Return to Blog
July 03, 2021

Datto Update: Kaseya Device Monitor Available in ComStore for Datto RMM Partners

By Ryan Weeks

The Datto Information Security Team is actively monitoring the Kaseya VSA security incident and we have no reason to suspect compromise of Datto products or systems as a result.

As soon as there is more information available on the exploit being used and how to detect it, Datto will assess if scripts can be developed to aid partners. In the meantime, the Datto RMM Team has released a Device Monitor called Kaseya Agent Detection Monitor in the ComStore.

For now, please consider any new agent.exe drops in the C:\kworking directory to be malicious.

Additionally, Red Canary recommends that MSPs prevent the Kaseya binaries from executing. These binaries may be found in the following default locations:

  • *:\program files*\kaseya\*\agentmon.exe
  • *:\kworking\*.exe

Until more is known, this is the best course of action for prevention and detection. As always, our Code Red Disaster Recovery team is on standby to help partners with any data recoveries. We are one community and Datto will support MSP partners in their defense of these malicious attacks.

Related

How Two River Technology Group Achieved Powerful Outcomes With Datto RMM

Two River Technology Group is a modern managed service provider (MSP) hailing from Holmdel, New Jersey.

Datto RMM: Ofrece una Seguridad Integral, no una Seguridad Compleja

Aproximadamente el 77% de las PYMEs creen que sus entornos informáticos se han vuelto más complejos en los últimos dos años

Want to learn how Datto can help with Datto RMM?
Learn More

Suggested Next Reads

CyberSecurityToolkit

What Is Security Awareness Training?

As cyberthreats continue to evolve and increase in sophistication, the significance of security awareness training cannot be overstated. It has […]

April 03, 2024 | Chris McKie