 |
 |
|
Try our free Certificate Revocation List Check Tool CRLcheck.exe a free tool to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks CRL and OCSP download. |
|
Antivirus Exclusion for NON Windows Defender In the world of IT security, antivirus tools like Windows Defender are our go-to guardians against all sorts of threats. But sometimes, we need to make exceptions for certain stuff related to Microsoft Intune. Now, here’s the deal (See end of this Blog entry below) Windows Defender has this […]
Had a case where the McAfee EPO DB almost blew due to an EPO issue or, let’s say, McAfee prevented it from happening by encountering SQL-Express limitations. We’re relieved that since EPO 5.X, they’ve implemented two databases; one for EPO and one for Events; effectively splitting the load in size and safeguarding the crucial elements. […]
For all DBA’s > Yes we know but Mcafee tells us to shrink 😉 Also see our security concerning regarding centralizes SQL for Security Appliances/Servers. Problem: You are unable to shrink the Mcafee EPO SQL Database with Management Studio (GUI). You are already on “SIMPLE RECOVERY” mode for the DB. Management […]
Ransomware in der Schweiz Lösungsansätze für mehr Cybersicherheit Die Bedrohung durch Ransomware in der Schweiz erfordert intelligente Lösungen. Eine effektive Methode, die sich bewährt hat, ist der Einsatz von “Black/White-Listing” Technologien, wie sie beispielsweise von McAfee TIE bereitgestellt werden. Diese fortschrittliche Technologie, die auf intelligenter Listenführung basiert, stellt derzeit die einzige wirksame Lösung dar, um […]
McAfee Endpoint Security Platform for Linux and McAfee Endpoint Security for Linux Threat Prevention Mcafee/Trellix is one of the security vendors which cover every client OS. I personal only work with Linux based on CENTOS Stream private or on the job with security appliances or MDM managment Servers. I love Centos and it has […]
What is a minidriver? https://learn.microsoft.com/en-us/windows-hardware/drivers/stream/class-driver-and-minidriver-definitions In the world of Windows operating systems, minidrivers play a crucial role in facilitating communication between the hardware and the operating system. However, having several minidrivers installed on a Windows 10 or 11 system can potentially lead to performance problems. Here’s why: 1. Resource Consumption: Each minidriver consumes […]
02.07.2023 Attacker is able to change the redirection of the LOGOUT page. To date we are unsure if this is only if you you use SAML as in the NOV 2022 Exploit. GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1 Pre Authentication XSS in Citrix Gateway (CVE-2023-24488) Die Abfrageparameter für URL werden nicht ausreichend gesäubert, bevor sie in den HTTP […]
Update to 5.10.0 Service Pack 1 BUILD 4098 There is an issue with EPO 5.10.0 Service Pack 1 RE-Post. We have seen some EPO 5.10.0 Service Pack 1 gone through smooth and some larger EPO fail. Trellix member CDINET from Trellix Forum stated a tip how to install sucessfully. Here is how to solve the […]
THIS KB is valid for EPO4/5 until 5.1 and even with the SPLIT in TWO database this still happens in 2024. We just had a case where the OrionAuditlog table was 22GB+ on the MAIN DB. Sample Problem: VMWARE Monitoring Events from “Vmware Converter and Tools” fill the EPO Database rapidly (1GB/Hour). delete from EPOEvents […]
Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]
CVE-2023-23397 Was ausgenutz wird: Anstatt Standard Microsoft Outlook Sound kann man für ein meeting reminder einen Custom Sound angeben. Dieser kann auf einem Share liegen. Da liegt der Hund begraben. https://learn.microsoft.com/de-de/office/client-developer/outlook/mapi/pidlidreminderoverride-canonical-property https://www.forbes.com/sites/daveywinder/2023/03/15/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/?sh=47f058ce6e5e CVE-2023-23397 ist ein Outlook-Bug. Wenn Sie eine eingehende E-Mail für einen Termin mit einer benutzerdefinierten Erinnerung (Ton, Attribut PidLIDReminder) senden, wird Outlook.exe (2012/2016) versuchen, […]
“We once had a case where we needed to install a URL-Rewrite Module in IIS CAS 2010 to submit more information to the Rapid7 Solution. (This was during a time before all the monthly leaks for 2013/2016/2019 came up, pushing all customers towards M365, and it was unclear what the module would do inside Exchange, […]
Sophos-UTM-9314-13-Data-Disk-is-filling-up Alert E-Mail you get Data Disk is filling up – please check. Current usage: 98% System Uptime : 11 days 20 hours 21 minutes System Load : 0.06 System Version : Sophos UTM 9.314-13 Please refer to the manual for detailed instructions. First to do that you have to enable SSH and you have […]
Mcafee posted a fixed version of the 10.7 June 2022 release. Hidden in the release notes you will find an important detail. You can now EXCLUDE Signature/Exploit/IPS rules FOR certain Active Directory users or group by SID. This is like a WMI filter for GPO Group Policy to drill down more granular and to target […]
Database Configuration: Ensure the following settings for the EPO Database: Autoshrink: False Auto Close: False Auto Update Statistics: True These settings prevent unnecessary shrinking and closing of the database, while maintaining up-to-date statistics for efficient performance. Customization for Rare Circumstances: While Auto Update Statistics is generally recommended as true, there might […]
