 |
 |
|
Try our new Certificate Revocation List Check Tool CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files. |
||
Mcafee/Trellix ENS 10.7 Exploit Prevention Content 13401 Update SIG 6232 from 15.05.2024 brought a false with some customers from us. This comes with good (change) or bad (false) timing after we have seen some Gootloader activity happening in EU/CH these days. This happens on ENS 10.7 APRIL 2024 and also on Nov 2023 Version […]
Google Chrome.exe 124 und Edge Chromium könnten Probleme haben, sich mit einem Webserver hinter älteren Firewalls oder Proxys zu verbinden, ODER bestimmte Sicherheitsgeräte filtern HTTPS/TLS-Websites nicht mehr. Das Problem hat etwa am 22.04.2024 begonnen und nimmt laufend zu. Dies könnte Sie betreffen, wenn: Sie oder jemand anderes einen Webserver oder einen Dienst mit […]
How to use Microsoft certutil.exe –url or –urlcache to find CRL and OCSP on Windows manually, or utilize our freeware tool crlcheck.exe, which performs the same function fully automatically for all EXE files on your system. crlcheck.exe https://www.butsch.ch/post/crlcheck-exe-certificate-revocation-list-check-tool-to-verify-all-crl-and-ocsp-on-windows-client/ What is a CRL Certificate Revocation List file? Each certificate authority (CA) periodically issues […]
M.A.S.U (M)CAFEE (A)TD (S)ANDBOX (U)PLOADER V4.1, Mike Butsch, Senior System Engineer, www.butsch.ch Remark 2024: Everything will work for TIS / Trellix Intelligent Sandbox we have been using the same tool with every release of TIS. Hopefully there is a ready solution for FireEye without using Python The tool is freeware, feel free to use it. […]
Mit diesem Tool findet man schnell und einfach alle verwendeten CRL eines clients und kann prüfen ob der client diese erreicht. In den vergangenen Jahren habe ich persönlich miterlebt, wie die Zertifikatssperrung auf Windows-Systemen oft unterschätzt wird, selbst in großen Unternehmen. Dieses Problem beeinträchtigt sowohl Client- als auch Server-Systeme erheblich, wenn es nicht korrekt […]
The KEMP option “Detect Malicious Requests” blocks Winword from connecting to WordPress or BLOGengine.net blog provider configurations, changing or uploading existing blog entries with pictures. We lost quite some time on this one because we were initially searching forever on our firewall and other WAF appliances. Finally, we found out that this is due […]
CRLcheck.exe Certificate Revocation List Check Tool to automatic verify CRL and OCSP internet reachability of all your EXE files that your client runs. Over the past 20 years, I have personally witnessed how Certificate Revocation on Windows systems is often underestimated, even within large enterprises. This issue significantly affects both client and server […]
Mcafee/Trellix EPO 5.10 SP1 Update 2, LDAP Sync Save Agent Settings FAILS/Stalls Bug Do not add, change, or modify Organizational Units (OUs) in Active Directory where you sync via LDAP. You won’t be able to change the LDAP Sync settings in EPO 5.10 SP1 UPD. We have just wasted a full morning on a bug […]
With EPO 5.10 on a fresh install, you have GetSusp.exe in both 32-bit and 64-bit versions in the Master if you perform an automatic product check-in. You can easily run the small tool GETSUPS.exe (command line/GUI standalone scanner) via EPO. I am not sure if I missed it because I never use the […]
Trellix EPO 5.10 base install or upgrade fail Rollback with SQL 2022 Express Does also happen with: EPO5100_ServicePack1_4098_LR1.zip (lATEST DOWNLOAD 01.05.2024) Just had a case where we searched for longer, but it was NOT related to a dual install of WSUS+EPO. Because we sometimes have a dual install of EPO and WSUS roles on the […]
Exploit/Lücken CVE-2023-5444 (RISK HIGH) und CVE-2023-5445. Update Mcafee/Trellix EPO Management Server There is emergency patch for EPO and the Trellix Forum seems to be down or rebuilt? Here is some info to help you this way. We have just updated around 10 EPO on-premises installations from EPO 5.10 SP1 to UPD2 or from 5.10 […]
Antivirus Exclusion for NON Windows Defender In the world of IT security, antivirus tools like Windows Defender are our go-to guardians against all sorts of threats. But sometimes, we need to make exceptions for certain stuff related to Microsoft Intune. Now, here’s the deal (See end of this Blog entry below) Windows Defender has this […]
Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial […]
For all DBA’s > Yes we know but Mcafee tells us to shrink 😉 Also see our security concerning regarding centralizes SQL for Security Appliances/Servers. Problem: You are unable to shrink the Mcafee EPO SQL Database with Management Studio (GUI). You are already on “SIMPLE RECOVERY” mode for the DB. Management […]
Ransomware in der Schweiz Lösungsansätze für mehr Cybersicherheit Die Bedrohung durch Ransomware in der Schweiz erfordert intelligente Lösungen. Eine effektive Methode, die sich bewährt hat, ist der Einsatz von “Black/White-Listing” Technologien, wie sie beispielsweise von McAfee TIE bereitgestellt werden. Diese fortschrittliche Technologie, die auf intelligenter Listenführung basiert, stellt derzeit die einzige wirksame Lösung dar, um […]
