SECURITY - www.butsch.ch

Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 Hotfixes, Updates M365,AZURE,INTUNE SECURITY SPAM Fortimail

CVE-2023-23397, Outlook.exe Exploit, PidLIDReminder custom Sound ab SMB für Termin Reminder

15.03.2023 admin

CVE-2023-23397 Was ausgenutz wird: Anstatt Standard Microsoft Outlook Sound kann man für ein meeting reminder einen Custom Sound angeben. Dieser kann auf einem Share liegen. Da liegt der Hund begraben. https://learn.microsoft.com/de-de/office/client-developer/outlook/mapi/pidlidreminderoverride-canonical-property https://www.forbes.com/sites/daveywinder/2023/03/15/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/?sh=47f058ce6e5e CVE-2023-23397 ist ein Outlook-Bug. Wenn Sie eine eingehende E-Mail für einen Termin mit einer benutzerdefinierten Erinnerung (Ton, Attribut PidLIDReminder) senden, wird Outlook.exe (2012/2016) versuchen, […]

Exchange 2016 Microsoft Exchange Microsoft Server OS SECURITY

KEMP Load Balancer, Microsoft IIS, How to see Source IP address in Logfiles on Webserver

02.02.2023 admin

“We once had a case where we needed to install a URL-Rewrite Module in IIS CAS 2010 to submit more information to the Rapid7 Solution. (This was during a time before all the monthly leaks for 2013/2016/2019 came up, pushing all customers towards M365, and it was unclear what the module would do inside Exchange, […]

FW Sophos SECURITY

Sophos-UTM-9314-13-Data-Disk-is-filling-up

15.10.2022 admin

Sophos-UTM-9314-13-Data-Disk-is-filling-up Alert E-Mail you get Data Disk is filling up – please check. Current usage: 98% System Uptime : 11 days 20 hours 21 minutes System Load : 0.06 System Version : Sophos UTM 9.314-13 Please refer to the manual for detailed instructions. First to do that you have to enable SSH and you have […]

ENS | Endpoint Security Mcafee/Trellix

Mcafee ENS 10.7 June 2022 new Exclude EXPLOIT Rules by Active Directory user or group

28.07.2022 admin

Mcafee posted a fixed version of the 10.7 June 2022 release. Hidden in the release notes you will find an important detail. You can now EXCLUDE Signature/Exploit/IPS rules FOR certain Active Directory users or group by SID. This is like a WMI filter for GPO Group Policy to drill down more granular and to target […]

EPO | ePolicy Orchestrator SQL

Trellix and McAfee EPO Server SQL Server Performance tips

19.10.2021 admin

Database Configuration: Ensure the following settings for the EPO Database: Autoshrink: False Auto Close: False Auto Update Statistics: True These settings prevent unnecessary shrinking and closing of the database, while maintaining up-to-date statistics for efficient performance. Customization for Rare Circumstances: While Auto Update Statistics is generally recommended as true, there might […]

Deployment Mcafee/Trellix

Windows Server Service Stuck at Pending (How to Force stop with SC CLI)

16.10.2021 admin

Sample: Analyzing and Resolving “STOP pending” Status for McAfee Tomcat Service 1. Identify Stuck Service: – Open Command Prompt with administrative privileges. – Dump the list of all services to a text file using the command: `sc query > service_list.txt` 2. Inspect Service List: – Open the generated text file using a text editor like […]

ENS | Endpoint Security Mcafee/Trellix SECURITY

McAfee free tool GETSUSP.EXE (Cloud scanner for URL and files)

16.03.2021 admin

Hallo, Es gibt einen neuen Release eines Tools mit welchen man Clients scannen kann und alles was es nicht kennt (spanisch vorkommt) vollautomatisch zu Mcafee GTI sendet. Man kann damit unbekannte Files an McAfee einsenden zur Analyse. Falls man eine E-Mail Adresse angibt bekommt man am Schluss den Report nach der Analyse. Die […]

Mcafee/Trellix TIE/ATD/ATP | Sandbox - Advanced Threat Protection

Trellix/MCAFEE ATD: Sandbox stays at STATUS BAD

27.09.2020 admin

Trellix/MCAFEE ATD: Sandbox stays at STATUS BAD We just had a case where an MCAFEE ATD-3000 Sandbox was staying at the Status BAD. A person hat submitted a file to analyse with XVIEW (Look into the Sandbox) and did shutdown the VM after that analyse. NO > Rebuild of the VM’s did not solve NO […]

FW Fortigate FW Sophos Hotfixes, Updates SECURITY W10

Browser TLS 1.3 activated and your Firewall can’t handle it?

02.09.2020 admin

TLS 1.3 https://tools.ietf.org/html/rfc8446 Some modern Browser switch to TLS 1.3 automatic if the Web server on the other side supports this. Like Version 72 of Chrome.exe or even your OS is like Windows 10 Buildnummer 20170 upwards (That means the OS itself). So it’s all safer and faster? https://blogs.windows.com/windows-insider/2020/07/15/announcing-windows-10-insider-preview-build-20170/ The problem is that some Next […]

Exchange 2010 Exchange 2013 Exchange 2016 Mcafee/Trellix Microsoft Exchange MSME | Security for Exchange

McAfee Security for Exchange 8.6, Display Bug warning Dat out of date

01.09.2020 admin

EPO integrated McAfee Security for Exchange 8.6 SP2 If you have a fully integrated Mcafee Security for Exchange which you manage the POLICY and SETTINGS from the EPO (Not on the Exchange itself) you may see an error in the GUI where it says “Your Anti-Virus DAT may be out of DATE”. That is just […]

ENS | Endpoint Security Mcafee/Trellix W10

McAfee ENS WEB CONTROL outlook.exe chart.dll crash

19.05.2020 admin

01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release Produktversion (Endpoint Security Platform) 10.7.0.1961 JUL 2020 Release Produktversion (Endpoint Security Threat Prevention) 10.7.0.2021 JUL 2020 Release Web Control 10.7.0.1607 JUL 2020 Release On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active. This behaviour is seen up […]

FW Fortigate SECURITY

Fortigate Forticlient Silent Installlevel 1 does not work on 6.X Version how to solve

02.04.2019 admin

Problem: Forticlient Silent Option to select different Module to install does not work as before with Forticlient 6.X up to 6.0.5 (FortiClientSetup_6.0.5.0209_x64) Problem: You see an empty Forticlient Window when you open it Explanation: Bis jetzt gab es fuer den Forticlient: Forti Configurator (Ein Tool bei welchem man die Optionen wählen konnte […]

MSME | Security for Exchange SPAM Fortimail

Domains with .CH (Switzerland) extension active spreading Locky Ransomware in 2016/2017

23.01.2019 admin

Domains with .CH (Switzerland) extension active spreading Locky Ransomware in 2016/2017. We would like to state that the provider almost can’t do anything if the infect is with a hosting website and the customer has access via FTP and the customers client gets targeted. If they have a key logger or snigger on the client […]

FW Fortigate Mcafee/Trellix SECURITY TIE/ATD/ATP | Sandbox - Advanced Threat Protection

Browser Isolation V2.0 (Zusammen mit kommerziellen Proxy [MCAFEE | Symantec])

26.11.2018 admin

Ich habe einige neuere Präsentation zu neuen Webisolationen Konzepten angesehen. Arbeite selber zu 90% mit Mcafee seit 12 Jahren kenne aber diverse Symantec Enterprise Produkte von früher. Symantec bewirbt derzeit Ihre Web Isolation Loesung. (Fireglass gekauft und integriert in Ihre Serie der Produkte) Der key Punkt ist, dass dies bei Grossfirmen NUR in Verbindung mit […]

CRUNCH Deployment FW Fortigate FW Sophos Ivanti Frontrange Enteo M365,AZURE,INTUNE Mcafee/Trellix Microsoft SCCM,MEM,MDT Scripting SECURITY W10

Missing entry in Fortigate Application Filter ROOT.CERTIFICATE.URL and OCSP source of W10 Setup failing

31.10.2018 admin

Fortigate Application Filter Certificate wrong/missing Entry sample for an important laptop driver (W10 Deployment fails because of signed Driver Revocation Lookup) OR HOW a missing small ENTRY I a FORTIGATE FIREWALL IPS/APP filter can ruin your Windows 10 OS-Deployment work. Reason: Missing entry in Fortigate Application Filter “ROOT.CERTIFICATE.URL” and “OCSP” source of failing deployment […]

Certificate Revocation List Check Tool is designed to enhance security by performing several key functions related to executable files (EXE). It can scan your client for EXE files and examine their code-signing certificates. The tool also searches for the relevant CRL to determine whether it can be downloaded. It validates the integrity of the certificate chain, checks both the certificate and CRL for expiration dates, and can export a comprehensive list of all gathered information as a file. Additionally, it cross-references to ensure you are not using any revoked certificates, helping maintain a secure environment.

Category: SECURITY