I recently have been playing around withTacticalRMM and I am very impressed. I have tried many different products but all of them has either had a minimum of 100 endpoints or been complete garbage (sometimes both)
With tacticalRMM I can manage the 25 devices just fine. It have built in update policies, automated checking, automated tasks, asset tracking and a bunch of other features.
What I really like about it is the test scripts that can trigger actions. In my environment I have legacy software that is prone to breakage. With TacticalRMM I was able to automate the restarting and fixing of the issues as the arise which saved me some serious headaches.
I’m sorry about this post sounding like a sales pitch but I really like the software. Also if your installing go for the docker install as the standard install didn’t work reliability
After that TRMM Agent crypto miner injection shit from the original founder of TRMM who was ‘just testing’ the integration of a Monero crypto miner in a supposedly ‘personal’ version of code base that ended up stored on files dot tacticalrmm dot io site, I’ll never, ever, ever go near it. The excuses and bullshit that was spun out of it felt like poorly conceived PR fluff to obfuscate some obviously black hat inspired ideas. Integrating it into the Agent in the first place makes no sense, the RMM agent is what you’d use to script and deploy a miner to the end machines, it makes ZERO rational sense that it would be embedded in the RMM itself.
Original discovery:
https://www.reddit.com/r/msp/comments/rqm91r/possible_cryptominer_found_in_tacticalrmm/
Read all of the comments and especially keep an eye out for the commenter that shared screenshots of discord messages where /r/msp mods (unfortunately) gave this guy the script to write his statement from after he was fumbling responses:
https://www.reddit.com/r/msp/comments/rqm0go/a_statement_from_the_founder_of_tacticalrmm/?utm_source=share&utm_medium=ios_app&utm_name=iossmf
TRMM was originally a personal project, at the beginning of which it makes some sense to intermingle things on the “official” site. I know I’ve done similar, but my projects never take off to the point that people are doing an audit. And I know I would absolutely make that exact exe for personal use.
Keep in mind, the only reason the version with a crypto miner was found was because someone went digging around. No one was ever linked to the installer, no one had ever downloaded it by mistake, no one had ever had it stealthily installed without consent.
I get that it’s a scary concept, like when brave was found to be injecting affiliate links into normal traffic. But in this case it wasn’t even something put in prod. It was found by accident, in a place that wasn’t doing any harm, and was never found in the wild.
Seems like a lot to get worked up over.
As for the discord chat, I’m not surprised. Having been in their discord for about as long as that “scandal” has been around: The reason his responses were fumbling? He’s just a hobbyist that’s managed to get one of his projects into a good enough place to make money off of. Are you expecting a PR team level of response?
For $600/year. I kinda do. If you get to the point of selling something it is beyond a hobby and you should have some form of professional services to outsource this kind of work to.
I get where you’re coming from, but keep in mind that at the time this happened, there were 2 people working on the code, and likely only a handful paying.