release": "Win10 22H2"
},
"pending_updates": 1,
"pending_reboot": true,
"uptime_days": 0.2,
"scheduled_tasks": [
{
"path": "\\",
"name": "Adobe Acrobat Update Task",
"state": "Ready"
},
{
"path": "\\",
"name": "CorelUpdateHelperTask-FDB2E75C10B82FA3FCD17C720B5E429C",
"state": "Ready"
},
{
"path": "\\",
"name": "CorelUpdateHelperTaskCore",
"state": "Ready"
},
{
"path": "\\",
"name": "Datto EDR Health Check",
"state": "Ready"
},
{
"path": "\\",
"name": "G2MUpdateTask-S-1-5-21-148119619-2107441338-2344149896-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "G2MUploadTask-S-1-5-21-148119619-2107441338-2344149896-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "Intel PTT EK Recertification",
"state": "Ready"
},
{
"path": "\\",
"name": "MicrosoftEdgeUpdateTaskMachineCore",
"state": "Ready"
},
{
"path": "\\",
"name": "MicrosoftEdgeUpdateTaskMachineUA",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Per-Machine Standalone Update Task",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Reporting Task-S-1-5-21-148119619-2107441338-2344149896-1001",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Reporting Task-S-1-5-21-148119619-2107441338-2344149896-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Reporting Task-S-1-5-21-148119619-2107441338-2344149896-1005",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Startup Task-S-1-5-21-148119619-2107441338-2344149896-1001",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Startup Task-S-1-5-21-148119619-2107441338-2344149896-1002",
"state": "Ready"
},
{
"path": "\\",
"name": "OneDrive Startup Task-S-1-5-21-148119619-2107441338-2344149896-1005",
"state": "Ready"
},
{
"path": "\\",
"name": "PowerENGAGE",
"state": "Ready"
},
{
"path": "\\HP\\HP Print Scan Doctor\\",
"name": "Printer Health Monitor",
"state": "Ready"
},
{
"path": "\\HP\\HP Print Scan Doctor\\",
"name": "Printer Health Monitor Logon",
"state": "Ready"
}
],
"hardware": {
"model": "To Be Filled By O.E.M.",
"manufacturer": "To Be Filled By O.E.M.",
"bios_date": "2019-04-01",
"cpu_logical": 4,
"bios_version": "P4.10",
"cpu_cores": 4,
"ram_gb": 7.7,
"serial": "To Be Filled By O.E.M.",
"cpu": "Intel(R) Core(TM) i3-9100 CPU @ 3.60GHz"
},
"os_build": "19045",
"secure_boot": false,
"backup_agents": null,
"autoruns_run_keys": [
{
"key": "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "SecurityHealth",
"value": "C:\\WINDOWS\\system32\\SecurityHealthSystray.exe"
},
{
"key": "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "Datto EDR",
"value": "C:\\Program Files\\infocyte\\agent\\system-tray.exe"
},
{
"key": "HKLM:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "(default)",
"value": ""
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "Intuit SyncManager",
"value": "C:\\Program Files (x86)\\Common Files\\Intuit\\Sync\\IntuitSyncManager.exe startup"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "LogMeIn Hamachi Ui",
"value": "\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "CentraStage",
"value": "C:\\Program Files (x86)\\CentraStage\\Gui.exe"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "BrStsMon00",
"value": "C:\\Program Files (x86)\\Browny02\\Brother\\BrStMonW.exe /AUTORUN"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "BrotherSoftwareUpdateNotification",
"value": "C:\\Program Files (x86)\\Brother\\SoftwareUpdateNotification\\SoftwareUpdateNotificationService.exe /Autorun"
},
{
"key": "HKLM:\\Software\\WOW6432Node\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "(default)",
"value": ""
},
{
"key": "HKCU:\\Software\\Microsoft\\Windows\\CurrentVersion\\Run",
"name": "(default)",
"value": ""
}
],
"physical_disks": [
{
"health": "Healthy",
"model": "CT500P1SSD8",
"media_type": "SSD"
}
],
"local_users": [
{
"last_logon": "",
"name": "Administrator",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "2026-05-29",
"name": "Carrie",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "",
"name": "DefaultAccount",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "2026-05-29",
"name": "emma",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "2020-03-16",
"name": "Guest",
"password_never_expires": false,
"enabled": false
},
{
"last_logon": "",
"name": "guru",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "2026-05-28",
"name": "localadmin",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "2026-05-29",
"name": "QBDataServiceUser26",
"password_never_expires": false,
"enabled": true
},
{
"last_logon": "",
"name": "WDAGUtilityAccount",
"password_never_expires": false,
"enabled": false
}
],
"scheduled_tasks_count": 19,
"volumes": [
{
"drive": "[unlabeled]",
"size_gb": 0.1,
"free_pct": 71.7,
"free_gb": 0.1
},
{
"drive": "C:",
"size_gb": 465.1,
"free_pct": 11.7,
"free_gb": 54.4
},
{
"drive": "[unlabeled]",
"size_gb": 0.5,
"free_pct": 8.5,
"free_gb": 0
}
],
"network_adapters": [
{
"dhcp": false,
"description": "ZeroTier Virtual Port",
"gateway": [
"25.255.255.254"
],
"mac": "D6:8D:FD:D6:83:3E",
"ip": [
"10.147.17.253",
"fe80::c624:d955:2579:a9e4",
"fcfb:1c63:8659:2d21:d189::1"
],
"dns": [
null
]
},
{
"dhcp": true,
"description": "Intel(R) Ethernet Connection (7) I219-V",
"gateway": [
"192.168.10.1"
],
"mac": "70:85:C2:CC:4F:4D",
"ip": [
"192.168.10.194",
"fe80::e42e:510a:5261:a8dd"
],
"dns": [
"192.168.10.1"
]
}
],
"failed_autostart_services": [
{
"name": "Intel(R) TPM Provisioning Service",
"display": "Intel(R) TPM Provisioning Service",
"state": "Stopped"
},
{
"name": "NetMsmqActivator",
"display": "Net.Msmq Listener Adapter",
"state": "Stopped"
}
],
"stability_14d": {
"unexpected_shutdowns": 0,
"disk_errors": 1,
"bugchecks": 0
},
"exposure": {
"smb1_enabled": false,
"laps_present": true,
"rdp_enabled": true,
"uac_enabled": true,
"rdp_nla": false
},
"accounts_password_never_expires": [],
"installed_software": [
{
"publisher": "Igor Pavlov",
"name": "7-Zip 26.01 (x64)",
"version": "26.01"
},
{
"publisher": "Adobe",
"name": "Adobe Acrobat (64-bit)",
"version": "26.001.21563"
},
{
"publisher": "Adobe Systems Incorporated",
"name": "Adobe Refresh Manager",
"version": "1.8.0"
},
{
"publisher": "Brother Industries Ltd.",
"name": "BrLauncher",
"version": "2.0.36.0"
},
{
"publisher": "Brother Industries Ltd.",
"name": "BrLogRx",
"version": "1.0.5.0"
},
{
"publisher": "Brother Industries Ltd.",
"name": "Brother IPPoverUSB Driver",
"version": "1.5.1.0"
},
{
"publisher": "Aviata, Inc.",
"name": "Brother PowerENGAGE",
"version": "1.0.27"
},
{
"publisher": "Brother Industries Ltd.",
"name": "Brother Printer Driver",
"version": "2.1.0.0"
},
{
"publisher": "Brother Industries Ltd.",
"name": "BrSupportTools",
"version": "1.0.44.0"
},
{
"publisher": "Corel Corporation",
"name": "Common",
"version": "14.0.2.20"
},
{
"publisher": "Corel Corporation",
"name": "Contents",
"version": "14.0.2.20"
},
{
"publisher": "Microsoft Corporation",
"name": "Copilot",
"version": "148.0.3967.70"
},
{
"publisher": "Corel Corporation",
"name": "Corel Compatibility Pack",
"version": "12.4518.1018"
},
{
"publisher": "Corel corporation",
"name": "Corel Update Manager",
"version": "2.16.673"
},
{
"publisher": "Corel Corporation",
"name": "Corel VideoStudio Essentials X4",
"version": "14.0.2.20"
},
{
"publisher": "Datto, Inc",
"name": "Datto EDR Agent",
"version": "3.17.1.5371"
},
{
"publisher": "Datto Inc.",
"name": "Datto RMM",
"version": "4.4.11616.11616"
},
{
"publisher": "Corel Corporation",
"name": "DeviceIO",
"version": "14.0.2.20"
},
{
"publisher": "Avira Operations GmbH",
"name": "Endpoint Protection SDK",
"version": "1.0.2510.6851"
},
{
"publisher": "Microsoft Corporation",
"name": "GDR 6179 for SQL Server 2014 (KB5029184) (64-bit)",
"version": "12.3.6179.1"
},
{
"publisher": "LogMeIn, Inc.",
"name": "GoTo Opener",
"version": "1.0.533"
},
{
"publisher": "LogMeIn, Inc.",
"name": "Hamachi",
"version": "2.3.0.111"
},
{
"publisher": "Brother Industries Ltd.",
"name": "HttpToUsbBridge",
"version": "2.6.123.1"
},
{
"publisher": "Corel Corporation",
"name": "ICA",
"version": "14.0.2.20"
},
{
"publisher": "Corel Corporation",
"name": "IPM_VS_Pro",
"version": "13.0"
},
{
"publisher": "Corel Corporation",
"name": "ISCOM",
"version": "14.0.2.20"
},
{
"publisher": "LexisNexis",
"name": "LexisNexis Mobility Access Manager",
"version": "1.5.0.0"
},
{
"publisher": "Logitech",
"name": "Logitech Unifying Software 2.50",
"version": "2.50.25"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft .NET Framework 4 Multi-Targeting Pack",
"version": "4.0.30319"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft 365 Apps for business - en-us",
"version": "16.0.20026.20112"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Application Error Reporting",
"version": "12.0.6012.5000"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Command Line Utilities 11 for SQL Server",
"version": "11.0.2270.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Edge",
"version": "148.0.3967.83"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Edge WebView2 Runtime",
"version": "148.0.3967.83"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Help Viewer 1.1",
"version": "1.1.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft ODBC Driver 11 for SQL Server",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft OneDrive",
"version": "26.078.0426.0002"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Report Viewer 2014 Runtime",
"version": "12.0.2000.8"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 R2 Management Objects",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2008 Setup Support Files ",
"version": "10.3.5500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2012 Native Client ",
"version": "11.4.7462.6"
},
{
"publisher": "",
"name": "Microsoft SQL Server 2014 (64-bit)",
"version": ""
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2014 Policies ",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2014 RsFx Driver",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2014 Setup (English)",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2014 Transact-SQL Compiler Service ",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server 2014 Transact-SQL ScriptDom ",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft SQL Server System CLR Types",
"version": "10.51.2500.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft System CLR Types for SQL Server 2014 (x64)",
"version": "12.3.6179.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Update Health Tools",
"version": "3.74.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Basic for Applications 7.1 (x86)",
"version": "7.1.00.00"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Basic for Applications 7.1 (x86) English",
"version": "7.1.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2005 Redistributable",
"version": "8.0.61001"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2005 Redistributable (x64)",
"version": "8.0.56336"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2005 Redistributable (x64)",
"version": "8.0.61000"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17",
"version": "9.0.30729"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974",
"version": "9.0.30729.4974"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161",
"version": "9.0.30729.6161"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727",
"version": "11.0.50727.1"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030",
"version": "11.0.61030.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727",
"version": "11.0.50727"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727",
"version": "11.0.50727"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030",
"version": "11.0.61030"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030",
"version": "11.0.61030"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501",
"version": "12.0.30501.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501",
"version": "12.0.30501.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005",
"version": "12.0.21005"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.44.35211",
"version": "14.44.35211.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.44.35211",
"version": "14.44.35211.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Additional Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X86 Additional Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.44.35211",
"version": "14.44.35211"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Studio 2010 Shell (Isolated) - ENU",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)",
"version": "10.0.31119"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)",
"version": "10.0.31124"
},
{
"publisher": "Microsoft Corporation",
"name": "Microsoft VSS Writer for SQL Server 2014",
"version": "12.3.6024.0"
},
{
"publisher": "Brother Industries, Ltd.",
"name": "NetworkRepairTool",
"version": "1.2.29.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Office 15 Click-to-Run Extensibility Component",
"version": "15.0.5603.1000"
},
{
"publisher": "Microsoft Corporation",
"name": "Office 15 Click-to-Run Licensing Component",
"version": "15.0.5603.1000"
},
{
"publisher": "Microsoft Corporation",
"name": "Office 15 Click-to-Run Localization Component",
"version": "15.0.5603.1000"
},
{
"publisher": "Microsoft Corporation",
"name": "Office 16 Click-to-Run Extensibility Component",
"version": "16.0.20026.20076"
},
{
"publisher": "Arizona Computer Guru",
"name": "Online Backup 8.6",
"version": "8.6"
},
{
"publisher": "PCLaw | Time Matters?",
"name": "PCLaw | Time Matters? Common API",
"version": "1.90.0.0"
},
{
"publisher": "Aviata, Inc.",
"name": "PowerENGAGE",
"version": "3.2.16"
},
{
"publisher": "Corel Corporation",
"name": "PureHD",
"version": "14.0.2.20"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks",
"version": "26.0.4007.2607"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks Pro 2016",
"version": "26.0.4007.2607"
},
{
"publisher": "Intuit Inc.",
"name": "QuickBooks Runtime Redistributable",
"version": "1.00.0000"
},
{
"publisher": "Piriform",
"name": "Recuva",
"version": "1.54"
},
{
"publisher": "",
"name": "Restart to UEFI v1.0.6.1",
"version": "1.0.6.1"
},
{
"publisher": "RingCentral",
"name": "RingCentral for Windows",
"version": "6.6.10219.164"
},
{
"publisher": "ScreenConnect Software",
"name": "ScreenConnect Client (1912bf3444b41a08)",
"version": "26.1.24.9579"
},
{
"publisher": "Microsoft Corporation",
"name": "Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit)",
"version": "12.3.6024.0"
},
{
"publisher": "Corel Corporation",
"name": "Setup",
"version": "14.0.2.20"
},
{
"publisher": "Corel Corporation",
"name": "Share",
"version": "14.0.2.20"
},
{
"publisher": "Corel Corporation",
"name": "Share64",
"version": "14.0.2.20"
},
{
"publisher": "Brother Industries, Ltd.",
"name": "SoftwareUpdateNotification",
"version": "1.0.26.0"
},
{
"publisher": "Splashtop Inc.",
"name": "Splashtop Streamer",
"version": "3.8.2.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2014 Client Tools",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2014 Common Files",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2014 Database Engine Services",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2014 Database Engine Shared",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server 2014 Management Studio",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "SQL Server Browser for SQL Server 2014",
"version": "12.3.6024.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Sql Server Customer Experience Improvement Program",
"version": "12.3.6024.0"
},
{
"publisher": "Brother Industries, Ltd.",
"name": "StatusMonitor",
"version": "1.42.0.0"
},
{
"publisher": "Servably, Inc.",
"name": "Syncro",
"version": "1.0.201.18410"
},
{
"publisher": "PCLaw | Time Matters?",
"name": "Time Matters?",
"version": "21.0.0.123"
},
{
"publisher": "PCLaw | Time Matters?",
"name": "Time Matters? Connection Manager",
"version": "3.3.0.0"
},
{
"publisher": "Microsoft Corporation",
"name": "Update for x64-based Windows Systems (KB5001716)",
"version": "8.94.0.0"
},
{
"publisher": "Brother Industries, Ltd.",
"name": "UsbRepairTool",
"version": "1.4.0.0"
},
{
"publisher": "Corel Corporation",
"name": "VIO",
"version": "14.0.2.20"
},
{
"publisher": "Microsoft Corporation",
"name": "Visual Studio 2010 Prerequisites - English",
"version": "10.0.40219"
},
{
"publisher": "Microsoft Corporation",
"name": "Visual Studio Tools for the Office system 3.0 Runtime",
"version": ""
},
{
"publisher": "Microsoft Corporation",
"name": "Visual Studio Tools for the Office system 3.0 Runtime",
"version": "9.0.30729"
},
{
"publisher": "Microsoft Corporation",
"name": "Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)",
"version": "1"
},
{
"publisher": "Corel Corporation",
"name": "VSClassic",
"version": "14.0.2.20"
},
{
"publisher": "Corel Corporation",
"name": "VSPro",
"version": "14.0.2.20"
},
{
"publisher": "",
"name": "Web Components",
"version": "3.0.6.28"
},
{
"publisher": "",
"name": "Windows Media Encoder 9 Series",
"version": ""
},
{
"publisher": "Microsoft Corporation",
"name": "Windows Media Encoder 9 Series",
"version": "9.00.2980"
},
{
"publisher": "Microsoft Corporation",
"name": "Windows PC Health Check",
"version": "3.6.2204.08001"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021",
"version": "21.0.0.81"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Common Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Common Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - IPM",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - IPM Content",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Lightning Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Lightning Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Presentations Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Presentations Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Quattro Pro Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Quattro Pro Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Redists",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - Setup Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WordPerfect Files",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WordPerfect Files English",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office 2021 - WPD format Props x64",
"version": "21.0"
},
{
"publisher": " Corel Corporation",
"name": "WordPerfect Office 2021 - Writing Tools",
"version": "21.0"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office IFilter 32-bit",
"version": "1.8"
},
{
"publisher": "Corel Corporation",
"name": "WordPerfect Office IFilter 64-bit",
"version": "1.8"
},
{
"publisher": "ZeroTier, Inc.",
"name": "ZeroTier One",
"version": "1.6.6"
},
{
"publisher": "ZeroTier",
"name": "ZeroTier One Virtual Network Port",
"version": "1.0.1"
}
],
"tpm": {
"enabled": false,
"ready": false,
"present": false
},
"local_groups": [
"HelpLibraryUpdaters",
"SQLServer2005SQLBrowserUser$REDNOURCARRIEVI",
"Access Control Assistance Operators",
"Administrators",
"Backup Operators",
"Cryptographic Operators",
"Device Owners",
"Distributed COM Users",
"Event Log Readers",
"Guests",
"Hyper-V Administrators",
"IIS_IUSRS",
"Network Configuration Operators",
"Performance Log Users",
"Performance Monitor Users",
"Power Users",
"Remote Desktop Users",
"Remote Management Users",
"Replicator",
"System Managed Accounts Group",
"Users"
],
"battery": {
"present": false
},
"activation": {
"edition": "Microsoft Windows 10 Pro",
"description": "Windows(R) Operating System, RETAIL channel",
"licensed": false,
"license_status_code": 5
},
"time_source": "Local CMOS Clock",
"chassis_types": [
3
],
"last_hotfix": {
"hotfix_id": "KB5072653",
"installed_on": "2025-12-20T07:00:00Z"
},
"antivirus_products": [
"Windows Defender",
"Datto AV"
],
"domain_joined": false,
"defender": {
"antispyware_signature_age": 0,
"tamper_protected": false,
"real_time_protection": false,
"nis_enabled": false,
"available": true,
"antivirus_enabled": false,
"am_service_enabled": false
},
"bitlocker": {
"os_volume": "C:",
"key_protectors": [],
"recovery_key_present": false,
"available": true,
"encryption_percent": 0,
"protection_status": "Off"
},
"is_laptop": false,
"installed_software_count": 151,
"local_administrators": [
"REDNOURCARRIEVI\\Administrator",
"REDNOURCARRIEVI\\Carrie",
"REDNOURCARRIEVI\\emma",
"REDNOURCARRIEVI\\localadmin"
],
"firewall_profiles": {
"Private": true,
"Domain": true,
"Public": true
},
"domain": "WORKGROUP",
"foreign_agents": [
"ScreenConnect / ConnectWise Control",
"Datto RMM",
"Splashtop (SOS/Streamer)",
"Syncro / Kabuto"
]
},
"findings": [
{
"id": "sec.defender.rtp_off",
"category": "security",
"severity": "critical",
"title": "Defender real-time protection is OFF",
"detail": "Real-time protection is disabled. The endpoint is unprotected against active threats. Re-enable immediately or confirm a managed 3rd-party AV is providing real-time protection.",
"evidence": "RealTimeProtectionEnabled=False; AMServiceEnabled=False; AntispywareSignatureAge=0 days; IsTamperProtected=False"
},
{
"id": "sec.defender.amservice_off",
"category": "security",
"severity": "critical",
"title": "Defender antimalware service is not running",
"detail": "The Defender antimalware service is not active. If no 3rd-party AV is present, this endpoint has no antivirus protection.",
"evidence": "RealTimeProtectionEnabled=False; AMServiceEnabled=False; AntispywareSignatureAge=0 days; IsTamperProtected=False"
},
{
"id": "sec.defender.tamper_off",
"category": "security",
"severity": "warning",
"title": "Defender tamper protection is OFF",
"detail": "Tamper protection is disabled, so malware or a local admin can silently disable Defender. Enable tamper protection (typically via Intune / Security Center).",
"evidence": "RealTimeProtectionEnabled=False; AMServiceEnabled=False; AntispywareSignatureAge=0 days; IsTamperProtected=False"
},
{
"id": "sec.av_products.third_party",
"category": "security",
"severity": "warning",
"title": "Third-party AV present: Datto AV",
"detail": "A non-Defender antivirus is registered. Running two real-time AV engines causes conflicts, performance loss, and detection gaps. Confirm the intended AV and ensure only one provides real-time protection.",
"evidence": "Registered AV: Windows Defender, Datto AV"
},
{
"id": "sec.foreign_agents.screenconnect_connectwise_control",
"category": "security",
"severity": "critical",
"title": "Foreign management/remote-access agent: ScreenConnect / ConnectWise Control",
"detail": "A competitor RMM or unmanaged remote-access tool is present. At onboarding this is a security and control risk (a prior MSP or attacker may retain remote access). Verify it is authorized; if not, remove it.",
"evidence": "program: ScreenConnect Client (1912bf3444b41a08) 26.1.24.9579\nservice: ScreenConnect Client (1912bf3444b41a08) (ScreenConnect Client (1912bf3444b41a08)) Running"
},
{
"id": "sec.foreign_agents.datto_rmm",
"category": "security",
"severity": "critical",
"title": "Foreign management/remote-access agent: Datto RMM",
"detail": "A competitor RMM or unmanaged remote-access tool is present. At onboarding this is a security and control risk (a prior MSP or attacker may retain remote access). Verify it is authorized; if not, remove it.",
"evidence": "program: Datto RMM 4.4.11616.11616\nservice: CagService (Datto RMM) Running"
},
{
"id": "sec.foreign_agents.splashtop_sos_streamer_",
"category": "security",
"severity": "critical",
"title": "Foreign management/remote-access agent: Splashtop (SOS/Streamer)",
"detail": "A competitor RMM or unmanaged remote-access tool is present. At onboarding this is a security and control risk (a prior MSP or attacker may retain remote access). Verify it is authorized; if not, remove it.",
"evidence": "program: Splashtop Streamer 3.8.2.0\nservice: SplashtopRemoteService (Splashtop? Remote Service) Running"
},
{
"id": "sec.foreign_agents.syncro_kabuto",
"category": "security",
"severity": "critical",
"title": "Foreign management/remote-access agent: Syncro / Kabuto",
"detail": "A competitor RMM or unmanaged remote-access tool is present. At onboarding this is a security and control risk (a prior MSP or attacker may retain remote access). Verify it is authorized; if not, remove it.",
"evidence": "program: Syncro 1.0.201.18410\nservice: Syncro (Syncro) Running"
},
{
"id": "sec.firewall.ok",
"category": "security",
"severity": "info",
"title": "All firewall profiles enabled",
"detail": "Domain, Private, and Public firewall profiles are all enabled.",
"evidence": "Private=True; Domain=True; Public=True"
},
{
"id": "sec.bitlocker.unencrypted",
"category": "security",
"severity": "warning",
"title": "OS volume is NOT encrypted with BitLocker",
"detail": "The operating system volume is unencrypted. Data is exposed if the disk is removed or the device is lost. Enable BitLocker and escrow the recovery key.",
"evidence": "Volume=C:; ProtectionStatus=Off; EncryptionPercentage=0; KeyProtectors="
},
{
"id": "sec.local_admins.list",
"category": "security",
"severity": "info",
"title": "Local administrators (4)",
"detail": "Members of the local Administrators group. Review for unexpected or unknown accounts (especially leftover MSP/vendor accounts from a prior provider).",
"evidence": "REDNOURCARRIEVI\\Administrator\nREDNOURCARRIEVI\\Carrie\nREDNOURCARRIEVI\\emma\nREDNOURCARRIEVI\\localadmin"
},
{
"id": "sec.patch.os_eol",
"category": "security",
"severity": "critical",
"title": "OS build is end-of-life: Win10 22H2",
"detail": "This OS build (19045, Win10 22H2) passed end-of-servicing on 2025-10-14. It no longer receives security updates. Plan a feature update or OS upgrade.",
"evidence": "Microsoft Windows 10 Pro build 19045; EOL 2025-10-14"
},
{
"id": "sec.patch.pending",
"category": "security",
"severity": "warning",
"title": "1 pending Windows updates",
"detail": "Windows Update reports pending (not installed, not hidden) updates. Some may be security updates. Approve/install on the next maintenance window.",
"evidence": "Microsoft.Update.Session search IsInstalled=0 and IsHidden=0 -> 1"
},
{
"id": "sec.patch.last_hotfix",
"category": "security",
"severity": "info",
"title": "Last hotfix: KB5072653",
"detail": "Most recently installed update (from Get-HotFix; reflects CBS/MSU packages, not all cumulative metadata).",
"evidence": "KB5072653 installed 2025-12-20T07:00:00Z"
},
{
"id": "sec.exposure.rdp_no_nla",
"category": "security",
"severity": "critical",
"title": "RDP enabled WITHOUT Network Level Authentication",
"detail": "RDP is on and NLA is not required. This exposes the logon screen pre-auth and is vulnerable to pre-auth exploits and brute force. Require NLA, restrict RDP to VPN/allow-listed IPs, or disable RDP.",
"evidence": "fDenyTSConnections=0; UserAuthentication=0"
},
{
"id": "sec.exposure.smb1_off",
"category": "security",
"severity": "info",
"title": "SMBv1 disabled",
"detail": "SMBv1 server protocol is disabled.",
"evidence": "EnableSMB1Protocol=False"
},
{
"id": "sec.exposure.laps_present",
"category": "security",
"severity": "info",
"title": "LAPS detected",
"detail": "A LAPS mechanism is present.",
"evidence": "Windows LAPS reg key"
},
{
"id": "health.disk_space.C",
"category": "health",
"severity": "warning",
"title": "Disk low: C: at 11.7% free",
"detail": "Less than 15 percent free. Plan cleanup or expansion.",
"evidence": "C: free 54.4 GB of 465.1 GB (11.7%)"
},
{
"id": "health.stability.some",
"category": "health",
"severity": "warning",
"title": "Stability events present in the last 14 days",
"detail": "One or more unexpected shutdowns, BSODs, or disk errors occurred recently. Monitor and correlate with user reports.",
"evidence": "Unexpected shutdowns (id 41)=0; Bugchecks/BSOD (id 1001)=0; Disk errors (id 7/51/153)=1"
},
{
"id": "health.reboot_uptime.pending",
"category": "health",
"severity": "warning",
"title": "Reboot pending",
"detail": "A reboot is pending. Pending reboots can block patches and leave the system in a half-updated state. Schedule a restart.",
"evidence": "PendingFileRenameOperations"
},
{
"id": "health.failed_services.stopped",
"category": "health",
"severity": "warning",
"title": "2 auto-start service(s) not running",
"detail": "These services are set to start automatically but are not running. Some may be benign; review for security agents, backup agents, or AV that should be running.",
"evidence": "Intel(R) TPM Provisioning Service (Intel(R) TPM Provisioning Service) = Stopped\nNetMsmqActivator (Net.Msmq Listener Adapter) = Stopped"
},
{
"id": "health.domain.workgroup",
"category": "health",
"severity": "info",
"title": "Not domain-joined (workgroup)",
"detail": "This machine is in workgroup/Azure AD only mode (Domain=WORKGROUP). No on-prem AD secure channel applies.",
"evidence": "PartOfDomain=False; Domain=WORKGROUP"
},
{
"id": "health.time.local_cmos",
"category": "health",
"severity": "warning",
"title": "Time source is local CMOS clock (not NTP)",
"detail": "The system is not syncing time from an NTP source. Clock drift breaks Kerberos and certificate validation. Configure a reliable time source (domain hierarchy or pool.ntp.org).",
"evidence": "Source=Local CMOS Clock"
},
{
"id": "health.backup.none",
"category": "health",
"severity": "info",
"title": "No backup agent detected",
"detail": "No known backup agent service found. Backup expectation varies by endpoint; confirm whether this machine is supposed to have local/cloud backup and whether server-side or M365 backup covers it.",
"evidence": "No matching backup service in Win32_Service"
}
]
}
Reference in New Issue View Git Blame Copy Permalink