azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f8ed03c75af339401e27c68beb46607c77d7eeea
claudetools/.claude/memory/reference_acg_msp_stack.md
Mike Swanson 0c000109dc chore(memory): consolidate scattered feedback/project/reference files 
Compressed memory store 104 -> 71 files via four passes:

- Syncro: 19 scattered feedback_syncro_* files merged into 3 rule files
  (api/billing/workflow) + an on-demand feedback_syncro_history.md for
  incident detail, quotes, and tech/product ID tables.
- Four near-duplicate merges: Howard paste-safety, Pluto build server,
  Howard backend deferral, IX server access (ssh+tailscale).
- Per-cluster rule/state/history split applied to GuruConnect (2->1),
  Dataforth (3->2), Cascades (7->3), GuruRMM (13->3).
- New reference_resource_map.md: single auto-loaded cheatsheet for
  "do I have access to X and how do I connect from this machine?"
- MEMORY.md rewritten to match the new layout.

Health: broken backlinks 8->7, overlap clusters 12->5, orphans 17->0.
2026-06-01 16:25:45 -07:00

21 lines
1.4 KiB
Markdown
Raw Blame History

---
name: reference_acg_msp_stack
description: ACG's own MSP tool stack — do not flag these as foreign/threat agents on managed machines
metadata:
type: reference
---
Arizona Computer Guru's own MSP management/security stack. When found on an ACG-managed endpoint these are **expected ACG tooling**, NOT a prior MSP's leftovers or a threat — do not treat as a security finding.
Confirmed by Mike (2026-05-29):
- **ConnectWise Control / ScreenConnect** — remote access
- **Splashtop** (SOS/Streamer) — remote access
- **Syncro** (Kabuto agent) — PSA / RMM
Also part of the stack (seen on ACG-managed machines incl. Birth Biologic + Rednour; confirm if ever in doubt):
- **Datto RMM** (CagService/Aemagent)
- **Datto EDR / Datto AV** — the managed AV. Note: when Datto AV is the active AV, **Windows Defender real-time protection is OFF by design** (Windows disables Defender when a 3rd-party AV registers) — that is expected, not a gap.
- **GuruRMM** — ACG's own RMM (the agent doing the monitoring)
Relevance: the onboarding diagnostic ([[reference_gururmm]] / `.claude/scripts/onboarding-diagnostic.ps1`) currently flags these as CRITICAL "foreign management/remote-access agent" — a known false positive being tuned (allowlist them as INFO; downgrade Defender-off when a managed AV is present). The genuine prior-MSP-leftover scenario still matters for *non-ACG* remote tools (Ninja, Atera, Kaseya, TeamViewer, LogMeIn, AnyDesk, etc.).
Reference in New Issue View Git Blame Copy Permalink