Howard Enos
8d975c1b44
Howard's personal MSP client documentation folder imported into shared
ClaudeTools repo via /import command. Scope:
Clients (structured MSP docs under clients/<name>/docs/):
- anaise (NEW) - 13 files
- cascades-tucson - 47 files merged (existing had only reports/)
- dataforth - 18 files merged (alongside incident reports)
- instrumental-music-center - 14 files merged
- khalsa (NEW) - 22 files, multi-site (camden, river)
- kittle (NEW) - 16 files incl. fix-pdf-preview, gpo-intranet-zone
- lens-auto-brokerage (NEW) - 3 files (name matches SOPS vault)
- _client_template - 13-file scaffold for new clients
MSP tooling (projects/msp-tools/):
- msp-audit-scripts/ - server_audit.ps1, workstation_audit.ps1, README
- utilities/ - clean_printer_ports, win11_upgrade,
screenconnect-toolbox-commands
Credential handling:
- Extracted 1 inline password (Anaise DESKTOP-O8GF4SD / david)
to SOPS vault: clients/anaise/desktop-o8gf4sd.sops.yaml
- Redacted overview.md with vault reference pattern
- Scanned all 160 files for keys/tokens/connection strings -
no other credentials found
Skipped:
- Cascades/.claude/settings.local.json (per-machine config)
- Source-root CLAUDE.md (personal, claudetools has its own)
- scripts/server_audit.ps1 and workstation_audit.ps1 at source root
(identical duplicates of msp-audit-scripts versions)
Memory updates:
- reference_client_docs_structure.md (layout, conventions, active list)
- reference_msp_audit_scripts.md (locations, ScreenConnect 80-char rule)
Session log: session-logs/2026-04-16-howard-client-docs-import.md
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
67 lines
3.1 KiB
Markdown
67 lines
3.1 KiB
Markdown
# Endpoint Security / Antivirus
|
|
|
|
## Current State (In Transition)
|
|
- Current Product: Datto EDR (part of Datto RMM suite)
|
|
- Status: **Migrating away** — Datto RMM being replaced by SyncroRMM
|
|
- Datto EDR will need to be replaced when migration completes
|
|
- **HIPAA:** §164.308(a)(5) requires security awareness and §164.312(a) requires access control. EDR/AV is a critical control for protecting PHI on staff workstations that access ALIS and file shares.
|
|
|
|
## Available Options Through Syncro
|
|
- Bitdefender GravityZone — available, Howard does NOT prefer this
|
|
- Emsisoft — available through Syncro
|
|
|
|
## Recommended: Huntress + SentinelOne (via Syncro)
|
|
See notes section for full recommendation.
|
|
|
|
## Deployment Status (audit 2026-03-20)
|
|
- Total Endpoints: 19 (1 server + 18 workstations)
|
|
- **Datto AV:** 17 machines (enabled and up to date on most)
|
|
- **Bitdefender + Datto AV (conflict):** RECEPTIONIST-PC — dual AV running
|
|
- **COMODO AV (disabled):** MDIRECTOR-PC — Windows Defender active instead
|
|
- **McAfee LiveSafe (bloatware):** LAPTOP-E0STJJE8 — conflicts with Datto
|
|
- **Malwarebytes (alongside Datto):** CRYSTAL-PC, MAINTENANCE-PC
|
|
- **Windows Defender active:** MDIRECTOR-PC (only machine using Defender as primary)
|
|
|
|
### Issues
|
|
| Machine | Issue |
|
|
|---------|-------|
|
|
| RECEPTIONIST-PC | Bitdefender + Datto AV both running — pick one |
|
|
| LAPTOP-E0STJJE8 | McAfee LiveSafe + WebAdvisor installed — remove |
|
|
| MDIRECTOR-PC | COMODO AV disabled, stale — remove |
|
|
| LAPTOP-DRQ5L558 | Multiple Datto AV instances, mixed enabled/disabled |
|
|
| LAPTOP-E0STJJE8 | Multiple Datto AV instances, mixed enabled/disabled |
|
|
|
|
### Previous MSP Software (on ALL machines — remove)
|
|
- Splashtop Streamer — on every machine
|
|
- Datto RMM agent — on CS-SERVER (at minimum)
|
|
- N-able Take Control — on some machines (stopped/stuck services)
|
|
|
|
## Notes
|
|
### Antivirus Recommendation for Syncro Integration
|
|
|
|
**Best option: Huntress + SentinelOne**
|
|
|
|
**SentinelOne (Singularity)**
|
|
- Native Syncro integration (built-in, deploy from Syncro)
|
|
- Full autonomous EDR — detects AND responds without human intervention
|
|
- Rollback capability (ransomware recovery)
|
|
- Consistently top-rated in independent AV tests
|
|
- Per-agent MSP pricing available
|
|
- Much stronger detection engine than Bitdefender GZ or Emsisoft
|
|
|
|
**Huntress (Managed Threat Detection)**
|
|
- Native Syncro integration
|
|
- Managed by Huntress SOC team — they investigate alerts FOR you
|
|
- Catches what traditional AV misses (persistent footholds, LOLbins, lateral movement)
|
|
- Lightweight agent runs alongside any AV
|
|
- Built specifically for MSPs
|
|
- 24/7 human threat hunters review detections before alerting you
|
|
|
|
**Why both?**
|
|
- SentinelOne = prevention + automated response (replaces Datto EDR)
|
|
- Huntress = detection + managed investigation (adds a layer Datto EDR never had)
|
|
- Together they cover the full kill chain with minimal MSP effort
|
|
- Both have one-click deploy through Syncro
|
|
|
|
**If only one:** SentinelOne alone is a strong standalone choice and integrates directly with Syncro's policy management. It's a significant upgrade over Datto EDR, Bitdefender GZ, and Emsisoft in both detection quality and automation.
|