claudetools/.claude/memory/project_gururmm_security_scope.md

name, description, type

name	description	type
GuruRMM security scope — integrate AV, don't replace it	GuruRMM product scope on security/AV — the RMM does NOT build native virus/malware removal; it integrates AV products (monitor their reports + send commands to them) and its own built-in value is helping techs FIND issues. Program/software removal is a separate, distinct feature.	project

Product-direction decision (Mike, 2026-06-22). When weighing security/diagnostic features for GuruRMM:

• No native AV / virus / malware removal in the RMM. Dedicated AV products (Bitdefender GravityZone, Datto EDR/AV — see reference_acg_msp_stack) do that work. Don't pitch building a RogueKiller-style scanner/quarantine engine into the agent.
• The RMM's AV role is integration: monitor/surface the AV products' reports + status, and send commands/actions to those AV products through the RMM. Manage AV, don't be AV.
• The RMM's own built-in value is helping techs FIND issues — diagnostics, health surfacing, "what's wrong with this box" tooling — not performing endpoint security remediation itself.
• Program/software removal is a DISTINCT feature (the ARP-registry silent-uninstall engine, SPEC-030 remote-software-uninstall), unrelated to AV. It was being worked in a separate session as of this date.

Why: avoids reinventing mature AV engines, keeps the RMM RMM-first (mission.md non-goals), and plays to the self-hosted-management strength rather than competing with security vendors.

How to apply: for security-flavored feature ideas, frame as "monitor + command the existing AV/security product" or "help the tech locate the problem," not "build the security capability natively." Related: project_gururmm, feedback_no_manufactured_guardrails.