0

Im having some issues on a piece of specialist desktop software (windows wise im running W10) and i need to get a professional in to assist. Ive found someone who runs an online support service for this piece of software and offers support remotely using a programme called VNC single click.

Ive spoken to the professional and as far i can see he knows his stuff and there are other signs he is a legitimate business and not a scammer. But regardless someone who i have never met is going to have access to my computer, even if im present at the time.

What would be some tips to protect my self from / mitigate any possible damage, either in terms of file / data theft and / or them installing malicious software (or anything else).

My thoughts so far are to :

  • create a separate user account with non admin privilege when speaking with him.

  • screen record the session so i have a record of what they did, incase i need to reverse engineer it.

  • would another screen share client offer better protection ? Perhaps by only giving him point and click access and no command line or file upload access ?

Any other tips / ideas ?

sam
  • 536
  • 3
  • 14
  • Is windows 10 running in a VM or is it a host OS? – Dan Landberg Jun 30 '17 at 19:39
  • @user52472 its the host OS. Ideally i dont want to have to create a sandbox'ed OS to handle a support query as its a big undertaking to install all software and files each time – sam Jun 30 '17 at 19:42
  • That's understandable. A few more questions Is this a one time support request, or is this going to be a recurring event? What sort of data do you need to protect from theft? What sort of access are they going to need in order to do their job (Update registry, other admin level stuff)? – Dan Landberg Jun 30 '17 at 19:54
  • @user52472 i would say its one time or perhaps adhoc infrequent support. Data wise the files software we are working on is an tax / accountancy software suite. Access wise i would presume they would be mostly digging around in this software and the softwares in built features, but somtimes the software clashes with the Anti virus, so exclusions in the AV need to be made. But mostly i would say their work will be in the software rather than changing stuff at a system level. – sam Jun 30 '17 at 20:00
  • I would install Sysmon. This would enable you to keep a record of processes created and network connections. Tool is here: https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon Command example: `sysmon -accepteula -i -h sha256 -n` You can later review the event log entries. – HelpingHand Jan 08 '18 at 18:50

0 Answers0