The sample scripts are not supported under any N-able support program or service. The sample scripts are provided AS IS without warranty of any kind, and N-able expressly disclaims all implied warranties including, warranties of merchantability or of fitness for a particular purpose. In no event shall N-able or any other party be liable for damages arising out of the use of or inability to use the sample scripts.

Kaseya Endpoint Detection Tool - RMM

Last Modified Date

7/6/2021 1:32 PM


** Update Note : this was updated on July 6th following  an update to the script provided by Kaseya on July 5th at 5:30pm 

Following the attack on Kaseya VSA (July 2021), See Article Here, our partners have been asking for help to mitigate or detect the vulnerability.


N-central and RMM have the ability to detect whether the Kaseya agent is installed, and report on it. This can be used as a first line. Kaseya has also created 2 scripts, one to be run on the VSA itself and one to be run on the endpoints. We have taken the endpoint scripts and slightly modified it to make it work within N-central and RMM as monitoring items (See our other article for N-central). This now allows everyone using our platforms to run the script from Kaseya and get alerted if it detects any potential issues.


We recommend that you review the link to the article from Kaseya, and come back to this page often as we will publish updates to the article or the AMP file as needed, based on what Kaseya and the experts recommends.


Custom Service / Script Check


Windows Third Party Apps

Target OS

Windows 8/8.1;Windows 10;Windows Server 2012 / 2012R2;Windows Server 2016;Windows Server 2019

Compatible with N-Central


N-Central minimum version

Compatible with RMM



To use in RMM, upload to your script library as a script check, and deploy to all devices that could potentially be using Kaseya.

Note that if the devices are not using Kaseya, the monitoring will return a pass state, since the vulnerability seems to be targeted around Kaseya agents.


The policy will output 4 fields. an ''issues count'', a ''certs found'', a ''files found'' and an encryption status

It will automatically alert you if any issues are found by the Kaseya script


kaseya vsa advisory security cve revil ransomware

Related Content