Files
claudetools/.claude/memory/project_gururmm_security_scope.md
Howard Enos 8225ec7a9b sync: auto-sync from HOWARD-HOME at 2026-06-22 10:36:17
Author: Howard Enos
Machine: HOWARD-HOME
Timestamp: 2026-06-22 10:36:17
2026-06-22 10:36:51 -07:00

17 lines
1.7 KiB
Markdown

---
name: GuruRMM security scope — integrate AV, don't replace it
description: GuruRMM product scope on security/AV — the RMM does NOT build native virus/malware removal; it integrates AV products (monitor their reports + send commands to them) and its own built-in value is helping techs FIND issues. Program/software removal is a separate, distinct feature.
type: project
---
Product-direction decision (Mike, 2026-06-22). When weighing security/diagnostic features for GuruRMM:
- **No native AV / virus / malware removal in the RMM.** Dedicated AV products (Bitdefender GravityZone, Datto EDR/AV — see [[reference_acg_msp_stack]]) do that work. Don't pitch building a RogueKiller-style scanner/quarantine engine into the agent.
- **The RMM's AV role is integration:** monitor/surface the AV products' reports + status, and send commands/actions to those AV products *through* the RMM. Manage AV, don't be AV.
- **The RMM's own built-in value is helping techs FIND issues** — diagnostics, health surfacing, "what's wrong with this box" tooling — not performing endpoint security remediation itself.
- **Program/software removal is a DISTINCT feature** (the ARP-registry silent-uninstall engine, SPEC-030 `remote-software-uninstall`), unrelated to AV. It was being worked in a separate session as of this date.
**Why:** avoids reinventing mature AV engines, keeps the RMM RMM-first (mission.md non-goals), and plays to the self-hosted-management strength rather than competing with security vendors.
**How to apply:** for security-flavored feature ideas, frame as "monitor + command the existing AV/security product" or "help the tech locate the problem," not "build the security capability natively." Related: [[project_gururmm]], [[feedback_no_manufactured_guardrails]].