It is Fort sandbox 2000E one of the sandboxing appliances that can be integrated with a CAS for sandboxing like Fireeye for instance?
In the middle of managing a fairly big rollut and upgrade of DCSSA where there are a number of administrators and people who prefer to use the commands to put DCS in to a buikltin mode instead of tuning or using the override.exe tool.
Is there a way to create a detection event to track who runs sisipsconfig -r ? Looking to create an event which can report the usr name that has run the command.
Over the weekend, I upgraded our SEPM from 14.0 RU1 MP2 to SEPM 14.2. Our server is a Hyper-V VM running W 2008R2. I noticed after the successful upgrade, some policies disappeared from our main group. This group uses customized non-shared policies. After the upgrade the non-shared policies Firewall, Intrusion Prevention, Application and Device Control, Memory Exploit Mitigation, and Exceptions were gone from the group. Any groups with shared policies were unaffected. I also noticed some the locked settings in the remaining policies were now unlocked. I created a checkpoint of the VM before the upgrade and was able to roll back to 14.0 RU1 MP2. I tried the upgrade multiple times with same results each time.
I looks like I will have to create new policies to replace the ones that disappeared. I validated the built-in db after the update and it passed validation. I have never seen this before after dozens of upgrades over the years. Can anyone offer an explanation?
I needed to clone several end user workstations (Windows 7 x64 Pro) running SEE 8.2.1 Full Disk. I used a SEE Recovery USB and recover /d to decrypt the drive first and then cloned the disk via Ghost to another disk.
Does decrypting the drive first change or modify any of the metadata related to the files stored on the drive?
I am running Windows 10 Pro, 64-bit OS, Version 1803 (OS build 17134.112) with SEP client 14.0.3929.1200.
The operating system has all current MS patches applied.
Yesterday, I downloaded Sep64_To_758_EN.zip and extracted the correct executable to upgrade my client.
The client was not upgraded.
I checked the installation files and discovered that the assumed language for the upgrade was Korean!
Perhaps the reason for the failure to upgrade was due to the presumed language (Korean) being inconsistent with my system (US English).
Someone should check to assure that the proper language version is associated with the upgrade file names.
Hi there, I’m receiving this alert al least 40 times in a week (week-ends the most) It seems that is an internal issue as I’m behind a firewall and both, the attacker and the target are part of the network. I really appreciate comments and support.
We manage our Macs with the JAMF Casper Suite. Currently, we have some systems which are not updating their virus definitions. I was wondering if there is a definitive key, plist value, attribute, log string or some other data I can access, via command line, which would allow me to build smart computer group criteria in the JAMf server. This would allow us to identify all systems whose virus defs are not up to date which in turn would allow us to take remedial action through either self service or by launching Live Update remotely.
Thank you in advance for any assistance anyone may be able to provide.
I’m trying to encrypt using “PGP Command Line 10.4.1 build 54” and it works flawlessly but with some RSA keys, in where I get the following output:
# pgp -e test.txt -r 0xXXXXXXXX –passphrase ” ” -s –verbose
pgp:encrypt (3157:current local time 2018-06-14T08:50:49+02:00)
pubring.pkr:open keyrings (1006:public keyring)
secring.skr:open keyrings (1007:private keyring)
0xXXXXXXXX:encrypt (1030:key added to recipient list)
0xYYYYYYYY:encrypt (1051:default key added as signer)
test.txt:encrypt (3090:operation failed, unknown cipher number)
Looks like the public key from the other part (with which I want to encrypt) was created with Kleopatra but this shoudn’t be an issue as I have other colleagues that use too that software.
How could I check what’s wrong?