Your comments

If ConnectWise was a mom-and-pop software company I could possibly understand them not signing updates.  You are certainly NOT a mom-and-pop software company.  Time to get professional.  

This is so incredibly important.  It is even more important because the installer loves to violate up to 8 TTPs.  

  • - UNKNOWN_APP (gotta give you a pass on this one)
  • - MITRE_T1003_OS_CREDENTIAL_DUMP
  • - MITRE_T1005_DATA_FROM_LOCAL_SYS
  • - MITRE_T1057_PROCESS_DISCOVERY
  • - RAM_SCRAPING
  • - ENUMERATE_PROCESSES
  • - READ_SECURITY_DATA
  • - POLICY_TERMINATE  (That was probably our EDR killed the process because it attempted to read the memory of LSASS.)

Most of these are understandable and could be accepted if the installer was signed.