Datto Update: Kaseya Device Monitor Available in ComStore for Datto RMM Partners
The Datto Information Security Team is actively monitoring the Kaseya VSA security incident and we have no reason to suspect compromise of Datto products or systems as a result.
As soon as there is more information available on the exploit being used and how to detect it, Datto will assess if scripts can be developed to aid partners. In the meantime, the Datto RMM Team has released a Device Monitor called Kaseya Agent Detection Monitor in the ComStore.
For now, please consider any new agent.exe drops in the C:\kworking directory to be malicious.
Additionally, Red Canary recommends that MSPs prevent the Kaseya binaries from executing. These binaries may be found in the following default locations:
- *:\program files*\kaseya\*\agentmon.exe
- *:\kworking\*.exe
Until more is known, this is the best course of action for prevention and detection. As always, our Code Red Disaster Recovery team is on standby to help partners with any data recoveries. We are one community and Datto will support MSP partners in their defense of these malicious attacks.