All Activity

We will have an update removing the vulnerable driver early 2026 (Jan). -Paul

Hello, This is happening due to a library we're using for hardware monitoring. We are in-progress of switching to a separate library in early 2026. The risk is related to a driver called WinRing0 which can be exploited to run arbitrary kernel-code. The driver on it's own will not cause a security problem. -Paul

This is the report from Microsoft defender:  An active 'Vigorf' malware was blocked New Detected Low 10/27/2025 3:33:33 PM  [17044] PCMonitorSrv.exe created file PCMonitorSrv.sys Malware 3:33:33 PM  [4] ntoskrnl.exe loaded image PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Last modified time Oct 27, 2025 3:33:33 PM Initiating process  [4] ntoskrnl.exe Process id 4 Execution details Token elevation: Default, Integrity level: System Image file path C:\Windows\System32\ntoskrnl.exe Image file SHA1 d50cebb81fe449e0d62a4ae92b185b917e898eef Image file creation time May 12, 2025 7:48:05 AM Image file last modification time May 12, 2025 7:48:06 AM PE metadata  ntoskrnl.exe User  NT AUTHORITY\SYSTEM PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware Is runtime packed False Threat name Trojan:Win32/Vigorf.A Remediation action quarantine Remediation action result Fail Detection time Oct 27, 2025 3:34:05 PM 3:34:05 PM  ntoskrnl.exe interacted with file PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Creation time Oct 27, 2025 3:33:33 PM Last modified time Oct 27, 2025 3:33:33 PM Initiating process  [4] ntoskrnl.exe Process id 4 Execution details Token elevation: Default, Integrity level: System Image file path C:\Windows\System32\ntoskrnl.exe Image file SHA1 d50cebb81fe449e0d62a4ae92b185b917e898eef Image file creation time May 12, 2025 7:48:05 AM Image file last modification time May 12, 2025 7:48:06 AM PE metadata  ntoskrnl.exe User  NT AUTHORITY\SYSTEM PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware 3:34:05 PM  PCMonitorSrv.sys Malware SHA1 d25340ae8e92a6d29f599fef426a2bc1b5217299 Path C:\Program Files\Pulseway\PCMonitorSrv.sys Size 14 KB Is PE True Creation time Oct 27, 2025 3:33:33 PM Last modified time Oct 27, 2025 3:33:33 PM Signer Noriyuki MIYAZAKI Issuer GlobalSign ObjectSign CA VirusTotal detection ratio 4/72 Initiating process  Additional related files PE metadata  PCMonitorSrv.sys Original name WinRing0.sys Compilation timestamp Jul 26, 2008 4:29:37 PM Company OpenLibSys.org Product WinRing0 Version 1.2.0.5 Description WinRing0 Remediation details  Defender detected 'Trojan:Win32/Vigorf.A' in file 'PCMonitorSrv.sys', during attempted open by 'ntoskrnl.exe' Malware Is runtime packed False Threat name Trojan:Win32/Vigorf.A Remediation action quarantine Remediation action result Fail Detection time Oct 27, 2025 3:34:05 PM We are having this issue on multiple workstations where the deployment was done.

Hey @JustinAN7 - Thanks for reaching out. I just raised a ticket on your behalf and someone from our team will contact you shortly😊

I'm also expereing issues with the MacOS Remote Control application. To be clear, i'm not able to remote control any type of machine, from my local MacOS 26 Macbook Pro. The screen displays but I cannot use keyboard or mouse .

Hey @Lix1 - Thanks for reaching out! Yes, this can be done by workflows. Once created, run/schedule the workflow. Refer to image.

Does Pulseway RMM specifically offer a built-in 'Run as Logged-in User' or 'Run with Impersonation' feature that would allow the script to directly target the HKCU hive of the currently active user, thus avoiding the need for complex registry path modifications?

Hey @deepee - Just raised a ticket for you and they'll contact you shortly😊

thank you 😊

same for me

Hey @smcclos - Thanks for reaching out. Navigate to the WebApp >> Configuration >> Profiles >> selecting the profile. In this case, you need to enable notification when device goes offline in the policy. To do this, you need to identify which policy applies to that agent group. The policy you want to edit should have the suffix "Status" in its name or You can create a new profile. As an example in the screenshot below, policies with names like 'AD server status' with' monitoring type policy' should be edited by clicking on the 'Edit' button and adjusting the settings.

Hey @deepee - Thanks for reaching out! For assisting the end user, you can use the shared session, this does not ask for credentials, the private remote sessions will ask you for credentials. Also, the shared session shortcut icon is available when you hover over the specific device. Let me know if you need anything else😊

I am currently on a trial and have a few endpoints installed. I am trying to remote control the endpoints but for some reason it is asking for the credentials of the remote machine. This is pre-connection, not the onscreen windows login. I have tried another RMM and it allowed remote control without asking for any credentials, am I missing something, I cannot store or collate the credentials for all of our intended endpoints.

Is there any way to get a notification in the Pulseway Android application when a system has been rebooted? I see lots of request to initiate reboots, but nothing for this situation

The latest Pulseway update just dropped, and this one’s all about speed, automation, and control; three things every sysadmin dreams about (right after fewer tickets and better coffee ☕). Here’s what’s new and worth checking out: ⚡ Faster Device Card Performance Device card load times just got a major speed boost. You’ll notice pages open much faster when managing systems, especially when jumping across multiple devices. 🧠 New Registry Editor (Remote Registry Management) The old Registry Viewer just evolved into a full Registry Editor, giving you real remote control over Windows device registries. You can now: Search for specific registry keys or hives Create, edit, and delete keys and values Back up or export individual keys or the entire registry to .reg files Import registry backups remotely Basically, full registry access without ever remoting in. 🤖 Cooper Copilot for Workflows Gets an Upgrade You can now: Trigger workflows on a schedule or based on notifications Integrate workflows with your PSA (Autotask, Pulseway PSA, Vorex, ConnectWise) to automatically create or update tickets It’s automation that works with your existing systems, not against them. 🔔 Enhanced Notifications Page The Notifications page under Administration > Account has been revamped for better performance and usability: Added search and filter options for faster navigation Introduced default severity mapping for all orgs “Reset All Overrides” replaces the old “Reset to Default” — for simpler global resets 📱 MDM Updates You can now delete existing Apps & Books connectors to keep things tidy Notifications for revoked MDM connectors (no more surprises) Added support for custom VPN vendor configurations (like WireGuard) in Apple MDM profiles If you want to dive into all the details, you can read the full release notes here.

Hey @fletcher_eit - Our support team was able to assist them with this. I just raised a ticket on your behalf and they'll reach out shortly😊

Was there ever an answer posted? Same issue as of 10/14/25

I had a ticket open for months and the support tried to blame the computers instead of fixing the problem. It's still happening and the offline times cannot be trusted.

That’s a solid update from Pulseway! The new automation and remote control features sound like real time-savers, especially the ability to run workflows within other workflows. Session recording and better device tracking will make troubleshooting and management a lot more efficient. I also like how they’ve made PSA ticketing more seamless, definitely a smart move for support teams. Excited to give these new features a try!

Good afternoon, Is there an update on this? We have a 3rd party vendor installing Pulseway on production virtual servers....whitelisting goes against best practices.

Hey @Labsy - We want to provide a single pane of glass and this capability is offered via Site maps. You can read more about this here and look up "Virtualization Discovery, Topology and Management"

Yes, that discussion I started at that time. But I still do not understand, what's going on. Is it Hyper-V module removed, or functionality shifted towards something else, better or worse? Hi! Thank you, I already know that. But it is unclear to me, whether Hyper-V and ESX modules are gone or moving towards something better? Also, if I enable Legacy mode, how long will it last? A month, year, 5 years? Do I loose some functionality in Legacy mode?

It’s been several months since we last discussed the SNMP issues and the promised development of new templates. Unfortunately, there has been no visible progress — the same 9 outdated SNMP profiles from 2023 are still the only ones available. Can you please provide a clear update on: The current status of SNMP development When new templates (e.g., for MikroTik, Kyocera, Sharp, and QNAP) will be available Whether SNMP is still actively being developed At this point, SNMP monitoring in Pulseway remains almost unusable, despite requiring a full device license. If there is no improvement soon, we will need to re-evaluate our continued use of Pulseway in production. Best regards, Martin Akamphuber

Hey @Labsy - Enable legacy agent mode -> To enable Legacy Mode run the below script on the system with Pulseway agent installed. Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" AgentLegacyMode -Value 1 Perform the below steps on the pulseway agent manually in registry after the above step. HYPER-V and VMWARE : On the server, go to the registry editor. HKEY_LOCAL_MACHINE\SOFTWARE\MMSOFT Design\PC Monitor and check and make sure these four are enabled with 1 data. DisplayHyperV, MonitorVMware, DisplayVMware, and MonitorVMware. That will enable Hyper-V and VMware on the Pulseway manager. It is possible to enable this functionality using the script. Please configure the Hyper-V module on one of your monitored systems. Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name DisplayHyperV -Value 1 Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name MonitorHyperV -Value 1 Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name PrioritySendNotificationOnHyperVReplicationCritical -Value 3 Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name PrioritySendNotificationOnHyperVReplicationWarning -Value 2 Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name SendNotificationOnHyperVReplicationCritical -Value 1 Set-ItemProperty -Path "HKLM:\Software\MMSOFT Design\PC Monitor\" -Name SendNotificationOnHyperVReplicationWarning -Value 1 Let me know if this works for you😊

Hey @Timm - Thanks for reaching out. I just raised a support ticket on your behalf and our team will contact you shortly😊