Well two thoughts go into my mind on how this could have happened. Lets say you installed the unattended on a laptop months ago, the laptop has been sitting unused so it was no longer connected. When the client finally turned on the laptop boom it's back and by this time it looks like a random new session.

Second, is that you may have left the installer on a pc and someone just randomly clicked on it again to see what it did, this installed screenconnect and connected to your server.


In my opinion this is why the software need some form of ACL list that can block by the GUID. This way we can whitelist only sessions we want and block anything else.

I have a sort of similar situation going on that's puzzling me. I have several Guest Connections/Disconnections. Most occur either within the same minute or within one minute. For example I have five connects/disconnects just from today that show Guest connecting to the PC I am currently sitting at. The IP address listed in the log is the internal IP address of this same PC. This seems to be happening on all of the Unattended PCs I have set up that I've checked so far. Is this just some kind of "phone home"?

Yes, 2.4.2198.4386

I just got one of these today. It's showing up as TWO different UNattended sessions as "0min"

[02/12/2012 12:47] Host Disconnected
[02/12/2012 12:47] Host Connected (Prompt Care)
[02/12/2012 01:08] Patient Disconnected
[02/12/2012 01:06] Patient Connected (91.52.196.198)
[02/12/2012 01:06] Patient Created Session

[02/12/2012 04:08] Patient Disconnected <--it's only 3:13 as I'm writing this!
[02/12/2012 04:06] Patient Connected (91.52.196.198)
[02/12/2012 04:06] Patient Created Session

Tracing route to p5B34C4C6.dip0.t-ipconnect.de [91.52.196.198] <--GERMANY!? Nope, no customers there!

Looking into this, its related to one of our 2.4 betas. We will have a post shortly on what we think is going on and how to resolve.