Mystery devices added and offline

Anyone else running into mystery devices added after generating new RMM links for customers? At least twice in the past 2 weeks after generating RMM links for a customer, mystery devices have gotten registered to those accounts and go offline right after. 100% nothing to do with those customers, different usernames, system types, OS types, WAN IPs and LAN subnets. This wreaks havoc if not caught as of course assets also affect automatic billing!

Will open a ticket w/ support but thought it important to let the community know this is something you may want to look out for.

This also potentially means your customers may be trying to register using the RMM link you sent them and they’re getting registered to us instead. Causing problems for two different syncro accounts as well.

1 Like

Historically similar things have been reported if you emailed the installer URL. An email security system might have downloaded it and run the installer.

One thing you can do to help is to enable the admin setting for Asset Approvals. This places the asset in a holding area, you will see a notification in the Asset Module.

The settings page is located here:


This is what you will see when the setting is enabled


It’s an av product running the installer in a sandbox to test if it is malicious.
I get heaps of these in my screenconnect instance.

1 Like

Yeah as Shane mentioned this is pretty normal for RMMs. Basically what happens is the installer gets left on a machine, AV picks it up, sends it to a sandbox, “detonates” it which makes an asset show up in your Syncro instance, and then never comes back online again. You see a lot of stuff like “Susie’s Computer” or whatever.

To combat this, either don’t leave installers on machines post installation, or turn on asset approval so you can just reject assets when this type of thing occurs.