Customer has Unkown Asstes that are not from the Customer

We have got Syncro Assets at one Customer that are not his Assets.

The Naming is always like: AMAZING-KIWI, AMAZING-AVOCADO
WAN IP: 212.113.7.170, 193.128.108.247

Because all our clients are in one Country in Europe are there any options where we can block with Geo-IP that only Assets from specific Country can be added to the Customer?

1 Like

This is almost always due to MAV grabbing your installer, uploading it to a sandbox, and detonating it to see what happens.

You can turn on asset approvals which would catch these and then you can just deny them if and when they come in.

1 Like

Excuse the dumb question, but what is MAV?

Managed Antivirus. It’s pretty common for AV products to grab unknown executables, send them to a sandbox environment, and then detonate them to see what happens. Every time this occurs it would generate a new asset in Syncro (or any RMM for that matter). Best thing to do is not leave your installer on legit assets post installation. The other option is turning on set approvals within Syncro.

1 Like

Thank you, Andy!

The answer and in context… awesome.

2 Likes