Jump to content

Infractal

Members
  • Content Count

    19
  • Joined

  • Last visited

Profile Information

  • Location
    USA
  1. After doing a bit more digging, I am noticing that browsers are behaving differently. Qualys tests against IE11 doing SSL inspection show TLS 1.2 support, but Firefox 36 is only going up to TLS 1.1. Is cipher customization a possibility? I'd really like to get those RC4 ciphers pulled out.
  2. Is there a roadmap for adding TLS 1.2 support for SSL inspection? I would also like to see the following forward secrecy ciphers supported to match the Win8.1/10 schannel stack, along with the ability to configure the cipher and protocol config on clients so I can do things like disable RC4 ciphers for my enterprise clients. TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
  3. No, this is an AD-joined system. Processes running as both System and Network Service execute with the token of the computer AD object, which is a member of Domain Computers and has access to the share. Local Service is the only built-in account that accesses network resources anonymously. If what you were saying was true, then domain joined computers would never be able to auth and access group policy data off the domain sysvol share before a user logon, which is not true. Like I said before, I can make this work on pre-Win10 but something screwy is going on here and I doubt I am the only one
  4. Yeah, if I I change it to the Current User option or hard-code credentials then I can make it work, but that isn't a good solution. If I use the currently logged in credentials, then it only updates when there is an active user session. If I hard code it, then credentials could possibly be stolen or if they are ever changed I have to go through the work of pushing a new config. Pulling with the System credentials fixes both those problems, and appears to only have problems on this specific OS. The system account is a member of the domain computers account, which has read access to the shar
  5. We have a SMB file share of our Mirror folder on the RAS server that we use to propigate definition updates internally. With our Win7/2008R2/2012R2 client using a mix of version 4/5 clients, we have no problem getting updates. I started testing out the Win10 tech preview running 5.0.2229.1 client and gave it the same configuration as our other systems to connect to the \\[RAS]\mirror share (Domain Computers and Domain Users have read access) and I get a generic Could Not Connect To Server error. I can browse to it in Windows Explorer no problem, the update.ver and all the .nup files are re
  6. This is pulling directly from Microsoft's update servers. I haven't seen a problem with contacting internal WSUS servers over HTTPS but I would assume Microsoft is being much more permissive there since an internal WSUS deployment could be using any certificate, where as the ones hosted on Microsoft.com can be pinned. This is for the Windows 7 Windows Update Agent 7.6.7600.256 that was released around July 1st/2nd. When you say re-add the cert, do you mean the ESET one that it uses for SSL inspection or the one on Microsoft's end?
  7. After the update to the windows update agent on Windows 7 (possible 8/8.1 as well) I am not longer able to pull and install updates from Microsoft over WU when SSL inspection is enabled. The connection fails citing a certificate error. I assume MS is tightening up their update agent and pinning a cert to it, so when it sees the ESET cert sitting in the middle for traffic inspection it kills the connection without pulling updates. I disabled SSL inspection and things started working correctly again, but I assume there is a list of URLs used by the Windows Update agent that I can exclude from SS
  8. Still seeing the issue on 5.0.2228 with the mydish.com login. Macros, Is there an ETA to when that module will hit the pre-release channel?
  9. Okay, extra info and a way to reproduce it. Trying to go to the login link on www.mydish.com fails with a cert error against identity1.dishnetwork.com on Firefox 27.0.1. IE11 passes it without an issue.
  10. Group policy deployments are pretty simple. Do a manual install on a client and set it up so its pointed to your management server and whatever other customizations you want, then export the config out to a file you name cfg.xml. Put the msi installer and that cfg.xml file out on a network share in the same directory and when the installer launches it automatically parses the cfg.xml file as an answer file to configure your clients. Assigned software installs work as expected from there. You can set up the management servers so that one is the upstream master of the other. If things are se
  11. Since re-enabling the SSL scanning feature on 5.0.2225, I occasionally run in to websites that throw the following cert error in Firefox 27.0.1: ssl_error_bad_mac_alert No idea if this is because of an issue with the way Nod32 implements the SSL interception, or its a problem on the other end with a bad SSL implementation on the target server, but the error doesn't give me a lot to go on when it crops up. Win 7 64-bit SP1 Firefox 27.0.1 Endpoint Protection 5.0.2225.0 Virus signature database: 9533P (20140312) Rapid Response module: 3808 (20140312) Update module: 1048 (20140204) A
  12. That seems to have fixed the problem. Thanks for the help!
  13. This seems to have fixed the LSASS memory leak issue that I was seeing. Great work! Unfortunately IMAPS scanning still breaks Outlook, but you can't have everything.
  14. KB2735855 has been superseeded by KB2790655, 2845690, 2868623, and 2888049 all of which have been approved for install and deployed by our WSUS server. I tried manually installing KB2789397 but it says the update does not apply to my system, and I am assuming that the contents of the hotfix have been merged in to one of the other KBs that are already installed. I will send you the info on the sysinspector logs in the PM.
×
×
  • Create New...