How to check the CISA published weekly list of vulnerabilities against my Endpoint Central list of CVE's that need patched?
I want to feed to my Endpoint Central on-premises server, a list of CVEs from CISA (example here: Vulnerability Summary for the Week of March 4, 2024 | CISA (this table would have to be parsed out of the html page). The goal is to find out what actual
Anti Virus Exclusions for Desktop Central - Server and Client
Looking all the exclusion required for Endpoint central product.
Change Agent Service Account
I am in the process of removing my domain admin account from use as a service account across my domain. I have created a new service account for endpoint central, and added the account to endpoint central in the credential manager. Before I remove the
Browser Control Options - QUIC Protocol disabling
I'm looking at adding security for our network's systems and had a question about the browser control options. Is there an easy way to disable the QUIC protocol in all browsers through EPC?
New antivirus update definitions
Hi, You introduced in the last version of Endpoint central a new next generation antivirus, I want to ask how will be definition update be applied to it?
Inventory report to scheduled report
Hi! I can run Inventory report from Security reports -> Bitlocker details and filter it by Domain and Custom Group how I can do this scheduled and push results via email (pdf or link). If only query report is option how this can be done ?
TLS 1.0 and 1.1 detected on port 8027
Hi, I don't know if a recent patch has broken this, but now our port scanning service is detecting TLS 1.0 and TLS 1.1 on port 8027. Our Endpoint Central service version is 10.1.2228.11. There is an update available to 10.1.2228.20, but the changelog
Prohibited Software Life Cycle using Service Now
In short, we aim to establish an allow list to permit only approved software while blocking any unauthorized programs. Our goal is to enable users to request the inclusion of software in the allow list through ServiceNow. We intend to integrate this process
Unable to import thrid party certificate
Hi. We use th DesktopCentral build 11.2.2325.17 The current certificate (issued by our internal enterprise CA) expires on December 1, 2023 It is not possible to renew a certificate issued by our internal enterprise CA. (attached screenshot import-certificate.png)
Add Wildcard SSL endpointcentral
We bought a Wildcard SSL , with *.our-domain.com do we still need to go through the three steps of the following guide? ] adding the SSL in the third step isnot enough? https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/importing_ssl_certificates.html
Root CA being issued by Desktop Central
Has anyone noticed a Root CA cert being installed by DesktopCentral on agents? It looks like they issue two certs directly from the DesktopCentral server to the agent endpoints and put them in the cert store. Any way to issue this from a trusted CA?
Integration of EC with Tenable
Hi team, We are interested to try EC integration with Tenable.sc but we need to know if the Endpoint Central only will read data from Tenable or can impact that environment as well? So basically we want the integration to works in a way that it reads
Bitlocker Deployment
I created a BitLocker policy and deployed to a test group of machines. My main question is if the policy deployment turns on BitLocker automatically and encrypts the drive? I couldn't find a clear answer online and I have been waiting for my test device
Agent communication port same as WEB UI access for administrator
It has come to our attention that the UEM agent communication with the UEM server is currently configured to use the same port as the one designated for administrators to access the UEM web console, e.g. port 8020 Following documentation: https://www.manageengine.com/products/desktop-central/general-how-to.html
BITLOCKER SILENT DEPLOY
Good morning, I need to deploy the encryption of disks c: and d: with bitlocker on 1000 PCs, only when it starts encrypting the progress window appears where you can also cancel. Is there a way to make everything completely silent, so that the user doesn't
Alert of locked Technician account, but the account does not exist
Hello ME EC Support. I just received the alert below, but we do not have any such "Admin" local authentication account in EC, per your best practices. Is this a real alert/concern, or an error in the product or? Thanks in advance. Dear Admin Greetings
Trying to setup Enable Agent Server Trusted Communication
We are trying to setup Enable Agent Server Trusted Communication, we have a certificate installed to secure the web interface, which is working ok. When we choose Enable Agent Server Trusted Communication, it wants us the add a certificate, and just re-directs
Tomcat Vulnerabilities in MEEC
Apache Tomcat Vulnerabilities being reported within MEEC. CVE-2022-29885, CVE-2022-34305, CVE2022-42252, CVE-2023-24998, CVE-2023-34981. Should we be concerned?
11.2.2325.4 - Binary Signature mismatch. Scanning failed
Anyone else getting this in Compliance Scans since the new update So far the only work around I found is to uninstall Agent, reboot, delete the Agent folder, then redeploy Agent This isn't the best solution
CIS Compliance - Server 2016 Benchmark v2.0.0
This was released back in May, Windows 10 was updated, It would be nice to get Server 2016 updated, Any idea when this may happen?
Browser DLP - Block Pasting data to Generative AI websites.
I was hoping to find a feature similar to what LayerX uses, where you can block users from pasting data into their browsers, based on the website. I understand that we can implement a blocklist to prevent the usage of these sites, but ChatGPT and others
Disable local authentication / AD when using SAML
Hi, Is there a way to disable local and AD authentication when using SAML yet? This has been identified as very high security risk. Regards, Nathan
EndpointCentral Security Addon: Endpoint DLP policy deployment "stuck" on deploying
Following the addition of the Security Addon to EndpointCentral, I've been experimenting with the Endpoint DLP functionality. While I initially had no issues deploying a few test policies, I'm now at a point where, even after several days of waiting,
Latest Update Detected as HackTool.Win32.PAExec.aa
When applying the latest update TrendMicro detected the files C:\ManageEngine\dc\DesktopCentral_Server\webapps\DesktopCentral\agent\64bit\OSD-RemoteOffice.zip as HackTool.Win32.PAExec.aa. Trend Says it fixed it but I am not sure. I will be sending the
Web console
Hello, I had upgraded my endpoint central to 10.1.2228.26 and was able to connect to the console securely. Then, a couple hours later, the web console is now saying your connection is not secure. I am accessing it internally by the way. How can I get
Endpoint Central Roles/Permissions
Is there a way to setup a user role so that they can manage all computers and all devices (like and administrator), except for computers and devices in a specific 'Static Unique' group?
Secure Gateway Patch Issue
I am attempting to install the latest patch for Secure Gateway Server build (90099) and I keep getting an error message when the UpdateManager.bat checks the patch. Please see attached image for error message.
TLS 1.0 is still showing up on port 8027 on our server
our security scan is showing that port 1.0 is still available on port 8027. We have the Registry entry to shut this down on the system in SCHANNEL. however it still seems to be available on the above port that is used. is there a way of shutting down.
CVE-2022-47523
So, the latest (.19) build of Endpoint Central says that it addresses CVE-2022-47523. However, neither NIST nor MITRE list Endpoint Central as an affected product on their pages for this CVE. So, what's the deal? Is this a vulnerability in EC, per the
MEEC inactive hosts deletion policy
Hello MEEC Team! I have question regading automtic deletion of inactive hosta. Some time ago, when we started using MEDC ( old name) v10.1.2137.5 we set policy that host that are inactive for couple months will be deleted. After we patched to now MEEC
Security Level Checking
Is there a way to prevent Desktop Central from constantly nagging us about the "Security Level" of our instance every time we log in? We get it. Some of these things are never going to be enabled in our environment.
Problem with Certificate
Hi we have created a cert from our internal CA, and uploaded it as per the KB, but it says they cert isn't valid. All the names are correct, and the certificate chain is also valid. There are no errors when importing the cert. The only thing i can see
Does Endpoint Central use OpenSSL 3.X.X Branch?
Hello, Do any of the components of Endpoint central use the OpenSSL 3.X.X branch? With the pending release of a critical vulnerability in this branch, I would like to know if we need to be concerned at this time. https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
Why Are NMAP and NETCAT included in the lasted Desktop central update? Antivirus alert
Hello, We downloaded the latest PPM from your website and as soon as our antivirus scanned the files it throws an alert about NetCat being included in this build. What possible valid reason could these tools (Nmap and Netcat) be included for? Is this
Custom Policy on compliance Feature
Hi, Understand on the latest version of desktop central there is a feature called "COMPLIANCE" and wondering if there is any chance that we can upload our internal policy hardening & monitor, audit it time to time ? also aware that the current built base
Secure Gateway 90096 Hotfix update error
Hi, When updating the Mange Engine Secure Gateway to the latest Hotfix of 90096, it installs but fails saying it was unable to complete the update and to run the FSConfigure batch file and to try again, once again this fails to install the hotfix and
Bitlocker encryption Powershell Script
I am trying to push a Powershell script to enable and encrypt remote machines that have Manage Engine desktop central agent on their machines (machines are not domain joined and user is not domain joined). The below script I have added to our MEDC computer
Gateway Server web UI login
Is there a way to fully disable or redirect the web interface the gateway server? Though we have it disabled via the button in Desktop Central, you can still get to the login page. Example: if we go to the gateway login screen https://xxx.xxx.xxx.xxx:8383
SSL/TLS Version that DesktopCentral Uses
Hi, I can see in the documentation that DesktopCentral uses HTTPS over port 8383 but I can't find anywhere that details what protocol version this is (i. e. SSL/TLS1.0/1.1/1.2). Could somebody please confirm? Thanks, Josh
Secure Gateway Server and Server 2022
Hi, Is Secure Gateway Server supported on Windows Server 2022? Regards, Nathan
Next Page