IDR Query for Vulnerable mRemoteNG?

is there a way to query where mRemoteNG version < 1.76 is installed in IDR?

Hi Hayden,

this sounds more like a use case for our Insight VM Product

could one create an IDR query at least to make a dashboard for most usage by users?

Hey Hayden - if we know the filepath for mRemoteNG we should be able to find use of this tool in Endpoint Agent—Process Start/Stop logs. Typically in those logs there is a FileVersion field as well where could work to narrow down which version returns in your query result. Note - these results would show the use of this tool vs. just having the tool installed.

Within InsightVM you could try this search:

da.sites AS “Site_Name”,
da.ip_address AS “IP_Address”,
da.mac_address AS “MAC_Address”,
da.host_name AS “DNS_Hostname”,
ds.vendor AS “Vendor”, AS “Software_Name”, AS “Software_Family”,
ds.version AS “Software_Version”,
ds.software_class AS “Software_Class”
FROM dim_asset_software das
JOIN dim_software ds USING(software_id)
JOIN dim_asset da ON da.asset_id = das.asset_id
WHERE ds.software_class like’%’ AND like ‘%mRemoteNG%’

1 Like

Id like to do the same for Remote Desktop Connection Manager too.

Within InsightIDR - something along these lines should help:


1 Like

bingo! thanks!

found one

where(metadata.ProductName=/Remote Desktop Connection Manager/i)groupby(user)