Syncro MSP Detect Installed RMM Tools with PowerShell

This is a script intended for Syncro RMM to detect installed unwanted remote IT support, remote control, and remote management RMM tools from a list of application names. This function can be easily used in other RMM applications by removing the two Syncro MSP-specific lines.

Other RMM Tools that Support PowerShell

Several remote monitoring and management (RMM) tools support calling PowerShell to manage devices. Here are a few notable ones:

  1. Barracuda RMM: This tool allows you to use PowerShell scripts for automation and management tasks on managed devices. You can configure the execution policy through group policy or locally on each device[1].
  2. ConnectWise Automate: With the Plugins4Automate PowerShell Command Manager, you can maintain a library of PowerShell scripts and commands, execute them on remote computers, and automate routine tasks[2].
  3. GoTo (formerly LogMeIn): This RMM tool supports pre-written PowerShell scripts to perform various administrative tasks, such as installing/uninstalling software, pushing files, and updating the registry across multiple computers[3].
  4. NinjaRMM: Known for its robust scripting capabilities, NinjaRMM allows you to run PowerShell scripts to automate and manage devices efficiently.
  5. Atera: This all-in-one RMM solution supports PowerShell scripting for remote management, enabling you to automate tasks and manage devices seamlessly.
  6. Kaseya VSA: Supports calling PowerShell for managing devices. You can launch PowerShell sessions directly from the Device List page in VSA 10, allowing you to perform task automation and configuration management operations on supported devices.
  7. Microsoft Intune: Uses the Intune management extension to upload and run PowerShell scripts on Windows 10/11 devices. This enhances device management capabilities, allowing for advanced configurations and automation.

These tools can help streamline your IT management processes by leveraging the power of PowerShell scripting.

The PowerShell Code

# Import the necessary Syncro MSP module
Import-Module $env:SyncroModule

# Function to get a list of matching applications from the registry
function Get-MatchingApplications {
    <#
    .SYNOPSIS
    Retrieves a list of installed applications that match a predefined list.

    .DESCRIPTION
    This function searches through the registry to find installed applications
    and returns a list of those that match a predefined list of application names,
    supporting wildcard characters for partial matches.

    .PARAMETER ApplicationList
    An array of application names to search for in the registry. Supports wildcard characters.

    .OUTPUTS
    [System.Collections.Generic.List[string]] A list of matching application names.

    .EXAMPLE
    $ApplicationList = @("AnyDesk*", "Atera", "Chrome")
    $matchedApps = Get-MatchingApplications -ApplicationList $ApplicationList
    Write-Output "Found the following matching applications: $($matchedApps -join ', ')"
    #>

    param (
        [Parameter(Mandatory=$true)]
        [string[]]$ApplicationList
    )

    try {
        # Get installed applications from the registry
        $InstalledApps = Get-ChildItem "HKLM:\software\microsoft\windows\currentversion\uninstall", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall" -ErrorAction Stop

        # Filter and collect matching applications
        $MatchingApps = $InstalledApps | ForEach-Object {
            try {
                $app = Get-ItemProperty $_.PSPath -ErrorAction Stop
                if ($app.PSObject.Properties['DisplayName']) {
                    $app.DisplayName
                } else {
                    $null
                }
            } catch {
                Write-Warning "Failed to get properties for registry path: $_.PSPath"
                $null
            }
        } | Where-Object { $appName = $_; $ApplicationList | ForEach-Object { if ($appName -like $_) { return $true } } }

        return $MatchingApps
    } catch {
        Write-Error "An error occurred while retrieving installed applications: $_"
        return @()
    }
}


$ApplicationList = @(
    "Action1*"
    # "AnyDesk MSI*"
    "AnyDesk*"
    "Aero*"
    "AeroAdmin*"
    "Atera*"
    "Auvik*"
    "Barracuda*"
    "Beyond*"
    "BeyondTrust*"
    "Chrome*"
    "Connectwise*"
    "Continuum*"
    "Dameware*"
    "Dameware Remote Everywhere*"
    "Datto*"
    "Datto RMM*"
    "Domotz*"
    "DWServices*"
    "GFI*"
    # "GoTo*"
    "GoTo Resolve*"
    "GoToMyPC*"
    "ITarian*"
    "ITarian RMM*"
    "Kaseya*"
    "LiteManager*"
    "LogMeIn*"
    "ManageEngine*"
    "ManageEngine Endpoint Central*"
    "ManageEngine RMM Central*"
    "MSP*"
    "MSP360*"
    "N-Able*"
    "N-Central*"
    "N=Sight*"
    "Nave*"
    "Naverisk*"
    "Ninja*"
    "NinjaOne*"
    "NinjaOne RMM*"
    "NoMachine*"
    "O&O Syspectr*"
    "Optitune*"
    "Paessler PRTG*"
    "Parsec*"
    "Pulseway*"
    "RealVNC*"
    # "Remote*"
    "RemotePC*"
    "Rippling*"
    "Scale*"
    "Scalefusion*"
    "ScreenConnect*"
    # "Splashtop*"
    "Sentinel Agent*"
    "Solarwinds*"
    "SuperOps*"
    "SuperOps.ai*"
    "Supremo*"
    "Syxsense*"
    "TeamViewer*"
    "TightVNC*"
    "UltraVNC*"
    "Umbrella Roaming Client*"
    "VNC*"
    "XEOX*"
    "Zoho*"
)

$MatchedApps = Get-MatchingApplications -ApplicationList $ApplicationList
if ($MatchedApps.Count -gt 0) {
    $msg = "Found the following matching applications: $($MatchedApps -join ', ')"
    Write-Output $msg
    # Create an alert in Syncro MSP
    Rmm-Alert -Category 'Security Remote Tools' -Body $msg
} else {
    Write-Output "No matching applications found."
}

Comprehensive IT Management and Support for Small and Medium Businesses


At Byte Solutions, we specialize in providing top-notch managed IT services tailored to meet the unique needs of small and medium businesses. Our team of experts leverages advanced tools like Syncro MSP to ensure your IT infrastructure is always running smoothly and efficiently.

Why Choose Byte Solutions?

  1. Expert IT Management: Our experienced professionals use powerful tools like PowerShell scripts to detect and manage installed RMM tools, ensuring your systems are secure and up-to-date[1].
  2. Proactive Monitoring: With Syncro MSP, we offer proactive monitoring and maintenance, identifying potential issues before they become major problems. This minimizes downtime and keeps your business operations running seamlessly[1].
  3. Customized Solutions: We understand that every business is unique. That’s why we provide customized IT solutions that align with your specific needs and goals.
  4. 24/7 Support: Our dedicated support team is available around the clock to assist you with any IT-related issues, ensuring you receive timely and effective solutions.
  5. Scalable Services: Whether you’re a small startup or a growing medium-sized business, our services are scalable to match your evolving IT requirements.

Our Managed IT Services Include:

  • Remote Monitoring and Management (RMM): Utilizing Syncro MSP and other leading RMM tools, we monitor your IT environment to ensure optimal performance and security.
  • PowerShell Scripting: We employ advanced PowerShell scripts to automate routine tasks, manage software installations, and enhance system configurations[1].
  • Data Backup and Recovery: Protect your critical business data with our reliable backup and recovery solutions.
  • Cybersecurity: Safeguard your business from cyber threats with our comprehensive cybersecurity services.
  • IT Consulting: Get expert advice and strategic planning to align your IT infrastructure with your business objectives.

Partner with Byte Solutions for reliable and efficient IT management and support. Let us handle your IT needs so you can focus on growing your business.


References

[1] How to Enable PowerShell Scripting on Managed Devices

[2] Enhancing Your RMM Environment with Plugins4Automate PowerShell Command

[3] What is RMM? A Complete Guide to Remote Monitoring and Management

Hunting for Remote Management Tools using Microsoft SIEM and KQL

Are you interested in more articles? Check out: Syncro MSP PowerShell Script: Veeam Backups monitoring

Leave a Comment

Require assistance?

Support from our knowledgeable help desk staff ensures your team stays productive by swiftly and accurately resolving issues.