Third Wall™ FAQ
If I am in a trial of Third Wall™ and decide to purchase, will I be billed for the remainder of my trial period?
No, we will give you the full trial free of charge, regardless of when you decide to purchase, and will only start billing once that trial period has ended. You do not need to wait until the end of the trial period to purchase – we will keep track of that for you!
Is Third Wall™ difficult to use?
No, Third Wall™ is very easy to use, right from your Automate® Control Center. As a plug-in, it will work seamlessly within your ConnectWise Automate® environment. However, Third Wall™ is a very powerful tool, and we strongly recommend that any user be very proficient at Automate operation and with Windows® itself. Like any powerful tool, improper use by an unqualified person can be dangerous. We also strongly recommend that you test Third Wall™ functionality within a test environment prior to full deployment, so that you fully understand what it can do for you and how to properly use it.
Will Third Wall™ work on virtual machines?
Yes, as long as they are running on a supported Windows version and are being managed by Automate.
Will Third Wall™ work on a cloud version of Automate?
Yes, Third Wall™ will work on either a cloud version or an on-premise version of Automate.
Can I add more computers to Third Wall™ protection?
Yes, simply by activating any Third Wall™ function within a Automate location, you will add all of those computers to Third Wall™ protection. We will automatically detect that via our license server; you will not need to notify us of your action.
Will Third Wall™ work with RMM solutions other than Automate?
No, it is specifically designed for Automate as a direct plug-in, and extends the functionality of Automate in critical ways.
Will Third Wall™ work on my Mac or Linux computers?
No, Third Wall™ only works on Windows-based machines running Windows 7 or later versions (PCs, laptops and tablets) or Windows Server 2008 or later (servers).
Will Third Wall™ charge for all of my Automate Agents?
No, Third Wall™ only charges you for the Automate Locations where you are actively using Third Wall™ protection. Until you actually use a function on any given Location, you will never be charged for it. Once you do use Third Wall™ functionality on any given Location, you will be charged for the number of Windows endpoints within that Location.
What is the pricing for Third Wall™?
There is a monthly minimum per Third Wall™ client, see our pricing page for details. If your per-computer-protected charges exceed this number, then that charge will increase appropriately.
Can I cancel my Third Wall™ subscription at any time?
Yes, you can cancel by sending an email to firstname.lastname@example.org requesting cancellation. This requires 30 days’ notice to remove from billing.
How does Third Wall™ calculate my number of active endpoints for billing purposes in a month?
Third Wall™ software has a built-in counter to determine, within a given month, the maximum number of Windows endpoints your operation has under Third Wall™ protection. This is counted by Automate Location – once you use Third Wall™ protection within a given Location, that entire Location is counted until cancelled. We only charge you for the actual number of Windows endpoints within an active Third Wall™ protected Location.
What happens to my license if I deactivate all of the policies for Third Wall™ within a given Location?
Since you still have powerful Third Wall™ protection within that Automate Location available to you, including the extremely powerful “Isolate,” “Lockdown” and “Annihilate” buttons, should you ever need them, we continue billing you for any activated Location even if you are no longer using any policies. If you would like to fully deactivate a Location and remove it from billing, please send an email identifying which Location(s) you wish to remove to email@example.com, and we will remove it from your charges for the following month.
Will Third Wall™ work with my antivirus package?
Most likely. We have structured Third Wall to ensure it will not conflict with antivirus systems. However, we still recommend that you make sure your antivirus has exceptions made for Automate, per their normal instructions.
Will Third Wall™ work with Group Policy?
Yes. But it is possible to set conflicting policies on Third Wall™ versus Group Policy. If that happens, then you will see them changing values on your endpoints at the cycle time of their respective monitors – Third Wall™ will alert you via Automate tickets every time this happens, so watch for repetitive changes as an indicator of this conflict. You should rectify the conflict, by either changing Group Policy or Third Wall™, to ensure that you have consistent policies in both.
Can I pay via check or PayPal?
No, we only accept credit cards or debit cards with automatic payments set up. If you would like to pay annually, please contact us at firstname.lastname@example.org.
How do I update my credit card?
Just go to our Update Credit Card page.
What happens to all of my Third Wall™ settings should I cancel?
Once you cancel, we will help you return all settings on all computers where Third Wall™ made a change back to Windows® default.
How can I reach tech support for Third Wall™?
We currently support Third Wall™ via email tech support. Send your email to email@example.com.
Will you add additional features to Third Wall™? Do you take input for added features?
Yes, we plan to add new features every few months. And we welcome your input on new features – please send your requests to firstname.lastname@example.org. We want to make your environment as safe as possible!
How to complete an Update of Third Wall:
- Please follow the instructions on our
Ensure you follow ALL of the steps to complete your update properly.
Third Wall v220.127.116.11 is here
Please update now
Our latest release of Third Wall is here – and we strongly recommend you install it today. Please be sure to follow ALL of the instructions in this link, including the “Reload IIS” step if you are running Automate 21 Patch 2 through 5.
This release adds 4 new policies that we’re very excited about (and think you will be, too!). It also adds more underlying improvements to USB Wall, report generation, UNDO ALL, and ransomware detection.
Here are highlights of what we included:
- Added the new policy Third Wall Administrator Password Solution (TWAPS) as an option for protecting your built-in Local Administrator Account. Third Wall now enables you to assign a random unique complex password for each computer’s built-in Local Administrator Account of a length of your choice, and automatically change it after a time period you define.
- Added USB Watch, a new policy that enables you to capture key information whenever a file is written to a USB storage device. This is exactly the same data that you can capture for registered devices using USB Wall – but without the restrictions! You have a Dataview showing the filename, User, computer and date/time of every file written to any USB device over the last 60 days.
- Added a new policy to Clear the Windows Pagefile on Reboot. This file is used as virtual memory by Windows, and could potentially contain passwords or other sensitive information. Clearing it on reboot ensures that information is no longer available.
- Added a new policy to Enable Windows Registry Backup. Microsoft has discontinued this as a default setting, to reduce the footprint of the OS, but you may want to continue backing it up for security purposes.
- Updated our Monitor for Ransomware Monitor policy to apply file attributes that prevent false positives caused by OneDrive syncs.
- On the Monitor for Ransomware Attacks policy, we now include a new, non-optional trigger: Alert on Rename. Previously, only file changes or (optionally) deletions would trigger the monitor. Now the Rename event will also cause this monitor to trigger. This update applies this change immediately.
- Improved our UNDO ALL function (when selected at a Location, or using Except All on a computer, or when applied globally on the Integrations screen) to work more consistently.
- Added 3 new Utilities on our Integrations page: Get Server Logs; Close or Delete All Third Wall Version Tickets; and Clear Failed Logons (from our Logon Values table).
- Updated USB Wall for consistency, and modified data capture for User login data to improve performance.
To install the new update, follow the instructions posted here:
Please be sure to follow ALL of the instructions, including the Reload IIS step.
Remember to go to the Third Wall Integration screen, select the Encryption page, and enable FIPS encryption. This is required for TWAPS and USB Wall to work properly, and to ensure your server can communicate consistently with our license server.
Also, we get lots of questions about the Restrict Local Admin Tools policy. It has a number of nuances, so you can learn more about it with this KB: Understanding Restrict Local Admin Tools Exceptions : Third Wall
We’ll keep bringing you more power and features, so you keep on using Third Wall to secure your environment!
Your Third Wall team
Third Wall CRITICAL Release v18.104.22.168 is out!
This is a**REQUIRED** release, as it fixes key issues created by ConnectWise with their Automate 2101.1 release. Please ensure you complete this update as soon as possible.
- We completely rewrote the USB Wall function to improve reliability. Also, you can now register USB hard drives, not just USB sticks. You can also designate the USB Wall restrictions to apply to Workstations only.
- We upgraded our data capture for logon events, and improved our logic for ensuring we properly show all logon events on the report itself.
- We upgraded our encryption to FIPS, which is now an option you can select on the Integration screen. This will impact USB Wall and Admin Password storage. PREVIEW: this is an important precursor for our next release, which will include our BAPS feature – “Built-in Administrator Password Solution,” which will be similar to Microsoft LAPS.
- In our failsafe monitor to prevent huge numbers of logon events cluttering up your Dataview, we self-except a computer generating too many logon failures in a period of time. For this function, our Logon Dataview will now show the failed logons causing this self-exception, so you can more easily track down the culprit.
- We added a “Use Static Path Only” option on our “Monitor for Ransomware Attacks” policy. Use this if you prefer to not have Third Wall deploy/monitor bait files to User documents folders, but only to the static path you enter on the Third Wall integration screen in Automate. IMPORTANT NOTE: we strongly recommend you use the Static Path on the Third Wall Integration screen to add additional bait files not associated with Users. This is critical for protection of servers from ransomware.
- Our “Alert on Excessive Logon Failures” policy, when issuing a ticket, will now provide the domain name, user name and time of logon failure.
- We added the ability to specify a socket exception for our Isolate feature, so you can include other connections to stay up, as desired. See our online Operational Instructions for details on how to do this. You can also now instruct an endpoint to ignore the Isolate command.
- We added a secondary method to assign an antivirus executable, as some do not integrate fully with Automate and thus we were not able to launch them for the appropriate policies. See our online Operational Instructions for details on how to do this.
- On our Utilities page, we’ve added ticket management checkboxes for our “Alert on Excessive Logon Failures” policy and our “Monitor Event Log Clearing” policy, addressing a known bug in Automate that was causing these tickets to change characteristics.
- We updated the Enforce Password Protected Screensaver policy to work on the new 20H2 Windows 10 release.
- The Third Wall Computer screen will now show active temporary exceptions to policies, even if you refresh the screen.
Third Wall Release v22.214.171.124 is here!
Our latest release of Third Wall is here – and we strongly recommend you install it today (see installation instructions at the end of this mail). Much of this release focuses on key improvements to existing functions and important fixes for some features that were recently disrupted by Automate patches and Windows updates.
Here are highlights of what we included:
- ISOLATE feature
- Changed validation method to work under Automate Patch7. NOTE: if you don’t update Third Wall, your Isolate function may not work!
- Added feature to enable you to customize popup message (to include your Logo) to end-user for Isolate and for Restore Network.
- User Logon Report
- Improved accuracy with the new get/send method.
- Improved performance to mitigate timeout issues due to changes in Automate processing.
- Updated the report format.
- ANNIHILATE feature
- Fixed a bug that could cause Annihilate to not complete.
- Added a method to clear the local cache of passwords when you send Lockout command.
- Disable EXE Running from %AppData%
- Improved performance of adding to Client-level whitelist.
- Added AppData Scan on the Third Wall Computer screen, to enable you to scan a single machine and select additional EXE files for whitelisting; easier and quicker than doing scan across entire Client.
- Third Wall Enabled Policy Dataview
- Modified to show Computer Exceptions to Policies, and to show Licensing information.
- Secure Free Space Delete
- Added checkbox to allow “Run only at this time,” which will constrain the process to run within 15 minutes of a set time. Skipped runs will execute on the next day, regardless of the assigned interval.
- Third Wall messaging
- Out of Version alerts can now be assigned to a specific Alert Template.
To install the new update if you are running Automate 2019 or later and Third Wall 126.96.36.199 or later, simply go to any Automate > Location > Third Wall screen and click the Update Available button (this will take you to the Automate Solutions Center). If you are running earlier versions, just go to the Automate Solutions Center and update. We do recommend you run it off-hours – since it will deploy an updated agent to all of your managed computers.
If you have already updated to Automate 2020, here’s how to install until ConnectWise gets this latest version on the Solutions Center:
- Download two plugin files:
- Right-click and UNBLOCK the files (if currently blocked)
- From Automate, open the Plugin Manager. From here, we will update two plugins: theThird Wall Remoteplugin and the Third Wall Server plugin.
- Start by selecting the Third Wall Server on the Plugin Manager. This will highlight the Third Wall Server plugin on the interface. Then use the ‘Advanced’ button on the top-right to select: Manage Plugins -> Update Plugin. This will call a file dialogue window. Use it to select the newly downloaded ThirdWallServer.dll file.
- Upon updating the ThirdWallServer.dll file, you will be prompted to restart the Automate database agent. Click ‘No’ to this prompt.
- Now do the same for ThirdWall.dll. Select the Third Wall Remote option on the Plugin Manager and click to Update Plugins. When
prompted for a file path, select the newly downloaded ThirdWall.dll file.
- This will again prompt Automate to request restarting the Automate database agent. Again, choose ‘No’ to this prompt.
- Both plugins are now displaying version ‘188.8.131.52’. Confirm this and then use the ‘Advanced’ button on the top right to: Reload Plugins -> Update Remote Agent Plugins.
- Restart your Control Center and any others running when the update occurred.
V184.108.40.206 Release Notes
- Big improvements to Monitor for Ransomware Attacks
- Fully supports redirected path to \Documents. Lots of you have been waiting for this one, it’s here!
- You can specify a subfolder for the bait files, instead of the root of the \Documents folder.
- You can now also specify a custom filename for bait files.
- You can create additional bait files in a custom (static) path that you specify – perfect for protecting servers!
- We added a double-check to reduce false alarms.
- More major improvements to Disable EXE from %AppData% (essential for protection from ransomware!)
- Added new options to policy to block %LocalAppData%; to block all 30 executable types; and to generate a ticket on file block.
- Created new Client Screen to auto-scan your remote AppData environments for executable files across ALL computers within a given Client, and then easily whitelist those you wish to not block in that Client.
- Monitor Event Log ClearingAdded option to only alert on the three primary logs, minimizing false alarms.
- Detection tickets will describe who cleared what, when.
- Alert on Excessive Logon Failures
- The alert ticket now includes the failed logon usernames.
- USB Wall
- Added “Assigned to” value to the Dataview.
- Added support for BitLocked USB keys.
- Isolate Button
- On the Integration screen, you can specify an “Auto Restore” time, which automatically reconnects the computer to the network if the connection to Automate is broken.
V220.127.116.11 Release Notes
- Security Patch – important update to close a potential vulnerability.
- We reduced the size of our remote agent by 70%, so it will have a much smaller footprint and will have much lower impact on your Automate server during update deployment.
- In anticipation of our next release, which will include Redirected Folders as part of our Monitor for Ransomware Attacks policy, we have made a change in architecture to allow the smooth introduction of this critical upcoming feature.
- Improved the efficiency of our capture of User Logon data.
- Installed a version monitor to prevent mismatches between your Automate Control center(s) and your Automate Server.
- In the “Shutdown” option for our Monitor for Ransomware Attacks and our Alert on Excessive Logon Failures policies, we added Isolate to the actions taken.
- Added “Computer Name” to tickets generated by the self-exception rule and the Monitor for Ransomware Attacks policy.
- For the Alert on Unencrypted Disk policy, added a condition that will trigger a ticket: if “Protection Off” is seen in the Bitlocker discovery, you will get a ticket.
V18.104.22.168 Release Notes
- Updated the User Logon Report in the Report Center to correct an error. If you use this report, please update to v22.214.171.124 now.
- Improved the “Alert on Excessive Logon Failures” policy to even better capture and stop brute force logon attempts.
- Improved the utiliity of tickets generated by the “Monitor for Ransomware Attacks” policy.
- Added an important contingency on the Isolate reversal function. to better handle certain environments.
- Improved performance of logon data capture on the Automate server.
- Several important internal improvements for the plugin itself, to enhance performance and utility.
V126.96.36.199 Release Notes
- We’ve added both of our Reports (the User Logon Report and the Client Audit Report) to the new Automate Report Center. You no longer need to go to the Legacy section to run Third Wall reports; you can just right-click the target client and run your report from there.. We will still maintain them in Legacy for a while longer, to ensure everyone has time to migrate. To get the new reports, you must be on v2.0.1200 or better of the Reports.
- Changed ticketing for both Alert on Excessive Logon Failures policy and the Alert on Event Log Clearing policy. They will no longer “auto-close” after 5 minutes; they will remain open until you address them and close them manually. These both need your attention, and thus we do not wish to auto-close them any longer. Additionally, if subsequent tickets for a particular situation continue to come in before the original ticket is closed, they are added into the original ticket.
- Updated our logic behind the Emergency Action buttons to avoid duplicate situations.
- Added checkbox to allow Type 3 (network) Logon failures in our Logon Monitoring function.
- Removed Logon failures from the User Logon Report; you can still see those in the Dataview. We also added the specific decription of the Logon failure.event.
- The Monitor for Event Log Clearing policy will now ignore certain Dell events that were causing false positives.
- Removed WMI from being used for the Alert on Excessive Logon Failures policy, substituting a more reliable method.
V188.8.131.52 Release Notes
Here are the key improvements and fixes you’ll benefit from:
- Added an Assigned Alert Category selector to help ConnectWise Manage users better manage alerts / tickets.
- Added an Assigned Alert Template selector to the Monitor for Ransomware Attacks policy, to allow you to improve notification of a ransomware attack.
- Added a capability for you to change Third Wall permissions to “read only,” allowing you to restrict access to most Third Wall command functions for individual technicians on your staff.
- Fixed a condition that could product excessive tickets for ransomware alerts.
- Added a horizontal scroll bar to the AppData whitelist screen.
Improvements and fixes to social media policies, USB policies, Screensaver policy, Windows Store policy and Unencrypted Disk monitoring, plus improvements to the UNDO function.