Long time no see Lads and Lasses of TSU. I hope you are all still sticking it to the scammers. I just wanted to drop by and show a fast example of a pet project I have been working on when I am well enough. This is KW Secure, every 10 seconds it will look at your pids and see if any of the more common RDS is running.
You can run it in GUI mode and shrink it or in Silent/Background.
The GUI mode has a dialog box pop up and warn you when a RDS was terminated and what one it was. The SIlent version does the same except it runs in the systentray and uses the Windows Toast/Notifications.
You can also in GUI mode trigger a manual scan for installed RDS and then tick it and trigger Windows uninstall to remove said software. If this sounds usefull any ayway do let me know.
looks promising , to protect the elderly I know I installed them Seraph Secure from Kit (it auto blocks remote software as well). Have you tested it with the bloody bastad ConnectWise? Python script to block the execution of screenconnect/connectwise installers - #3 by dubloox3 I recently made a python script to block it before installing (but it’s more for us scambaiters)
I been out of the loop for a few years. So KitBoga already made something like this but better. Only recently able to watch some ScammerRevolts again. I know Kit is a real programmer. I am just a hobbyist when time and health allow.
I still wish I hadn’t got to a point of so bitter about my situation and held onto my YouTube channel instead of deleting it. I don’t know how often I can frequent the forums still. I’m just happy to still have a user id here. I was sure it would of been deactivated by now.
What I have done doesn’t stop it from being installed. It stops the processes and looks for already installed remote software. It has a number of known and less known ones in its db. anydesk, awesun, logmein, connectwise etc.
great approach anyways and thanks a lot (didn’t want to criticise you in any way btw). Kitbogas Seraph Secure has a different (and more elderly friendly) approach then I assume. If you find the time to work on your tool I hope you still want to share it with us (it might be super helpful for scambaiters to avoid resetting the VM to a previous snapshot and just find/uninstall all remote tools that the scammers installed… sometimes we don’t really see what they installed).
cheers and thanks mate
, to protect the elderly I know I installed them Seraph Secure from Kit (it auto blocks remote software as well). Have you tested it with the bloody bastad ConnectWise?