Mcafee/Trellix EPO Server, Logon failed due to a full database disk (SQL cleanup)

Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial […]

Mcafee/Trellix: ATP/TIE Threat Intelligence Exchange im Einsatz

Ransomware in der Schweiz Lösungsansätze für mehr Cybersicherheit Die Bedrohung durch Ransomware in der Schweiz erfordert intelligente Lösungen. Eine effektive Methode, die sich bewährt hat, ist der Einsatz von “Black/White-Listing” Technologien, wie sie beispielsweise von McAfee TIE bereitgestellt werden. Diese fortschrittliche Technologie, die auf intelligenter Listenführung basiert, stellt derzeit die einzige wirksame Lösung dar, um […]

Intunes / M365, Deploy Company portal in 2023 via APPX and Line of Business (0x87D1041C)

Microsoft Intune Company Portal for Windows, APPX Version via Intune and Line of Business App (Avoid 0x87D1041C if you deploy the APP Store version) Problem: Intune users (customers) report that they encounter an issue: the application was not detected after a successful installation (0x87D1041C). You see success rated of 75-80%. That is simply not usable […]

Install McAfee/Trellix Endpoint Security Platform for Linux and Endpoint Security for Linux Threat Prevention on Centos Stream

  McAfee Endpoint Security Platform for Linux and McAfee Endpoint Security for Linux Threat Prevention Mcafee/Trellix is one of the security vendors which cover every client OS. I personal only work with Linux based on CENTOS Stream private or on the job with security appliances or MDM managment Servers. I love Centos and it has […]

Microsoft SCCM Configmanager latest version tryout and look | Why you still need MDT or SCCM and not only Autopilot

  If you take a closer look at some Autopilot deployment workflow for modern workplace you get unsure how this should be more simple over long strategy? If you compare the workflow to some SCCM version? Well Autopilot already needs two pages correct? 😉   In the past Microsoft has supplied the endcustomer free tools […]

Mix on MINIDRIVER Security and Profile Virtualisation and performance (Mcafee/Trellix, Rapid 7 and Ivanti on same VDI)

  What is a minidriver? https://learn.microsoft.com/en-us/windows-hardware/drivers/stream/class-driver-and-minidriver-definitions In the world of Windows operating systems, minidrivers play a crucial role in facilitating communication between the hardware and the operating system. However, having several minidrivers installed on a Windows 10 or 11 system can potentially lead to performance problems. Here’s why:   1. Resource Consumption: Each minidriver consumes […]

Eventviewer, eventvwr.exe commandline filter XML query buildingm (Call and pre filter view with one line)

Introduction: Event logs provide valuable insights into system operations, allowing IT professionals to monitor and troubleshoot potential issues. When dealing with Windows event logs, PowerShell is a powerful tool that enables event filtering, but it may not be everyone’s preferred choice due to complexity and perceived security concerns. In this blog post, we will explore […]

Azure Application Proxy | Die Eierlegende kostenlose Woll-Milch-Sau um on-premises Server extern erreichbar zu machen

Azure Application Proxy (Die Eierlegende kostenlose Woll-Milch-Sau um on-premises Server extern erreichbar zu machen) Was hört man an M365/Azure Schulungen Schönes? Wieso macht ihr alles so kompliziert? Publiziert doch Eure in-house Server ganz einfach und schnell über einen Azure Application Proxy? Dann braucht ihr all die teure Hardware nicht mehr. Es ist kostenlos bei den […]

M365/Intunes | MDM and MAM enrollement, Primary user, User Scope Limitation what affect

M365/Intunes | MDM and MAM enrolled difference explained   First, let’s take a look at two different models: MDM and MAM. These models provide options for managing endpoints, including computers, clients, mobiles, and smartphones.     Mobile Device Management (MDM) Often device corporate owned and paid (Regular employee of SBS or Enterprise)     MDM […]

02.07.2023, CITRIX 0-DAY, Pre Authentication XSS in Citrix Gateway (CVE-2023-24488)

02.07.2023 Attacker is able to change the redirection of the LOGOUT page. To date we are unsure if this is only if you you use SAML as in the NOV 2022 Exploit. GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1 Pre Authentication XSS in Citrix Gateway (CVE-2023-24488) Die Abfrageparameter für URL werden nicht ausreichend gesäubert, bevor sie in den HTTP […]