I saw something in the forum's a while back about agents checking in from all over the world. I didn't think much of it then, but now I'm getting rouge agent checkin's. So far I'm seeing agents from Germany and Asia. Anyone know if there's something up with this? I'm setting the ip addresses in a block list acl on my ASA to my Kservers until I can figure this out.
Any one else seeing this as well?
That's certainly a troubling situation but its difficult to say whether its a design flaw, bug, or something else. I'd urge you to open a support case with Kaseya so they can help you investigate what's going on.
I was visiting with a support specialist regarding another matter and mentioned your situation in passing. He mentioned that the few times he's seen this behavior its because someone uploaded an agent installer to an A/V site like VirusTotal. It's been a few hours since we've spoken so I don't recall all the details but he suggested that this might be what happened. Anyway, his recommendation is to go ahead and open a ticket so they can ensure that the check-ins are benign.
Bill, thanks for your reply. When you mentioned the AV testing site I remembered the post. I think that's what it is as well. I've seen it stop since I've added the ip blocks to my ASA.
Well, yeah, building a big brick wall will prevent the in-laws from visiting ;).