Built-in protection against supply chain attacks, advanced encryption, and hardened server architecture.
NetLock RMM is architected from the ground up with multiple protection layers. Even if your server were ever compromised, breaching your infrastructure remains exceptionally difficult.
Server-side packages (installation & update packages stored on the server) are uniquely encrypted and obfuscated. They are decrypted on-demand when agents request updates. Running agents on endpoints are not obfuscated or virtualized – this is intentional to prevent antivirus false positives and ensure compatibility with security software.
Server components are protected with advanced code virtualization and deep tamper protection, making reverse engineering and manipulation extremely difficult.
All agent packages stored on the server are uniquely encrypted and obfuscated before distribution, preventing unauthorized access or tampering.
Packages are securely decrypted and deobfuscated only when needed using proprietary algorithms, minimizing exposure time.
Even if an attacker gains access to your server, they face multiple barriers:
These combined mechanisms form a layered defense model that raises the bar significantly for any potential attacker, making your infrastructure exceptionally resilient.
Protect against attacks like those seen with SolarWinds or Kaseya through independent hash verification.
By dividing the server into different roles, you can significantly enhance security against supply chain attacks.
Provides update packages for agents
Independent hash verification service
Attacker compromises Update Server to deploy malicious packages
Agent downloads package but contacts Trust Server for hash verification
Hash mismatch detected – agent refuses to execute the package
Result: Attacker would need to compromise both Update AND Trust servers – a significantly harder attack vector.
Unlike conventional RMM solutions that rely on outdated disk-based delivery, NetLock RMM serves installation and update packages directly from memory – combining performance with enhanced security.
Configure IP addresses allowed to access the Web Console. Leave empty to allow access from all IPs.
Configure IP addresses allowed to access Backend services. Applied when backend services restart.
All communication between server and agents is encrypted using modern cryptographic standards.
Running agents are clean and unobfuscated to prevent antivirus false positives and conflicts.
Agents only perform outgoing connections – no port forwarding required on client networks.
Only agents installed by the customer can communicate with their own NetLock RMM server installation. Agents from unknown installations are automatically rejected.
RMM platforms have been misused for cyberattacks in the past. We provide full transparency to help security researchers verify legitimate NetLock RMM installations and whitelist our signed agents.
Digitally Signed: The paid on-premises version is code-signed with a trusted certificate, significantly reducing the likelihood of third-party abuse.
NetLock RMM Cloud: Our cloud platform maintains the same high security standards and is protected against misuse through intelligent license verification systems.
License Abuse Prevention: Both the cloud platform and paid on-premises version employ sophisticated systems to prevent license fraud and unauthorized usage.
Note: Only the paid version is digitally signed. The free/open-source version is unsigned. For questions, please contact support@netlockrmm.com
Use the following information to whitelist NetLock RMM agents or verify legitimate installations:
Our built-in Patch SLA system ensures every instance stays up-to-date and secure — automatically escalating notifications until action is taken.
A subtle update icon appears in the web console, letting administrators know a new version is available.
A dialog popup appears in the web console, actively reminding the administrator to apply the latest update.
The instance will stop itself to prevent security risks from running outdated and potentially vulnerable versions.
Why enforce updates? Outdated RMM instances are prime targets for attackers. Our Patch SLA ensures your infrastructure is never left exposed to known vulnerabilities — protecting both you and your clients.
With deep roots in cybersecurity, we're committed to continuously evolving these protection mechanisms — not just to respond to threats, but to stay ahead of them and prevent incidents before they happen.