[RMM Update]: Remove specific RMM Domains from Atera for Thawte and PubNub

[rdmershon]

RMM Tool Name

Atera

Type of Update

New RMM Tool

Update Details

I would recommend considering removing the following domains from the Atera RMM page (and potentially other tools).

1. cacerts.thawte.com - This is an endpoint for cacerts.thawte.com is the root CA certificate server.

• If implemented this could break PKI for companies.
• I would also ad in the future status.thawte.com is the OCSP server for Thawte in the event it comes up in any tools.

I think Thawte specifically should be excluded from all current and future LOLRMM tool submissions. Probably worth adding other CA domains like Lets Encrypt, Digitcert, Comodo, etc.

2. ps.pndsn.com - This is an endpoint for PubNub and appears to be used by other applications, but it's also in use by Zen Desk so this one is a toss up.

• Google search of ps.pndsn reveals that it could potentially be used by WonderSign and vhlcentral but also Zen Desk so kind of a toss up.

Thanks for the awesome project and everything you guys do!

References

blocklistproject/Lists#713
https://support.vhlcentral.com/hc/en-us/articles/214836707-Network-Connectivity-Requirements-Ports-and-Domains-to-Whitelist
https://www.netify.ai/resources/applications/pubnub
https://swivl.zendesk.com/hc/en-us/articles/360003263194-Reflectivity-and-Capture-Apps-Firewall-Settings (I mean this is a pro to block ps.pndsn)

[rdmershon]

Oh also I would add crl.thawte.com as that's the CRL endpoint for Thawte. https://www.tbs-certificates.co.uk/FAQ/en/341.html