Category: EPO | ePolicy Orchestrator

Mcafee/Trellix EPO 5.10 SP1 UPD2 (Update 2) Installation CVE-2023-5444 (RISK HIGH) and CVE-2023-5445

Exploit/Lücken CVE-2023-5444 (RISK HIGH) und CVE-2023-5445. Update Mcafee/Trellix EPO Management Server   There is emergency patch for EPO and the Trellix Forum seems to be down or rebuilt? Here is some info to help you this way. We have just updated around 10 EPO on-premises installations from EPO 5.10 SP1 to UPD2 or from 5.10 […]

Mcafee/Trellix EPO Server, Logon failed due to a full database disk (SQL cleanup)

Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial […]

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

Trellix and McAfee EPO Server SQL Server Performance tips

    Database Configuration: Ensure the following settings for the EPO Database:   Autoshrink: False Auto Close: False Auto Update Statistics: True These settings prevent unnecessary shrinking and closing of the database, while maintaining up-to-date statistics for efficient performance.   Customization for Rare Circumstances: While Auto Update Statistics is generally recommended as true, there might […]

Ransomware: How to integrate the WannaCry EXTRADAT in EPO or McAfee ENS client

12.05.2017 Urgent Release FRIDAY, Wana Decrypt0r | Wana Decryptor | WanaDecryptor@.exe https://kc.mcafee.com/corporate/index?page=content&id=KB89335 EXTRADAT: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/890 00/KB89335/en_US/EXTRA.zip EXTRA.zip   McAfee is aware that several customers are impacted by a new ransomware. Ransom-WannaCry (also known as WannaCry, WCry, WanaCrypt and WanaCrypt0r) is encrypting files with the .wnry, .wcry, .wncry, and .wncryt extensions. Encryption is occurring on the local […]

Mcafee Security for Exchange 8.5 Patch 1 Update fails on 2010 SP3 CAS with HUB roll

Problem: Mcafee Security for Exchange 8.5 Patch 1 Update fails on 2010 SP3 CAS with HUB roll Product: McAfee Security for Microsoft Exchange — Error 1920.Service MSExchangeIS (MSExchangeIS) failed to start. Verify that you have sufficient privileges to start system services. Migration Groupshield Mcafee Security for Exchange 8.6 to Patch 1 We first thought this was related […]

Mcafee EPO prevent exe RUNNING FROM %appdata%

Mcafee EPO prevent exe RUNNING FROM %appdata% folders with an Access protection Policy How to protect from most 0day Flash Exploits and malware like Ransom Cryptowall in summer 2015. You simply can’t keep up with patching even with deployment or Management solutions in place. Now you should have an IPS Filter like Fortigate with Fortiguard. […]

MCAFEE: Hotfix VSE88HF793640 per EPO verteilen

www.butsch.ch Diese Anleitung beschreibt wie man einen HOTFIX auf einem MCAFEE EPO Server 4.5/4.6 integriert und alle Systeme oder eine bestimmte Gruppe verteilt. Als Beispiel den Patch/Hotfix vom 21.08.2012 für Mcafee VSE 8.8. https://kc.mcafee.com/corporate/index?page=content&id=KB76004 DAT 6807/6808 Causing Issues with VSE 8.8.x   Inhalt Hotfix Paket einchecken    1 Distribute/Update an alle Endpoints im Netz    2 Distribute/Update PRO Untergruppe […]

Mcafee Framework 4.6 and EPO Migrarion from SRV 2003R2 to 2008R2

Mcafee Framework 4.6 is out Please check the 4 important Hotfixes which may seem important if you have “MS Malicious Software Removal Tool” installed. https://kc.mcafee.com/corporate/index?page=content&id=KB72202 1 Install/deploy Framework 4.62 Install HF660014 3 Install HF660568  Migration from Server 2003R2 32BIt to Windows Server R2008 R2 64bit (Same Server Name a must) Mcafee KB66616 (OS=OS) und KB71078 (OS !=OS). Sollte […]