Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

Category: EPO | ePolicy Orchestrator

Mcafee/Trellix ENS Gootkit False ENS 10.7 after 15.05.2024, rule SIG 6232 with VBS from TEMP

  Mcafee/Trellix ENS 10.7 Exploit Prevention Content 13401 Update SIG 6232 from 15.05.2024 brought a false with some customers from us. This comes with good (change) or bad (false) timing after we have seen some Gootloader activity happening in EU/CH these days. This happens on ENS 10.7 APRIL 2024 and also on Nov 2023 Version […]

McAfee ATD – Trellix TIS MASU.exe Sandbox Uploader. A freeware tool to submit files to ATD/TIS automatic

M.A.S.U (M)CAFEE (A)TD (S)ANDBOX (U)PLOADER V4.1, Mike Butsch, Senior System Engineer, Remark 2024: Everything will work for TIS / Trellix Intelligent Sandbox we have been using the same tool with every release of TIS. Hopefully there is a ready solution for FireEye without using Python The tool is freeware, feel free to use it. […]

Trellix EPO 5.10 base install or upgrade fail Rollback with SQL 2022 Express

Trellix EPO 5.10 base install or upgrade fail Rollback with SQL 2022 Express Does also happen with: (lATEST DOWNLOAD 01.05.2024) Just had a case where we searched for longer, but it was NOT related to a dual install of WSUS+EPO. Because we sometimes have a dual install of EPO and WSUS roles on the […]

Mcafee/Trellix EPO 5.10 SP1 UPD2 (Update 2) Installation CVE-2023-5444 (RISK HIGH) and CVE-2023-5445

Exploit/Lücken CVE-2023-5444 (RISK HIGH) und CVE-2023-5445. Update Mcafee/Trellix EPO Management Server   There is emergency patch for EPO and the Trellix Forum seems to be down or rebuilt? Here is some info to help you this way. We have just updated around 10 EPO on-premises installations from EPO 5.10 SP1 to UPD2 or from 5.10 […]

Mcafee/Trellix EPO Server, Logon failed due to a full database disk (SQL cleanup)

Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial […]

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

Trellix and McAfee EPO Server SQL Server Performance tips

    Database Configuration: Ensure the following settings for the EPO Database:   Autoshrink: False Auto Close: False Auto Update Statistics: True These settings prevent unnecessary shrinking and closing of the database, while maintaining up-to-date statistics for efficient performance.   Customization for Rare Circumstances: While Auto Update Statistics is generally recommended as true, there might […]