Your comments

yes, but then we miss out on screen resolution and size, which is not ideal on my small laptop screen. A zoom is applied in that case.

thanks for answering ūüėä

An easy way might for the developers might be

to improve the title bar with a delay in seconds which we could set. A delay of 2 seconds for the red title bar to appear would avoid all of my accidental closing off the session.

well, I've deleted my instance on my free account. I was using this one, alongside with a paid one to connect to the office. Today I was working at the office, my home laptop was off, I was not logged in and still now and then I saw ConnectWise notifications of connections happening. When loggin in, there was nothing abnormal, but I can't take any risks with my work. I only hope I'll never have these problems with our paid account of connectwise. We're about to expand the licence to have 25 accesses available, so no more need anyway to use my flaky free account :)

Thanks all, I hope I never have to come back.

Miguel

Hi Michael,

I've done what you suggested: when connecting to ConnectWise, I once again was prompted to install the client. I did and then uploaded the file to virustotal.com, while still being connected.

No funny entries at all and I've added the report as a PDF. There are 4 "positives", should I be worried?

kind regards,

Miguel

virustotal.com report

Please add to to the list. I'm having some funny connections showing up:

https://control.product.connectwise.com/communities/6/topics/1890-connectwise-connects-to-non-authorized-computers-around-the-world#

Not sure if I should be worried, I'm told not to, but then others say I might have to.

About what you say on "It is interesting that these have all reported as 6.6.18120.6697":

Lately I've noticed that sometimes, even if I have the latest version installed, when connecting with connectwise, I'm still being prompted to download the installer. I normally don't and blame it on some network problem and then get right in.

A part from running Tunnelbear, I also do a daily backup from the office that I work for to a hard disk connected to my MX-9 tv-box (previously used for Kodi). 

I'm using SSH-Droid to set that up at home and "psftp" (putty) from my work computer, pointing to a dynamic ddns hosted by no-ip.com

I use a quite long password (more than 20 characters), but maybe it's time to change it.

My pc is daily scanned by Malwarebytes Premium and doesn't find anything.

Hi, 

Thanks for your reaction: No I don't have remote services in that area or any of the other IP's I previously found.

I do use "TunnelBear" VPN to be able to watch Spanish television from the UK. Could that maybe explain these IP's?

The thing is, that I specify a Geo location in Spain, when I use Tunnelbear, so that still doesn't make a lot of sense. 

I've done some digging and somehow the IP's seem to be related with ISP or IP Management companies, but also sometimes related to SSH brute force attacks.

80.130.94.223
-> Jonathan Gist _ Virgin Media - IPManager?
http://ip-www.net/80.130.94.223
https://twitter.com/JonathanGist
http://ip-www.net/86.7.85.249

Banned brute force attack:
http://banned.biker.ie/2018/12/fail2ban-ssh-banned-1881167165-from_15.html -> 82.211.44.200
-> Again: "Jonathan Gist"

http://www.whatmyip.co/view/ip_owners/80466/Virgin_Media_Limited.html

79.253.230.180
-> Rome - Telecom Italy - BBBEASYIP STAFF
https://www.facebook.com/pages/Telecom-Italia-Val-Cannuta-186/123806444339196
http://bruteforcers.net/582109, leads to http://ip-www.net/87.5.0.244 -> BBBEasyIP Staff
Searching for their telephone number: +39 06 36881 -> brute force attack from:
http://banned.biker.ie/2018/12/fail2ban-ssh-banned-1881167165-from_15.html -> 82.211.44.200
-> Again: "Jonathan Gist"

71.138.129.33
-> Embarq Corporation, Address: 500 N New York Ave
City: Winter Park
StateProv: FL
PostalCode: 32789
Country: US

Hi Michael, then why haven't I seen this happening during the first 3 months of using ConnectWise? 

My AV is exactly the same. Also the name of the machine is not Sandbox as I've seen in an example. John Doe? Anyway, I won't worry about it if you assure me it's a normal thing.

This time I have NOT ended the connection so it's available for investigation.

ÔĽŅ