 |
 |
|
|
|
McAfee Endpoint Security Platform for Linux and McAfee Endpoint Security for Linux Threat Prevention Mcafee/Trellix is one of the security vendors which cover every client OS. I personal only work with Linux based on CENTOS Stream private or on the job with security appliances or MDM managment Servers. I love Centos and it has […]
Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]
Mcafee posted a fixed version of the 10.7 June 2022 release. Hidden in the release notes you will find an important detail. You can now EXCLUDE Signature/Exploit/IPS rules FOR certain Active Directory users or group by SID. This is like a WMI filter for GPO Group Policy to drill down more granular and to target […]
Hallo, Es gibt einen neuen Release eines Tools mit welchen man Clients scannen kann und alles was es nicht kennt (spanisch vorkommt) vollautomatisch zu Mcafee GTI sendet. Man kann damit unbekannte Files an McAfee einsenden zur Analyse. Falls man eine E-Mail Adresse angibt bekommt man am Schluss den Report nach der Analyse. Die […]
01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release Produktversion (Endpoint Security Platform) 10.7.0.1961 JUL 2020 Release Produktversion (Endpoint Security Threat Prevention) 10.7.0.2021 JUL 2020 Release Web Control 10.7.0.1607 JUL 2020 Release On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active. This behaviour is seen up […]
We just did finish our first look at the new MVSION Client when already a new Release came out the last days. https://kc.mcafee.com/corporate/index?page=content&id=SNS1746 This report reflects version 18.10.2.2. Main reason business drivers for the MVSION version for us are: AMSI integration and usage of Windows Defender as base pattern scanner (You can only scan malware […]
12.05.2017 Urgent Release FRIDAY, Wana Decrypt0r | Wana Decryptor | WanaDecryptor@.exe https://kc.mcafee.com/corporate/index?page=content&id=KB89335 EXTRADAT: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/890 00/KB89335/en_US/EXTRA.zip EXTRA.zip McAfee is aware that several customers are impacted by a new ransomware. Ransom-WannaCry (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files with the .wnry, .wcry, .wncry, and .wncryt extensions. Encryption is occurring on the local […]
Mcafee EPO prevent exe RUNNING FROM %appdata% folders with an Access protection Policy How to protect from most 0day Flash Exploits and malware like Ransom Cryptowall in summer 2015. You simply can’t keep up with patching even with deployment or Management solutions in place. Now you should have an IPS Filter like Fortigate with Fortiguard. […]
Symantec Endpoint Protection still has no Agentless Virus scan version like Trend or Mcafee with Move. Those use VSHIELD API from VMware and need no direct Software running in the VM. (http://www.vmware.com/pdf/vshield_55_admin.pdf) BUT test have shown that even with the Agent in the VM/VDI Symantec SEP 12.X is faster in daily tracking, stable status, scanning […]