Category: SECURITY

Mcafee/Trellix EPO 5.10 SP1 UPD2 (Update 2) Installation CVE-2023-5444 (RISK HIGH) and CVE-2023-5445

Exploit/Lücken CVE-2023-5444 (RISK HIGH) und CVE-2023-5445. Update Mcafee/Trellix EPO Management Server   There is emergency patch for EPO and the Trellix Forum seems to be down or rebuilt? Here is some info to help you this way. We have just updated around 10 EPO on-premises installations from EPO 5.10 SP1 to UPD2 or from 5.10 […]

Mastering Firewalls for Intunes and Autopilot Success, FQDN, IP, CRL to get Intunes running

Mastering Firewalls for Intunes and Autopilot Success In the realm of IT, especially with the advent of cloud-based systems like M365 and Intune, managing firewalls has evolved into a complex challenge. Gone are the days of a handful of external ports; now, it’s like navigating a digital maze of ports and IP ranges. Enter the […]

Missing entry in Fortigate Application Filter ROOT.CERTIFICATE.URL and OCSP source of W10 Setup failing

Fortigate Application Filter Certificate wrong/missing Entry sample for an important laptop driver (W10 Deployment fails because of signed Driver Revocation Lookup)     Missing entry in Fortigate Application Filter “ROOT.CERTIFICATE.URL” and “OCSP” source of failing   Windows 10 Deployment with commercial Deployment Products (This includes HP client hardware, Microsoft SCCM, Landesk or Ivanti Frontrange). During […]

Mcafee/Trellix EPO Server, Logon failed due to a full database disk (SQL cleanup)

Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial […]

Mcafee/Trellix: ATP/TIE Threat Intelligence Exchange im Einsatz

Ransomware in der Schweiz Lösungsansätze für mehr Cybersicherheit Die Bedrohung durch Ransomware in der Schweiz erfordert intelligente Lösungen. Eine effektive Methode, die sich bewährt hat, ist der Einsatz von “Black/White-Listing” Technologien, wie sie beispielsweise von McAfee TIE bereitgestellt werden. Diese fortschrittliche Technologie, die auf intelligenter Listenführung basiert, stellt derzeit die einzige wirksame Lösung dar, um […]

Install McAfee/Trellix Endpoint Security Platform for Linux and Endpoint Security for Linux Threat Prevention on Centos Stream

  McAfee Endpoint Security Platform for Linux and McAfee Endpoint Security for Linux Threat Prevention Mcafee/Trellix is one of the security vendors which cover every client OS. I personal only work with Linux based on CENTOS Stream private or on the job with security appliances or MDM managment Servers. I love Centos and it has […]

Mix on MINIDRIVER Security and Profile Virtualisation and performance (Mcafee/Trellix, Rapid 7 and Ivanti on same VDI)

  What is a minidriver? https://learn.microsoft.com/en-us/windows-hardware/drivers/stream/class-driver-and-minidriver-definitions In the world of Windows operating systems, minidrivers play a crucial role in facilitating communication between the hardware and the operating system. However, having several minidrivers installed on a Windows 10 or 11 system can potentially lead to performance problems. Here’s why:   1. Resource Consumption: Each minidriver consumes […]

02.07.2023, CITRIX 0-DAY, Pre Authentication XSS in Citrix Gateway (CVE-2023-24488)

02.07.2023 Attacker is able to change the redirection of the LOGOUT page. To date we are unsure if this is only if you you use SAML as in the NOV 2022 Exploit. GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1 Pre Authentication XSS in Citrix Gateway (CVE-2023-24488) Die Abfrageparameter für URL werden nicht ausreichend gesäubert, bevor sie in den HTTP […]

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

CVE-2023-23397, Outlook.exe Exploit, PidLIDReminder custom Sound ab SMB für Termin Reminder

CVE-2023-23397 Was ausgenutz wird: Anstatt Standard Microsoft Outlook Sound kann man für ein meeting reminder einen Custom Sound angeben. Dieser kann auf einem Share liegen. Da liegt der Hund begraben. https://learn.microsoft.com/de-de/office/client-developer/outlook/mapi/pidlidreminderoverride-canonical-property https://www.forbes.com/sites/daveywinder/2023/03/15/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/?sh=47f058ce6e5e CVE-2023-23397 ist ein Outlook-Bug. Wenn Sie eine eingehende E-Mail für einen Termin mit einer benutzerdefinierten Erinnerung (Ton, Attribut PidLIDReminder) senden, wird Outlook.exe (2012/2016) versuchen, […]