SECURITY Archives - www.butsch.ch

FortiClient IPSEC VPN error Last Disconnect Reason: ChildSa_Negotiation_Failed

27.11.2025 admin

Fortinet FortiClient 7.4.4.1887 Error: ChildSa_Negotiation_Failed We just changed from Fortinet FortiGate SSLVPN to IPSEC because FortiGate will drop SLL VPN tunnel mode for security reasons. https://docs.fortinet.com/document/fortigate/latest/administration-guide/155142/ssl-vpn-tunnel-mode-to-ipsec-vpn-migration-new My VPN jump host running under VMware workstation could not connect to the IPSEC. Before you change the NIC mode or play around with VMNIC0-10 there is reason why […]

Deployment ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix Scripting SECURITY

Unable to migrate Trellix Endpoint ENS 10.7.19, Event 1000, MSVCP140.dll, mfeesp.exe, Error communicating with the Event Log

20.11.2025 admin

Unable to migrate to Trellix Trellix Endpoint Security ENS 10.7.19 and ENS GUI crash with event 1000 (Update/migration/upgrade) mfeesp.exe crashing GUI: Error communicating with the Event Log Application Event 1000 from MSVCP140.DLL, MSVCP140_1.DLL,MSVCP140_2.DLL, MSVCP140_atomic_wait.dll or MSVCP140_codecvt_ids.DLL Affected OS we have seen with error: Microsoft Windows W11 24H2 Microsoft Server 2016 Microsoft Server 2019 Terminal Server […]

Microsoft Server OS SECURITY Server 2008 R2 Server 2012 R2 Server 2016 Server 2019 Server 2022 [21H2/22H2/32H2] Server 2025 WSUS

Is your SBS environment update ready for 25H2 W11, SMB-Version, smbchecker.ps1

02.11.2025 admin

PowerShell script to check if you SMB setup is 25H2 ready Windows 11 25H2 – Small Update, Big Impact for SMB Environments Windows 11 25H2 is now being offered on home and business systems as an Enablement Pack. This means it’s not a full new installation — instead, it’s a small ~50 MB update […]

DLP | Data Loss Prevention ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 4

05.02.2025 admin

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 4 We have installed the latest Update 4 on several customer on-premises EPO installation and the update works fine and without any problems. Key Considerations for Updating Trellix ePO 5.10 SP1 to the Latest Rollup 4 Check your ePO database size. Some Trellix SP or Rollup […]

M365,AZURE,INTUNE SECURITY Server 2022 [21H2/22H2/32H2]

SMB over QUIC a OneDrive, Sharepoint replacement, SRV 2025?

24.07.2024 admin

SMB over QUIC UDP is coming to on-premises Server 2025 for all OS editions. This feature will be included in every edition of Microsoft Server 2025. It uses The Microsoft Windows Admin Center Server (WAC) which was built to manage you inhouse server structure remote (no Azure or cloud dependency). The Microsoft Server and Storage […]

DLP | Data Loss Prevention ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix MSME | Security for Exchange SECURITY Server 2012 R2 Server 2016 Server 2022 [21H2/22H2/32H2]

Crowdstrike Falcon Sensor, Azure VM Repair paths

19.07.2024 admin

The procedures in this article describe methods you can use to attach an encrypted OS disk to a repair VM and then unlock that disk. After the disk is unlocked, you can repair it. As a final step, you can replae the OS disk on the original VM with this newly repaired version. Microsoft has […]

Hotfixes, Updates Mcafee/Trellix Microsoft Server OS SECURITY Server 2012 R2 Server 2016 Server 2022 [21H2/22H2/32H2] VMWare

Falcon Sensor, Bluescreen of Death Vmware workaround if you can’t boot into recovery

19.07.2024 admin

Workaround Server / Vmware affected with NO Recovery Option and not encrypted: There are some server where you can’t boot into recovery or safe boot. If the volume is not encrypted you have one way to delete the faulty crowdstrike def file from the disk. Base article: 19.07.2024 BSOD Blue screen Crowdstrike – […]

Mcafee/Trellix SECURITY TIE/ATD/ATP | Sandbox - Advanced Threat Protection

19.07.2024 BSOD Blue screen Crowdstrike

19.07.2024 admin

The falcon has crashed BSOD blue screen of death on clients and server OS Red Teams and Hackers > see where you have brought us? https://www.trellix.com/about/why-trellix/vscrowdstrike/ The latest CrowdStrike Falcon Sensor update is causing a widespread issue resulting in a Blue Screen of Death (BSOD) boot loop globally. It’s a security professional’s worst nightmare […]

Deployment GPO | Gruppenrichtlinien Intunes Scripting SECURITY

Proxy settings der Cryptography API bei Zertifikatswiderrufslisten (CRL) von einem CRL-Verteilungspunkt

18.07.2024 admin

Dieser Artikel zielt darauf ab, den Prozess zu erläutern, den die Crypto API durchläuft, um erfolgreich eine HTTP-basierte URL für den CRL-Verteilungspunkt herunterzuladen. Er dient auch der Fehlerbehebung in Situationen, die mit der Netzwerkrückgewinnung von CRLs verbunden sind. Zusätzlich wird unser kostenloses Tool, crlcheck.exe, erwähnt, das dazu beitragen soll, komplexe Probleme effektiver zu lösen. […]

WSUS SECURITY SQL

WSUS problem or unstable when WID SQL is getting to big, how to shrink

15.07.2024 admin

Windows Update Server crashed often on Server 2016/2022 with WID Windows Internal Database. We have seen several newer WSUS Servers crahsing or hanging more often with SRV 2016 and even SRV 2019 WSUS. The source may be this table, which is 26GB and holds all the patch information and language descriptions. The full WID DB […]

WSUS ENS | Endpoint Security Exchange 2013 Exchange 2016 Exchange 2019

13.06.2024 False-Postive with ENS 10.7, AMCORE 5554 on Windows Defender AM_Delta_Patch Server 2019 German

10.07.2024 admin

Trellix ENS 10.7 deletes Windows Defender Update which come from WSUS-Server on German Server 2019 We just did see a false positive on Windows Defender Updates we provide via WSUS with autoaprove on a Windows Server 2019 German with Trellix ENS 10.7 and AMCORE 5554. The file was deleted from C:\Windows\SoftwareDistribution\Download\ Microsoft affected file: […]

ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 3 fixes Update and LDAP bugs

04.06.2024 admin

FILE: ePO_5.10.0_SP1_UP3_1634, 460MB Finally the LAP Sync bug and the rollback (WMI) bug was fixed. There seems to be some truncate or shorten engineering force. We can understand that they want to prevent Buffer Overflow but the issue here with the LDAP client names shorten and then the issue with the TIE/DXL […]

ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix SECURITY

Mcafee/Trellix ENS Gootkit False ENS 10.7 after 15.05.2024, rule SIG 6232 with VBS from TEMP

16.05.2024 admin

Mcafee/Trellix ENS 10.7 Exploit Prevention Content 13401 Update SIG 6232 from 15.05.2024 brought a false with some customers from us. This comes with good (change) or bad (false) timing after we have seen some Gootloader activity happening in EU/CH these days. This happens on ENS 10.7 APRIL 2024 and also on Nov 2023 Version […]

FW Fortigate FW Sophos KEMP Load Balancer M365,AZURE,INTUNE Mcafee/Trellix SECURITY

Google chrome 124 and Edge Chromium Probleme Webserver SSL-Brechen [DEU]

08.05.2024 admin

Google Chrome.exe 124 und Edge Chromium könnten Probleme haben, sich mit einem Webserver hinter älteren Firewalls oder Proxys zu verbinden, ODER bestimmte Sicherheitsgeräte filtern HTTPS/TLS-Websites nicht mehr. Das Problem hat etwa am 22.04.2024 begonnen und nimmt laufend zu. Dies könnte Sie betreffen, wenn: Sie oder jemand anderes einen Webserver oder einen Dienst mit […]

FW Fortigate KEMP Load Balancer M365,AZURE,INTUNE SECURITY

Google chrome.exe 124 and Edge Chromium cannot reach Webserver behind IPS/proxy [cipher X25519Kyber768]

08.05.2024 admin

Google Chrome.exe 124 and Edge Chromium may have problems connecting Webserver behind older firewalls or proxy OR certain security device do not filter HTTPS/TLS websites anymore. The problem has started around 22.04.2024 and is growing. This could effect you if: You run or someone else runs a Webserver or any service with https […]

Category: SECURITY