Project brief
RMM Hunter is an MDP Studio cybersecurity project for Windows endpoint triage, unauthorized remote access tool evidence, RMM abuse review, Watch Preview alerts, and local trust-health checks.
Audience: Small business owners, incident responders, security students, MSP handover reviewers, and Windows users checking suspicious remote support activity.
What it does
RMM Hunter checks local Windows artifacts for known remote access tools, service persistence, scheduled tasks, startup entries, PowerShell and WMI traces, Defender events, vendor logs, KAPE-imported evidence, and endpoint trust-health signals. It groups evidence into clean, needs_review, and high_risk verdicts without changing the device by default.
Why this matters
Remote management tools are legitimate in IT support, but they are also abused in support scams, hands-on-keyboard intrusions, and messy MSP handovers. The difficult question is not only whether a tool exists; it is whether the tool was expected, when it appeared, what it did, and what evidence should be preserved before cleanup.
How MDP uses it
RMM Hunter shows MDP Studio's security-product depth: local-first data handling, explicit safety boundaries, deterministic detection logic, public release verification, and practical incident-review workflows rather than vague AI claims.