Remote Shutdown During Active Threat / View-Only Session
π¦Gorelo Question
Hey team β ran into an interesting scenario today and have a capability question.
We had an active malware infection on a managed endpoint. ScreenConnect was locked out by the malware. Gorelo, however, was still able to establish a view-only session on the machine β which was genuinely impressive. We could see the screen in real time but had no mouse/keyboard control.
Question: In a situation where Gorelo provides view access but not interactive control, is there a way to push a remote command, specifically shutdown /s /t 0, through Gorelo's backend without requiring an interactive session? Whether through a script push, scheduled task trigger, or another mechanism?
The goal would be to forcibly terminate an active session and shut the machine down immediately when we can see something bad happening but can't interact with the desktop.
Thanks in advance. I appreciate the platform holding up when our other tools were blocked.
Joe
We had an active malware infection on a managed endpoint. ScreenConnect was locked out by the malware. Gorelo, however, was still able to establish a view-only session on the machine β which was genuinely impressive. We could see the screen in real time but had no mouse/keyboard control.
Question: In a situation where Gorelo provides view access but not interactive control, is there a way to push a remote command, specifically shutdown /s /t 0, through Gorelo's backend without requiring an interactive session? Whether through a script push, scheduled task trigger, or another mechanism?
The goal would be to forcibly terminate an active session and shut the machine down immediately when we can see something bad happening but can't interact with the desktop.
Thanks in advance. I appreciate the platform holding up when our other tools were blocked.
Joe
