ENS | Endpoint Security Archives

DLP | Data Loss Prevention ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix MSME | Security for Exchange SECURITY Server 2012 R2 Server 2016 Server 2022 [21H2/22H2/32H2]

Crowdstrike Falcon Sensor, Azure VM Repair paths

19.07.2024 admin

The procedures in this article describe methods you can use to attach an encrypted OS disk to a repair VM and then unlock that disk. After the disk is unlocked, you can repair it. As a final step, you can replae the OS disk on the original VM with this newly repaired version. Microsoft has […]

ENS | Endpoint Security Exchange 2013 Exchange 2016 Exchange 2019 WSUS

13.06.2024 False-Postive with ENS 10.7, AMCORE 5554 on Windows Defender AM_Delta_Patch Server 2019 German

10.07.2024 admin

Trellix ENS 10.7 deletes Windows Defender Update which come from WSUS-Server on German Server 2019 We just did see a false positive on Windows Defender Updates we provide via WSUS with autoaprove on a Windows Server 2019 German with Trellix ENS 10.7 and AMCORE 5554. The file was deleted from C:\Windows\SoftwareDistribution\Download\ Microsoft affected file: […]

ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix

Trellix ePolicy Orchestrator 5.10.0 Service Pack 1 Update 3 fixes Update and LDAP bugs

04.06.2024 admin

FILE: ePO_5.10.0_SP1_UP3_1634, 460MB Finally the LAP Sync bug and the rollback (WMI) bug was fixed. There seems to be some truncate or shorten engineering force. We can understand that they want to prevent Buffer Overflow but the issue here with the LDAP client names shorten and then the issue with the TIE/DXL […]

ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix SECURITY

Mcafee/Trellix ENS Gootkit False ENS 10.7 after 15.05.2024, rule SIG 6232 with VBS from TEMP

16.05.2024 admin

Mcafee/Trellix ENS 10.7 Exploit Prevention Content 13401 Update SIG 6232 from 15.05.2024 brought a false with some customers from us. This comes with good (change) or bad (false) timing after we have seen some Gootloader activity happening in EU/CH these days. This happens on ENS 10.7 APRIL 2024 and also on Nov 2023 Version […]

Deployment ENS | Endpoint Security FW Fortigate FW Sophos Mcafee/Trellix Scripting SECURITY

Certutil.exe –url –urlcache how to use and freeware GUI crl check to automate CRL verify

21.04.2024 admin

How to use Microsoft certutil.exe –url or –urlcache to find CRL and OCSP on Windows manually, or utilize our freeware tool crlcheck.exe, which performs the same function fully automatically for all EXE files on your system. crlcheck.exe https://www.butsch.ch/post/crlcheck-exe-certificate-revocation-list-check-tool-to-verify-all-crl-and-ocsp-on-windows-client/ What is a CRL Certificate Revocation List file? Each certificate authority (CA) periodically issues […]

CRUNCH ENS | Endpoint Security FW Fortigate FW Sophos GPO | Gruppenrichtlinien Intunes M365 - Exchange Online M365,AZURE,INTUNE Mcafee/Trellix Microsoft SCCM,MEM,MDT Microsoft Server OS Scripting Tools we made Uncategorized W10 WSUS

CRL check, Zertifikatsperrlisten Software, Certificate Revocation List Check Tool zum suchen aller geblockten CRL in Firmenumgebungen, crlcheck.exe

06.04.2024 admin

Mit diesem Tool findet man schnell und einfach alle verwendeten CRL eines clients und kann prüfen ob der client diese erreicht. In den vergangenen Jahren habe ich persönlich miterlebt, wie die Zertifikatssperrung auf Windows-Systemen oft unterschätzt wird, selbst in großen Unternehmen. Dieses Problem beeinträchtigt sowohl Client- als auch Server-Systeme erheblich, wenn es nicht korrekt […]

CRUNCH Deployment DLP | Data Loss Prevention ENS | Endpoint Security Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 FW Fortigate FW Sophos Intunes M365 - Exchange Online Mcafee/Trellix Microsoft Exchange Microsoft SCCM,MEM,MDT Microsoft Server OS MSME | Security for Exchange Scripting SECURITY Server 2016 Server 2022 [21H2/22H2/32H2] TIE/ATD/ATP | Sandbox - Advanced Threat Protection Tools we made VMWare W10

CRLcheck.exe Certificate Revocation List Check Tool to verify all CRL and OCSP on Windows client

23.03.2024 admin

CRLcheck.exe Certificate Revocation List Check Tool to automatic verify CRL and OCSP internet reachability of all your EXE files that your client runs. Over the past 20 years, I have personally witnessed how Certificate Revocation on Windows systems is often underestimated, even within large enterprises. This issue significantly affects both client and server […]

ENS | Endpoint Security EPO | ePolicy Orchestrator Mcafee/Trellix SECURITY

Mcafee Trellix, GetSusp.exe EPO Version reports back to EPO Dashboard

23.01.2024 admin

With EPO 5.10 on a fresh install, you have GetSusp.exe in both 32-bit and 64-bit versions in the Master if you perform an automatic product check-in. You can easily run the small tool GETSUPS.exe (command line/GUI standalone scanner) via EPO. I am not sure if I missed it because I never use the […]

ENS | Endpoint Security SECURITY

Install McAfee/Trellix Endpoint Security Platform for Linux and Endpoint Security for Linux Threat Prevention on Centos Stream

12.08.2023 admin

McAfee Endpoint Security Platform for Linux and McAfee Endpoint Security for Linux Threat Prevention Mcafee/Trellix is one of the security vendors which cover every client OS. I personal only work with Linux based on CENTOS Stream private or on the job with security appliances or MDM managment Servers. I love Centos and it has […]

ENS | Endpoint Security EPO | ePolicy Orchestrator SQL

Mcafee EPO Server 5.X Database or Space growing EPOevents or OrionAuditlog

09.04.2023 admin

THIS KB is valid for EPO4/5 until 5.1 and even with the SPLIT in TWO database this still happens in 2024. We just had a case where the OrionAuditlog table was 22GB+ on the MAIN DB. Sample Problem: VMWARE Monitoring Events from “Vmware Converter and Tools” fill the EPO Database rapidly (1GB/Hour). delete from EPOEvents […]

Azure ENS | Endpoint Security EPO | ePolicy Orchestrator Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE Mcafee/Trellix Microsoft Exchange SECURITY

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

04.04.2023 admin

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

ENS | Endpoint Security Mcafee/Trellix

Mcafee ENS 10.7 June 2022 new Exclude EXPLOIT Rules by Active Directory user or group

28.07.2022 admin

Mcafee posted a fixed version of the 10.7 June 2022 release. Hidden in the release notes you will find an important detail. You can now EXCLUDE Signature/Exploit/IPS rules FOR certain Active Directory users or group by SID. This is like a WMI filter for GPO Group Policy to drill down more granular and to target […]

ENS | Endpoint Security Mcafee/Trellix SECURITY

McAfee free tool GETSUSP.EXE (Cloud scanner for URL and files)

16.03.2021 admin

Hallo, Es gibt einen neuen Release eines Tools mit welchen man Clients scannen kann und alles was es nicht kennt (spanisch vorkommt) vollautomatisch zu Mcafee GTI sendet. Man kann damit unbekannte Files an McAfee einsenden zur Analyse. Falls man eine E-Mail Adresse angibt bekommt man am Schluss den Report nach der Analyse. Die […]

ENS | Endpoint Security Mcafee/Trellix W10

McAfee ENS WEB CONTROL outlook.exe chart.dll crash

19.05.2020 admin

01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release Produktversion (Endpoint Security Platform) 10.7.0.1961 JUL 2020 Release Produktversion (Endpoint Security Threat Prevention) 10.7.0.2021 JUL 2020 Release Web Control 10.7.0.1607 JUL 2020 Release On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active. This behaviour is seen up […]

ENS | Endpoint Security SECURITY

Mcafee/Trellix MVision Endpoint first look and why we never used it

08.10.2018 admin

We just did finish our first look at the new MVSION Client when already a new Release came out the last days. https://kc.mcafee.com/corporate/index?page=content&id=SNS1746 This report reflects version 18.10.2.2. Main reason business drivers for the MVSION version for us are: AMSI integration and usage of Windows Defender as base pattern scanner (You can only scan malware […]


Try our new Certificate Revocation List Check Tool CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

Category: ENS | Endpoint Security