Installed Remote Access Tools

Purpose

The purpose of this solution is to identify a curated set of remote access tools. It analyzes multiple data sources, including uninstall registry keys, active processes, installed services, and known executable paths, to ensure accurate detection. Optional exclusions can be configured using a System Property, allowing flexibility in tailoring the results. Supported tool display names :

AeroAdmin
Ammyy Admin
AnyDesk
BeyondTrust
Chrome Remote Desktop
ScreenConnect
CW RMM
DWService
GoToMyPC
LiteManager
LogMeIn
ManageEngine
Ninja RMM
NoMachine
Parsec
Remote Utilities
RemotePC
Splashtop
Supremo
TeamViewer
TightVNC
UltraVNC
VNC Connect (RealVNC)
Zoho Assist
Atera
Automate
Datto RMM
Kaseya
N-Able N-Central
N-Able N-Sight
Syncro

Associated Content

Content	Type	Function
Get Installed Remote Access Tools	Script	This script performs a comprehensive inventory of endpoints to identify a curated set of remote access tools. Set the `SetEnvironment` parameter to `1` during the initial execution of the script to create the system property.
pvl_installed_remote_access_tools	Custom Table	Stores the data to be displayed in the Dataview - Remote Access Tools Report. It is populated by the Script - Get Installed Remote Access Tools
Remote Access Tools Report	Dataview	Displays the lists remote access tools detected on systems
Execute Script - Get Installed Remote Access Tools	Internal Monitor	Executes the Get Installed Remote Access Tools script once weekly against the Windows machines.
`△ Custom - Execute Script - Get Installed Remote Access Tools`	Alert Template	Alert Template to be used with Internal Monitor - Execute Script - Get Installed Remote Access Tools

Implementation

Import the Script - Get Installed Remote Access Tools from ProSync Plugin.
Set the SetEnvironment parameter to 1 during the initial execution of the Script - Get Installed Remote Access Tools to create the system property.
Execute the script against any machine in the environment. This will create the Table - pvl_installed_remote_access_tools.
Import the Dataview - Remote Access Tools Report from ProSync Plugin.
Import the Internal Monitor - Execute Script - Get Installed Remote Access Tools from ProSync Plugin.
Import the △ Custom - Execute Script - Get Installed Remote Access Tools from Proval Plugin.

Changelog

2026-05-15

Updated Powershell in the script to display individual ScreenConnect instances instead of simply listing ConnectWise Control and to also detect CW RMM if present on the machine.
Introduced Client, Location, and Computer-level EDFs to allow whitelisting at different levels.

2026-05-05

Initial version of the document

Purpose​

Associated Content​

Implementation​

Changelog​

2026-05-15​

2026-05-05​