Over the past year, our industry has seen an increase in threat actors attempting to use remote management tools like PDQ — and many of our peer companies — to carry out malicious activities.
The security and trust we provide to users is at the heart of what we do, and so we’re proactively enacting some precautions to ensure a reliable and continuous experience with our products.
We also wanted to share a bit more about what’s been going on and why things moved so fast this week.
First off — we know this has been disruptive. The short turnaround wasn’t fair to anyone who lost time because of it, and we’re genuinely sorry. It wasn’t planned, and it wasn’t the timeline we wanted for anyone in the PDQ extended community. This quick turnaround isn’t something we anticipate happening again — changing certificates on this kind of timeline isn’t our normal practice.
Here’s the situation: Back in August, we started seeing bad actors trying to use PDQ Connect through trials — people attempting to misuse the product in ways that could put others at risk. RMM and IT tools are common targets for this. We caught it early and quickly locked down trial functionality to stop those attempts.
Since then, we’ve been working closely with Microsoft and a few others to strengthen how we detect and prevent misuse.
Then, this week, we hit something we couldn’t plan for: We were asked to change our certificate, and it had to happen immediately. We had to move at the speed the situation required, not the speed we wanted.
The good news is, we’ve put stronger protections in place so we (and you) don’t have to go through something like this again. Hopefully, all future updates are the kind you never see or notice.
We’ll include the instructions below. For those on PDQ Connect, the agents will auto-update if you’re connected to the internet. For PDQ Deploy and SmartDeploy, the update process is quick — but we know it can still be inconvenient and frustrating if your computers are offline for an extended period or if admins haven’t seen the notices yet. We’re proactively reaching out to those still using older versions to help smooth the process.
Here are some pertinent updates to be aware of as we roll these changes out:
Changing certificates for current customers
As part of our ongoing commitment to security and reliability, we’ve changed the certificate used to validate our products. PDQ customers’ certificates will be revoked by October 20, 2025 at 7 p.m. ET. Once that occurs, older versions of PDQ software signed with this certificate may no longer launch or install correctly.
If you’re a PDQ Deploy and/or PDQ Inventory customer or user:
Download the latest versions:
In the lower-right corner of Deploy or Inventory, click A new version is available, or
Log in at portal.pdq.com to grab the latest installers.
Run the installers to update your products.
Restart your PDQ services or console to activate the new certificate.
If you’re a SmartDeploy customer or user:
Update to the latest version of SmartDeploy as soon as possible:
From the SmartDeploy Desktop Console, select Update available.
Or, log in at app.smartdeploy.com to download the latest version.
Once downloaded, run the installer to update.
Update SmartDeploy clients to the latest version:
From Computer Management, select the client devices and Update Client.
If you’re a PDQ Connect customer or user:
Connect agents will automatically update to version 5.10.5 or later in the background — no action is required as long as devices remain connected to the network. If the agent has not been updated to v5.10.5 or later by October 20, 2025, the agent will need to be manually reinstalled. If you’re in an all-signed environment, you’ll need to add the new PDQ certificate to your Trusted Root CA Store so your deployments keep running smoothly.
Increased scrutiny for trials and self-service purchases
As our industry has seen, free trials are the entryway for many of the threat actors who trigger the false positives affecting our tools.
As a result, all future trials and self-service purchases will encounter additional verification steps to access our products and run particular tasks. These changes are in line with ones rolled out by other endpoint management solutions. No current customers are affected by these changes. We believe these changes, though at times slightly annoying, will help us to drastically diminish the number of threats we face.
What comes next
Threat actors look for ways to abuse legitimate management tools. The updates outlined here are precautionary measures to maintain the highest levels of safety and security. These updates will help ensure that PDQ products can only run in trusted environments.
For additional information, please view this support document. Should you have further questions, our support team is standing by to help you through this process: support@pdq.com.
