SECURITY Archives - Page 3 of 6

02.07.2023, CITRIX 0-DAY, Pre Authentication XSS in Citrix Gateway (CVE-2023-24488)

02.07.2023 admin

02.07.2023 Attacker is able to change the redirection of the LOGOUT page. To date we are unsure if this is only if you you use SAML as in the NOV 2022 Exploit. GET /oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1 Pre Authentication XSS in Citrix Gateway (CVE-2023-24488) Die Abfrageparameter für URL werden nicht ausreichend gesäubert, bevor sie in den HTTP […]

EPO | ePolicy Orchestrator Mcafee/Trellix SECURITY

Mcafee/Trellix EPO 5.10.0 Service Pack Repost 1, 4098, fails to install and rollback

07.06.2023 admin

Update to 5.10.0 Service Pack 1 BUILD 4098 There is an issue with EPO 5.10.0 Service Pack 1 RE-Post. We have seen some EPO 5.10.0 Service Pack 1 gone through smooth and some larger EPO fail. Trellix member CDINET from Trellix Forum stated a tip how to install sucessfully. Here is how to solve the […]

ENS | Endpoint Security EPO | ePolicy Orchestrator SQL

Mcafee EPO Server 5.X Database or Space growing EPOevents or OrionAuditlog

09.04.2023 admin

THIS KB is valid for EPO4/5 until 5.1 and even with the SPLIT in TWO database this still happens in 2024. We just had a case where the OrionAuditlog table was 22GB+ on the MAIN DB. Sample Problem: VMWARE Monitoring Events from “Vmware Converter and Tools” fill the EPO Database rapidly (1GB/Hour). delete from EPOEvents […]

Azure ENS | Endpoint Security EPO | ePolicy Orchestrator Exchange 2013 Exchange 2016 Exchange 2019 M365 - Exchange Online M365,AZURE,INTUNE Mcafee/Trellix Microsoft Exchange SECURITY

M365, Exchange Online Remote Powershell blocked by T1056 Mitre Trellix

04.04.2023 admin

Trellix ENS 10.X, T1056 – Key capture using PowerShell detected, Host intrusion buffer overflow ExP:Illegal API Use Blocked an attempt to exploit C:\WINDOWS\SYSTEM32\WINDOWSPOWERSHELL\V1.0\POWERSHELL.EXE, which targeted the GetAsyncKeyState API. For efficient M365 and Exchange Online management, there are various methods available. While utilizing the PowerShell button within the Admin Portal is one option, it requires an Azure […]

Exchange 2010 Exchange 2013 Exchange 2016 Exchange 2019 Hotfixes, Updates M365,AZURE,INTUNE SECURITY SPAM Fortimail

CVE-2023-23397, Outlook.exe Exploit, PidLIDReminder custom Sound ab SMB für Termin Reminder

15.03.2023 admin

CVE-2023-23397 Was ausgenutz wird: Anstatt Standard Microsoft Outlook Sound kann man für ein meeting reminder einen Custom Sound angeben. Dieser kann auf einem Share liegen. Da liegt der Hund begraben. https://learn.microsoft.com/de-de/office/client-developer/outlook/mapi/pidlidreminderoverride-canonical-property https://www.forbes.com/sites/daveywinder/2023/03/15/microsoft-outlook-warning-critical-new-email-exploit-triggers-automatically-update-now/?sh=47f058ce6e5e CVE-2023-23397 ist ein Outlook-Bug. Wenn Sie eine eingehende E-Mail für einen Termin mit einer benutzerdefinierten Erinnerung (Ton, Attribut PidLIDReminder) senden, wird Outlook.exe (2012/2016) versuchen, […]

Exchange 2016 Microsoft Exchange Microsoft Server OS SECURITY

KEMP Load Balancer, Microsoft IIS, How to see Source IP address in Logfiles on Webserver

02.02.2023 admin

“We once had a case where we needed to install a URL-Rewrite Module in IIS CAS 2010 to submit more information to the Rapid7 Solution. (This was during a time before all the monthly leaks for 2013/2016/2019 came up, pushing all customers towards M365, and it was unclear what the module would do inside Exchange, […]

FW Sophos

Sophos-UTM-9314-13-Data-Disk-is-filling-up

15.10.2022 admin

Sophos-UTM-9314-13-Data-Disk-is-filling-up Alert E-Mail you get Data Disk is filling up – please check. Current usage: 98% System Uptime : 11 days 20 hours 21 minutes System Load : 0.06 System Version : Sophos UTM 9.314-13 Please refer to the manual for detailed instructions. First to do that you have to enable SSH and you have […]

ENS | Endpoint Security Mcafee/Trellix

Mcafee ENS 10.7 June 2022 new Exclude EXPLOIT Rules by Active Directory user or group

28.07.2022 admin

Mcafee posted a fixed version of the 10.7 June 2022 release. Hidden in the release notes you will find an important detail. You can now EXCLUDE Signature/Exploit/IPS rules FOR certain Active Directory users or group by SID. This is like a WMI filter for GPO Group Policy to drill down more granular and to target […]

EPO | ePolicy Orchestrator SQL

Trellix and McAfee EPO Server SQL Server Performance tips

19.10.2021 admin

Database Configuration: Ensure the following settings for the EPO Database: Autoshrink: False Auto Close: False Auto Update Statistics: True These settings prevent unnecessary shrinking and closing of the database, while maintaining up-to-date statistics for efficient performance. Customization for Rare Circumstances: While Auto Update Statistics is generally recommended as true, there might […]

Deployment Mcafee/Trellix

Windows Server Service Stuck at Pending (How to Force stop with SC CLI)

16.10.2021 admin

Sample: Analyzing and Resolving “STOP pending” Status for McAfee Tomcat Service 1. Identify Stuck Service: – Open Command Prompt with administrative privileges. – Dump the list of all services to a text file using the command: `sc query > service_list.txt` 2. Inspect Service List: – Open the generated text file using a text editor like […]

ENS | Endpoint Security Mcafee/Trellix SECURITY

McAfee free tool GETSUSP.EXE (Cloud scanner for URL and files)

16.03.2021 admin

Hallo, Es gibt einen neuen Release eines Tools mit welchen man Clients scannen kann und alles was es nicht kennt (spanisch vorkommt) vollautomatisch zu Mcafee GTI sendet. Man kann damit unbekannte Files an McAfee einsenden zur Analyse. Falls man eine E-Mail Adresse angibt bekommt man am Schluss den Report nach der Analyse. Die […]

Mcafee/Trellix TIE/ATD/ATP | Sandbox - Advanced Threat Protection

Trellix/MCAFEE ATD: Sandbox stays at STATUS BAD

27.09.2020 admin

Trellix/MCAFEE ATD: Sandbox stays at STATUS BAD We just had a case where an MCAFEE ATD-3000 Sandbox was staying at the Status BAD. A person hat submitted a file to analyse with XVIEW (Look into the Sandbox) and did shutdown the VM after that analyse. NO > Rebuild of the VM’s did not solve NO […]

FW Fortigate FW Sophos Hotfixes, Updates SECURITY W10

Browser TLS 1.3 activated and your Firewall can’t handle it?

02.09.2020 admin

TLS 1.3 https://tools.ietf.org/html/rfc8446 Some modern Browser switch to TLS 1.3 automatic if the Web server on the other side supports this. Like Version 72 of Chrome.exe or even your OS is like Windows 10 Buildnummer 20170 upwards (That means the OS itself). So it’s all safer and faster? https://blogs.windows.com/windows-insider/2020/07/15/announcing-windows-10-insider-preview-build-20170/ The problem is that some Next […]

Exchange 2010 Exchange 2013 Exchange 2016 Mcafee/Trellix Microsoft Exchange MSME | Security for Exchange

McAfee Security for Exchange 8.6, Display Bug warning Dat out of date

01.09.2020 admin

EPO integrated McAfee Security for Exchange 8.6 SP2 If you have a fully integrated Mcafee Security for Exchange which you manage the POLICY and SETTINGS from the EPO (Not on the Exchange itself) you may see an error in the GUI where it says “Your Anti-Virus DAT may be out of DATE”. That is just […]

ENS | Endpoint Security Mcafee/Trellix W10

McAfee ENS WEB CONTROL outlook.exe chart.dll crash

19.05.2020 admin

01.09.2020, this is solved in 10.7.0.1607 JULY 2020 Release Produktversion (Endpoint Security Platform) 10.7.0.1961 JUL 2020 Release Produktversion (Endpoint Security Threat Prevention) 10.7.0.2021 JUL 2020 Release Web Control 10.7.0.1607 JUL 2020 Release On several W10 machines we have seen Outlook.exe crash with Mcafee ENS Endpoint Security 10.7 Web Control active. This behaviour is seen up […]


Try our new Certificate Revocation List Check Tool CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

Category: SECURITY