ConnectWise ScreenConnect

ConnectWise ScreenConnect, previously ConnectWise Control, is a self-hosted remote desktop software application. It was originally developed by Elsinore Technologies in 2008 under the name ScreenConnect, and is now owned by ConnectWise Inc.

History
Elsinore Technologies developed ScreenConnect in 2008 as an add-on to their RMM Software IssueNet in order to assist in providing remote support to end users. They later began distributing the software as a standalone product.

Acquisition by ConnectWise
On February 11, 2015, PSA company ConnectWise announced their acquisition of the ScreenConnect software in order to improve the remote control features of the latest release of their RMM Software, LabTech. ScreenConnect, LLC announced that, despite being acquired by ConnectWise, they would continue to operate under their original name in addition to offering their software as a standalone product.

Starting in early 2017, ConnectWise changed the name of ScreenConnect to ConnectWise Control, saying that this was to simplify their software under one company.

On May 15, 2023, ConnectWise Control was rebranded back to ConnectWise ScreenConnect.

On Thursday, February 22, 2024, version 6 of the self-hosted edition server application of ScreenConnect reported a vulnerability. A patch was available for the latest version (23) the same day, offering a temporary free upgrade.

How it works
The product is available as a cloud hosted Software as a Service (SaaS) or self-hosted server application that permits the primary user to host the software on their own servers, PC, virtual machine (VM), or virtual private server (VPS). Once installed, the central web application can be made visible inside and outside of the local area network (LAN). ConnectWise ScreenConnect has a proprietary protocol and exposes an open architecture structure that can be utilized by users to implement custom plugins, scripting, or various integrations.

A generic use model would start with a host initiating a session through the central web application. A participant would then join a session by clicking on an email link or via the guest page of the application. An unattended client can be created and deployed to a targeted machine without the need for human intervention. The executable is ScreenConnect.ClientService.exe (x86) on Windows based OSs, and is a signed by a COMODO RSA Code Signing CA certificate [Publisher: ScreenConnect Software].

Features
Most commonly expected features for a product in this arena are present. Examples include reboot and reconnect, drag and drop file transfer, screen recording, safe mode support, multiple monitor, command line access, wake-on-LAN, VoIP, chat, and a custom toolbox for quick deployment of support tools.

In addition to features that facilitate communication, ConnectWise ScreenConnect also offers complete control over branding and customization of the product design, logo, color scheme, icons, text strings, and localization.

Security
The software is self-hosted providing users the ability to control the flow of data behind their own firewall and security implementations. ConnectWise Control uses 256-bit AES encryption to package and ship data, supports two factor authentication, has server level video auditing, and granular role-based security. Forms-based and Windows Authentication are optional authentication methods for security purposes.

Compatibility
Host (presenter or technician): can utilize Mac, Linux, Windows, iOS or Android operating systems. Guest (customer or participant): can connect from Mac, Linux or Windows. ConnectWise ScreenConnect can also be utilized to remotely support Android devices, with complete view and control available for devices manufactured by Samsung.

Server
The on-site ConnectWise ScreenConnect server is self-hosted, and runs as a .NET Framework application. On Microsoft Windows it runs as a set of services. In 2015, ConnectWise ScreenConnect launched a hosted cloud platform, providing a way to use the ConnectWise ScreenConnect software with no local server installation required.

The ConnectWise ScreenConnect server runs as a set of four discrete services:
 * The Web Server service is an outward-facing ASP.NET HTTP application and serves as a portal for both technicians and their end-users
 * The Relay service provides outward-facing in-session communication and operates on TCP sockets. Communication is encrypted with the AES-256 block cipher.
 * The Session Manager service provides a data store for both the Web Server and Relay services. It is implemented as WCF SOAP web service.
 * The Security Manager service provides a data store for security-related activities, including authentication and auditing

Clients
ConnectWise ScreenConnect sessions are arranged through the web application. Once users join sessions, a ConnectWise ScreenConnect client is launched to connect to the Relay service. ConnectWise ScreenConnect targets clients based on device and operating system:
 * The .NET client is targeted to Microsoft Windows computers and is activated with a custom URI Scheme which starts the session from an installed handler on the controller's workstation. For end-users joining a support session, a variety of bootstrappers can be used including Microsoft's ClickOnce technology.
 * The Java client is targeted to OS X and Linux computers and is activated with Java Web Start.
 * The iOS client is targeted to iPhones and iPads.
 * The Android client is targeted to Android phones and tablets.

Licensing model
ConnectWise ScreenConnect is commercial software. Licenses sit in a pool and are available to any user on any workstation. There are three types of license: a single concurrent that allows one simultaneous connection per license, an unlimited which allows an unlimited number of concurrent sessions as long as all sessions are utilizing the same server, and enterprise licenses which provide flexible options for SaaS, multi-user, or custom functionality.

The concurrent license types are bought as a one-time purchase, with lifetime support. A subscription model is used for updates, which are free during the first year after purchase, after which the "update license" must be renewed. Pricing for updates depends on when the update license was last-renewed.

Misuse
The program under its previous name of ScreenConnect has been used in fraudulent technical support scams where the fraudster is able to gain the control of the victims computer by telephoning and tricking the user to install the software and permitting a connection. The free trial period has been utilized to avoid any software costs in doing this, and similar products such as TeamViewer, AnyDesk and Ammyy Admin have also been used for the scam.

Cybercriminal group LockBit exploited vulnerabilties in ScreenConnect.