Kaseya Community

Prevent Agent Install Abuse

  • We are considering making our Kaseya agent readily available for potential customers. The agent would be distributed with marketing material about our services. My concern is that we have no control over undesirable installations. Worst case scenario would be a denial of service attack by a lot of agent installations.

    Is there any way to limit the number of active agents that can register with a Kaseya server prior to the server reaching its licensed limit? Would it be worth while to submit a feature request where an agent does not become active in the system unless it is approved?




    Legacy Forum Name: Prevent Agent Install Abuse,
    Legacy Posted By Username: mgolicher
  • One thought is to control the distribution of the agents through deployment packages that force check-ins to a group. Then, you set a Check-In policy for that group that does NOT allow for automatic creation unless you specify the group or set a policy.

    This could mean that you have to spend time creating and managing these "marketing" groups, but at least you can control when clients can actually check into the KServer.

    I was wondering, however, what the point would be of making your agent available to the public if you created a hard limit to the number of active agents that can check-in? For example, let's say you have a license for 500 agents. You have 250 paying/connected customers on the program.

    Now, you want to provide the agent along with your marketing material to potential customers, but want to set a limit to 400 active agents that can check in. The first 100 leads who decide to give youa try can install the agent and connect. But after that, any other leads who get the marketing material who try to install it will not be able to, which defeats the purpose of sending it out, I think.

    It almost sounds like what you may be looking for is some sort of agent "activation" feature, which might be cool to have. Maybe.


    Legacy Forum Name: Server,
    Legacy Posted By Username: vplaza
  • Deployment check-in for a specific group would still consume a license. The purpose of the limit would be to prevent 100% license consumption due to abuse. If I set the limit to 500 of 1000 and do not see any abuse I will continue to increase the limit. If I see that abuse is taking place I will somehow have to prevent it and then delete the bogus registrations.

    If I recall correctly a deleted agent takes 30 days before the license again becomes available. If 100% of licenses are consumed due to abuse and I need to add some legit registrations, I think this would get ugly.

    I think the approval process would be best. This would put me in control of who consumes a license and provide a medium to reject bogus registrations before our database is updated with inventory data, etc.


    Legacy Forum Name: Server,
    Legacy Posted By Username: mgolicher
  • I agree with you in that I think what you need is a formal approval function in the system to control who gets to consume a license.

    Many moons ago, when we were trying to develop our own MSP platform (don't ask), we had toyed with the idea of making our agent available to the public, primarily through our website. It seemed like a neat idea, but in the end, we scrapped the idea.

    Not to say that we won't consider it again now that we have Kaseya, but to us at the time, we felt that it did not accomplish much to allow a lead to simply install the agent without talking to us first.

    We thought that once a lead installed it, then what? They can't run reports, do remote control, etc. until we were involved, so why put the cart before the horse? The agent by itself didn't seem like it could provide enough to a customer to warrant the risk of agents being installed willy nilly (not a technical term). Nor did we want to run the risk of someone installing the agent without our knowledge and then blaming us for "something" that happened to their system after they installed it.

    Marketing people loved the concept, though.


    Legacy Forum Name: Server,
    Legacy Posted By Username: vplaza
  • mgolicher wrote:
    Deployment check-in for a specific group would still consume a license. The purpose of the limit would be to prevent 100% license consumption due to abuse. If I set the limit to 500 of 1000 and do not see any abuse I will continue to increase the limit. If I see that abuse is taking place I will somehow have to prevent it and then delete the bogus registrations.

    If I recall correctly a deleted agent takes 30 days before the license again becomes available. If 100% of licenses are consumed due to abuse and I need to add some legit registrations, I think this would get ugly.

    I think the approval process would be best. This would put me in control of who consumes a license and provide a medium to reject bogus registrations before our database is updated with inventory data, etc.


    An agent is available immediately after you delete it from the Kserver. However if the agent is not UN-installed from themachineand the group has auto-enrollment turned on, then the agent will recreate itself.

    God Bless,

    Marty


    Legacy Forum Name: Server,
    Legacy Posted By Username: MissingLink
  • Thanks for the info about the license. I deleted an agent and it immediately returned the license to the pool.


    Legacy Forum Name: Server,
    Legacy Posted By Username: mgolicher