New
#1
Hardening (analyze & avoid remote access)
Hello
a client of mine runs a windows 7 embedded
[6.1.7601 Service Pack 1 Build 7601]
there is a remote management software installed called teamviewer host
(version 9)
But, here is the issue.
Someone is controlling the computer because the end-users have a number of times seen
that someone is controlling the mouse and are using the computer. And I suspect its not a teamviewer session but instead some else unknown RAT/spyware or other RMM
I have been assigned to investigate and stop this.
* teamviewer host logfiles shows no matching incoming_connections
*teamviewer host has been set to have 1 new password. And no other extras
*I deactivated the windows RDP/RDC protocol within control panel
*I installed malware antibytes and run a scan atm
What else do you suggest to do?
I am planning to visit the site and do some more work at the terminal:
Code:() I will do a regshot of the system with my portable thumbdrive. Reboot and scan again and check for anomalies where-application stores its data - () deny all in the windows firewall, and do exceptions just for critical applications such as wmupdate, teamviewer () also if available check the router, and add additional firewall/block everything to this device in the network. () check the UAC settings () install and tweak with EMET, but I found this toolkit quite hard to understand.