February has been a whirlwind, and it has almost felt like it’s one day longer than last year. Exhausting! Leap Year jokes aside, we've been busy here at Automox creating new Worklets™ to keep your endpoints safe and efficient.
A standout event in February was the AnyDesk compromise, which put many on high alert. It's moments like these that remind us of the importance of staying ahead of malicious actors in cybersecurity, and our latest Worklets are designed to do just that.
Automox Worklets allow you to automate and enforce any scriptable action on endpoints regardless of location or domain, from software deployment to enforcing local configuration policies on an endpoint. Worklets can be scripted in PowerShell (Windows) or Bash (Linux and macOS), and can be easily deployed across your organization's endpoints.
AnyDesk Compromise and Mitigation Worklet
The AnyDesk Compromise
Let’s dive into what went down with AnyDesk. The software's production systems were hit by a security breach, leading to a compromised code signing certificate.
This kind of compromise is a big deal as it means that malicious actors could potentially sign malware with a trusted certificate, making it much harder to detect. AnyDesk has since revoked the affected certificates, but the risk has lingered, necessitating a swift response. For more information on this compromise, read our response blog here.
How the Worklet Works and Who Should Use It
In response to this cyber attack, enter the PowerShell-based Mitigate AnyDesk Certificate Vulnerability Worklet. This little lifesaver scans your endpoints for any traces of the compromised certificate, ensuring no stone is left unturned. It looks through .ps1, .exe, or .msi files and either flags or removes them based on your selection. And let’s be clear, this Worklet isn’t just for AnyDesk users.
The compromised certificate means everyone’s at risk until it’s confirmed that the revocation has taken effect in your environment. So, if you’re looking to safeguard your Windows endpoints as well from potential threats, this Worklet's for you.
Uninstall Specific App by Name
Moving on to a slightly different but an equally important scriptable action, the Uninstall Specific App by Name Worklet is all about giving you control. If you've ever found yourself asking, "How do I uninstall a program by name on multiple endpoints?" this is the answer you've been waiting for.
This Worklet automates the process, searching the registry for the app, by name, and then running its uninstall key. It’s a straightforward solution to what can often be a tedious manual task.
This Worklet is perfect for IT admins looking to declutter endpoints, optimize performance, or address security concerns by removing problematic apps. Whether you need to free up some storage space or ensure compliance with software policies, this Worklet makes it a breeze.
Until Next Time, Partner
February 2024 was a month that reminded us of the importance of being proactive rather than reactive when it comes to cybersecurity. With the AnyDesk compromise putting many on edge, it was crucial to have tools like the Mitigate AnyDesk Certificate Vulnerability Worklet ready to deploy.
But it wasn't all about putting out fires. Our Uninstall Specific App by Name Worklet also highlighted the ongoing need for maintaining good endpoint health and optimization across your environment.
Thanks to these handy Worklets, staying one step ahead of malicious actors has never been easier. Stay tuned for more updates and remember, when it comes to vulnerabilities and unpatched software:
Start your free trial now.
Get started with Automox in no time.
By submitting this form you agree to our Master Services Agreement and Privacy Policy