Prohibited Software Life Cycle using Service Now
In short, we aim to establish an allow list to permit only approved software while blocking any unauthorized programs. Our goal is to enable users to request the inclusion of software in the allow list through ServiceNow. We intend to integrate this process
Add Wildcard SSL endpointcentral
We bought a Wildcard SSL , with *.our-domain.com do we still need to go through the three steps of the following guide? ] adding the SSL in the third step isnot enough? https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/importing_ssl_certificates.html
Root CA being issued by Desktop Central
Has anyone noticed a Root CA cert being installed by DesktopCentral on agents? It looks like they issue two certs directly from the DesktopCentral server to the agent endpoints and put them in the cert store. Any way to issue this from a trusted CA?
Integration of EC with Tenable
Hi team, We are interested to try EC integration with Tenable.sc but we need to know if the Endpoint Central only will read data from Tenable or can impact that environment as well? So basically we want the integration to works in a way that it reads
Bitlocker Deployment
I created a BitLocker policy and deployed to a test group of machines. My main question is if the policy deployment turns on BitLocker automatically and encrypts the drive? I couldn't find a clear answer online and I have been waiting for my test device
BITLOCKER SILENT DEPLOY
Good morning, I need to deploy the encryption of disks c: and d: with bitlocker on 1000 PCs, only when it starts encrypting the progress window appears where you can also cancel. Is there a way to make everything completely silent, so that the user doesn't
Alert of locked Technician account, but the account does not exist
Hello ME EC Support. I just received the alert below, but we do not have any such "Admin" local authentication account in EC, per your best practices. Is this a real alert/concern, or an error in the product or? Thanks in advance. Dear Admin Greetings
Trying to setup Enable Agent Server Trusted Communication
We are trying to setup Enable Agent Server Trusted Communication, we have a certificate installed to secure the web interface, which is working ok. When we choose Enable Agent Server Trusted Communication, it wants us the add a certificate, and just re-directs
11.2.2325.4 - Binary Signature mismatch. Scanning failed
Anyone else getting this in Compliance Scans since the new update So far the only work around I found is to uninstall Agent, reboot, delete the Agent folder, then redeploy Agent This isn't the best solution
CIS Compliance - Server 2016 Benchmark v2.0.0
This was released back in May, Windows 10 was updated, It would be nice to get Server 2016 updated, Any idea when this may happen?
Browser DLP - Block Pasting data to Generative AI websites.
I was hoping to find a feature similar to what LayerX uses, where you can block users from pasting data into their browsers, based on the website. I understand that we can implement a blocklist to prevent the usage of these sites, but ChatGPT and others
EndpointCentral Security Addon: Endpoint DLP policy deployment "stuck" on deploying
Following the addition of the Security Addon to EndpointCentral, I've been experimenting with the Endpoint DLP functionality. While I initially had no issues deploying a few test policies, I'm now at a point where, even after several days of waiting,
Latest Update Detected as HackTool.Win32.PAExec.aa
When applying the latest update TrendMicro detected the files C:\ManageEngine\dc\DesktopCentral_Server\webapps\DesktopCentral\agent\64bit\OSD-RemoteOffice.zip as HackTool.Win32.PAExec.aa. Trend Says it fixed it but I am not sure. I will be sending the
Web console
Hello, I had upgraded my endpoint central to 10.1.2228.26 and was able to connect to the console securely. Then, a couple hours later, the web console is now saying your connection is not secure. I am accessing it internally by the way. How can I get
Endpoint Central Roles/Permissions
Is there a way to setup a user role so that they can manage all computers and all devices (like and administrator), except for computers and devices in a specific 'Static Unique' group?
Secure Gateway Patch Issue
I am attempting to install the latest patch for Secure Gateway Server build (90099) and I keep getting an error message when the UpdateManager.bat checks the patch. Please see attached image for error message.
TLS 1.0 is still showing up on port 8027 on our server
our security scan is showing that port 1.0 is still available on port 8027. We have the Registry entry to shut this down on the system in SCHANNEL. however it still seems to be available on the above port that is used. is there a way of shutting down.
CVE-2022-47523
So, the latest (.19) build of Endpoint Central says that it addresses CVE-2022-47523. However, neither NIST nor MITRE list Endpoint Central as an affected product on their pages for this CVE. So, what's the deal? Is this a vulnerability in EC, per the
MEEC inactive hosts deletion policy
Hello MEEC Team! I have question regading automtic deletion of inactive hosta. Some time ago, when we started using MEDC ( old name) v10.1.2137.5 we set policy that host that are inactive for couple months will be deleted. After we patched to now MEEC
Security Level Checking
Is there a way to prevent Desktop Central from constantly nagging us about the "Security Level" of our instance every time we log in? We get it. Some of these things are never going to be enabled in our environment.
Problem with Certificate
Hi we have created a cert from our internal CA, and uploaded it as per the KB, but it says they cert isn't valid. All the names are correct, and the certificate chain is also valid. There are no errors when importing the cert. The only thing i can see
Does Endpoint Central use OpenSSL 3.X.X Branch?
Hello, Do any of the components of Endpoint central use the OpenSSL 3.X.X branch? With the pending release of a critical vulnerability in this branch, I would like to know if we need to be concerned at this time. https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
Why Are NMAP and NETCAT included in the lasted Desktop central update? Antivirus alert
Hello, We downloaded the latest PPM from your website and as soon as our antivirus scanned the files it throws an alert about NetCat being included in this build. What possible valid reason could these tools (Nmap and Netcat) be included for? Is this
Custom Policy on compliance Feature
Hi, Understand on the latest version of desktop central there is a feature called "COMPLIANCE" and wondering if there is any chance that we can upload our internal policy hardening & monitor, audit it time to time ? also aware that the current built base
Secure Gateway 90096 Hotfix update error
Hi, When updating the Mange Engine Secure Gateway to the latest Hotfix of 90096, it installs but fails saying it was unable to complete the update and to run the FSConfigure batch file and to try again, once again this fails to install the hotfix and
Bitlocker encryption Powershell Script
I am trying to push a Powershell script to enable and encrypt remote machines that have Manage Engine desktop central agent on their machines (machines are not domain joined and user is not domain joined). The below script I have added to our MEDC computer
Gateway Server web UI login
Is there a way to fully disable or redirect the web interface the gateway server? Though we have it disabled via the button in Desktop Central, you can still get to the login page. Example: if we go to the gateway login screen https://xxx.xxx.xxx.xxx:8383
SSL/TLS Version that DesktopCentral Uses
Hi, I can see in the documentation that DesktopCentral uses HTTPS over port 8383 but I can't find anywhere that details what protocol version this is (i. e. SSL/TLS1.0/1.1/1.2). Could somebody please confirm? Thanks, Josh
Secure Gateway Server and Server 2022
Hi, Is Secure Gateway Server supported on Windows Server 2022? Regards, Nathan
Cetificate error
Good day. I need help please, I am getting the error below when I try to import the new certificate: certifcate:
Windows Defender showing as vulnerable, but actually it's not
This is the first time I'm really digging into our new Endpoint Security add-on. One thing that's strange is I have a lot of systems showing: "Vulnerabilites CVE-2021-31978,CVE-2021-31985 are fixed in Windows Defender 1.1.18200.3 mpam-fe-defender-x64"
Agent creates many files (private keys)
Hi MEDC 10.0.706 DC agent creates many files (private keys) in folder C:\ProgramData\Microsoft\Crypto\SystemKeys on all computers (workstations and servers), where agent installed. During every one session from computer to DC server DC agent create 10-12
2 factor auth wont stay configured
Has anyone else had an issue with the 2 factor auth where after a few weeks it wants you to rescan QR code and reset up 2 factor when you login? We even have a few techs that even using the application or email it never accepts their 2 factor config.
The A in API is lost due to enforced 2fa
Hi, we decided to take ManageEngine because of the richt API. But from beginning of the enforced 2fa this is not automatic anymore. I know none API with a 2fa. How is it possible to disable the 2fa in ManageEngineproducts like patch engine? Thanks in
Apache version on Distribution Servers is out-of-date
I would like to bring something to everyone's attention as I am honestly shocked about this. As I am sure everyone knows, Apache suffered from a few critical vulnerabilities recently. Since Desktop Central and the Distribution Servers make use of Apache,
Authentication Bypass Vulnerability
In the latest hotfix release notes there is mention that a authentication bypass has been fixed in build 10.1.2137.8. https://www.manageengine.com/products/desktop-central/help/introduction/read-me/sp-readme.html Are there any details on the severity
Can't login to Desktop Central
We are locked out of desktop central. The accounts where setup to send a passcode to e-mail when logging in. Our Exchange server crashed though and is unrecoverable. So we are not receiving any e-mails. Even the local admin account on that box requires
Enable https mode in Desktop Central
Hi everyone, I need to enable secure login (https mode) in Desktop Central, but I have a simple doubt, when I'll enable it, the ports that Im using will automatically change? Is there a way that it doesn't change? Because I don't wanna update all the
Is there a place in MEDC (with Endpoint Security) to report on Microsoft Defender Antivirus details?
Microsoft Defender Antivirus logs all sorts of good information (scan results, detections, etc.) in the Windows event log (seen by Event Viewer). Is there somewhere in MEDC (with Endpoint Security) where we can view and report on this data? Here is a
Browser Management Associated App Links
Hi, I'm diving into the browser management panel of Desktop Central and have been trying to find a way to skip the user interaction process in Google Chrome for a particular site that calls a local app that we install for most users. After the first time
Next Page