Secure Gateway Server and Server 2022
Hi, Is Secure Gateway Server supported on Windows Server 2022? Regards, Nathan
Cetificate error
Good day. I need help please, I am getting the error below when I try to import the new certificate: certifcate:
Windows Defender showing as vulnerable, but actually it's not
This is the first time I'm really digging into our new Endpoint Security add-on. One thing that's strange is I have a lot of systems showing: "Vulnerabilites CVE-2021-31978,CVE-2021-31985 are fixed in Windows Defender 1.1.18200.3 mpam-fe-defender-x64"
Agent creates many files (private keys)
Hi MEDC 10.0.706 DC agent creates many files (private keys) in folder C:\ProgramData\Microsoft\Crypto\SystemKeys on all computers (workstations and servers), where agent installed. During every one session from computer to DC server DC agent create 10-12
Appx Installer vulnerability - CVE-2021-43890
Does anyone know if this affects all Windows 10 versions? And if yes, how would one update this on all endpoints? Can Desktop Central support/deploy this patch (msixbundle and appx files)? https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43890
2 factor auth wont stay configured
Has anyone else had an issue with the 2 factor auth where after a few weeks it wants you to rescan QR code and reset up 2 factor when you login? We even have a few techs that even using the application or email it never accepts their 2 factor config.
The A in API is lost due to enforced 2fa
Hi, we decided to take ManageEngine because of the richt API. But from beginning of the enforced 2fa this is not automatic anymore. I know none API with a 2fa. How is it possible to disable the 2fa in ManageEngineproducts like patch engine? Thanks in
Apache version on Distribution Servers is out-of-date
I would like to bring something to everyone's attention as I am honestly shocked about this. As I am sure everyone knows, Apache suffered from a few critical vulnerabilities recently. Since Desktop Central and the Distribution Servers make use of Apache,
Authentication Bypass Vulnerability
In the latest hotfix release notes there is mention that a authentication bypass has been fixed in build 10.1.2137.8. https://www.manageengine.com/products/desktop-central/help/introduction/read-me/sp-readme.html Are there any details on the severity
Can't login to Desktop Central
We are locked out of desktop central. The accounts where setup to send a passcode to e-mail when logging in. Our Exchange server crashed though and is unrecoverable. So we are not receiving any e-mails. Even the local admin account on that box requires
Enable https mode in Desktop Central
Hi everyone, I need to enable secure login (https mode) in Desktop Central, but I have a simple doubt, when I'll enable it, the ports that Im using will automatically change? Is there a way that it doesn't change? Because I don't wanna update all the
Is there a place in MEDC (with Endpoint Security) to report on Microsoft Defender Antivirus details?
Microsoft Defender Antivirus logs all sorts of good information (scan results, detections, etc.) in the Windows event log (seen by Event Viewer). Is there somewhere in MEDC (with Endpoint Security) where we can view and report on this data? Here is a
Browser Management Associated App Links
Hi, I'm diving into the browser management panel of Desktop Central and have been trying to find a way to skip the user interaction process in Google Chrome for a particular site that calls a local app that we install for most users. After the first time
CVE-2021-44228 Announcement
Good Morning, Will there be an announcement soon regarding how many Zoho products are affected by this vulnerability? We also have a secure gateway and would like to know if it's affected. Thanks
Cannot Instal 3rd Party Certificate from Internal Microsoft Certificate Authority
We have DesktopCentral installed on a private network and our domain has a certificate authority. I wanted to issue a certificate to desktop central to prevent certificate errors when accessing the site. I followed the instructions here: https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/importing_ssl_certificates.html
Endpoint Security port scan settings?
We have the Endpoint Security add-on enabled which has a feature called "Port Audit". This scans network ports on the managed computers and spits out a report of which ports are open. Normally this would be fine except we have an internally used chat
Old Apache Version
Current Build: 10.1.2127.13 Current version of Desktop Central server includes a old version of Apache under ManageEngine\DesktopCentral_Server\apache\bin Version 2.4.46 This version is out of date and should be updated with the next release Note, this
2FA All or Nothing
This seems to be an all or nothing approach which does not suit us at all. It is not clear how will it affect the Secure Gateway Server which requires a log on to MEDC and is the only local MEDC account we use. To manage MEDC we use 3 individual local
How does the newly enforced 2FA authentication affect legacy REST API authentication? How will it work?
How does the newly enforced 2FA authentication affect legacy REST API authentication? How will it work? Thanks!
How to cancel security configuration deployment
Hello, By mistake I started deployment of "SMB client is not configured to communicate only with servers that perform packet signing" configuration. (We are running DC with the Endpoint Security Add-On). Is there a way to stop desktop central from further
Enabling DEP on machines with Bitlocker triggers Bitlocker recovery key prompt
Just a heads up to the community: Yesterday we enabled the security configuration "Data Execution Prevention is not enabled". The problem is most our machines had BitLocker enabled in the OS drive, protected by TPM. Enabling or disabling DEP means the
Restrict access web console on internet
We want to use agent to scan the laptops out of office , but the agent port and web console port is the same , so any user can open the web console on internet , we just want to access to web console through the LAN , what should we do ? thanks.
Ransomeware attacks through Desktop Central Software
Ransomeware attacks through computer system management software are currently happening. What is zoho managengine doing to prevent Ransomeware attacks through Desktop Central Management software? Are you reviewing your software to make sure there are
Dealing with CVE-2021-34527 #printnightmare. What is ManageEngine's plan to help out its customers?
I've been following the #printnightmare exploit since last wednesday when it was published. since then i've seen guidance from microsoft with respect to handling it here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 what i haven't
Checking CIS benchmarks on servers
Hi everyone, We're wanting to introduce CIS benchmarks to our Windows servers, and we're wondering if Desktop Manager (or any ManageEngine tool) can help us with this. A couple of things we're thinking of is being able to run checks on servers to see
Desktop Central - Security Feed Notification feature. (Build 10.0.697) - what is it?
Just trying to get more info on what exactly this feature is.
DUO Security 2FA support
Hello, I was wondering if there were any plans of integrating DUO 2FA support with Desktop Central. I see it is supported for ServiceDesk Plus and ADManager Plus. Thanks.
Secure Gateway Server - New security hotfix available
Hi everyone Just a heads-up for those who use the Secure Gateway Server. A new build is available (90087). According to the release notes it addresses high-severity vulnerabilities (see https://pitstop.manageengine.com/portal/en/community/topic/secure-gateway-server-updates-released).
Unable to disable TLSv1.0 and TLSv1.1
Is it possible to disable TLSv1.0 and TLSv1.1 - these have been flagged to me by a security audit as being non-compliant. I have been able to edit the httpd-ssl.conf to fix this issue temporarily but updates overwrite this and sometimes cause the DC service to not load correctly on the server. I've seen on another ticket that you have the option to switch off these protocols if you don't have 7/2008 clients (we have 2012R2/10) but cannot find the option. Any help would be highly appreciated!
Auto Action against Non-Complaint System
Is there a way to lock-out/disable a system from being accessed if it is non complainant. For Eg - Bitlocker has been disabled
Desktop Central - Can't sign in
Using Desktop central on prem - version - 10.0.684. Have users/techs set up to use 2FA (google). Saturday users reported not able to get past the login, where they needed to enter the google auth code. Server looked little frozen with windows updates.
Desktop Central server hardening guidelines
Hi Folks, It is critical to stay protected and have a check on your organization's approach towards securing and managing the endpoints. This article suggests security guidelines to harden the ManageEngine Desktop Central software. These security suggestions
BitLocker
Hi, We recently decided to deploy BitLocker through DC, however on a large number of devices with BitLocker already enabled locally, when users started up their laptops they would be presented with the BitLocker recovery screen. However the key for each
AgentUpgrader.exe is marked as malicious by SentinelOne
AgentUpgrader.exe found in C:\Windows\Temp, which I believe is the application that upgrades the DesktopCentral Agents whenever a server build is upgraded, is being flagged by SentinelOne in our environment. I just wanted to share the information, so
Inventory read only access not complete
Hi! I recently created a user with the Auditor role and gave permission to read the Inventory tab so my InfoSec officer could look up properties of specific hosts more easily. I added read permission for the Inventory module to the Auditor role. He is
BitLocker but no TPM
Hi, Can you tell me what happens if an unencrypted Windows device without a TPM chip gets added to a BitLocker policy in DC please? From my tests so far nothing seems to happens but I wanted to make sure. I've found that if an already encrypted device
Apache Struts version used by Desktop Central is no longer supported?
Hi everyone I just learned that Desktop Central still uses Apache Struts version 1.3. This version is out-of-date and is no longer being developed (https://struts.apache.org/struts1eol-announcement.html). In this article it clearly says that there won't be any further fixes for this version, even if major security problems or serious bugs are found. Considering how often critical vulnerabilities are reported for Apache Struts, why is this version still used in Desktop Central? What are the plans
SSL Anonymous Cipher Suites Supported on MEDC Server TCP Port 8031 (File Transfer)
Hi Folks, Throwing this out to the Community and Support in case they have resolved this already. Tenable.sc external IP scan of a current MEDC Server (version 10.0.632) is showing the above issue, albeit of low severity. I have been tasked with resolving
Secure Gateway Server - New security hotfix available
Hello there, Desktop Central's security component, Secure Gateway Server is now updated with issue fixes and enhancements. Download the latest Secure Gateway Server build from the below-given URL. https://www.manageengine.com/products/desktop-central/forwarding-server-download.html
Secure your Desktop Central server from unauthenticated access!
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server instances that were hosted as edge devices with weak password policies might be compromised (reported by BleepingComputer). A cyberthreat actor has claimed that the Desktop Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate
Next Page