Secure your Desktop Central server from unauthenticated access!
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server instances that were hosted as edge devices with weak password policies might be compromised (reported by BleepingComputer). A cyberthreat actor has claimed that the Desktop Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate
DC alert: ports are blocked by windows firewall after 10.0.555 update
Hi, Desktop Central console (scope of management, computers) brings up an alert: "Ports that are used for the agent-server communication are being blocked by windows firewall" with an "unsafe" link "Unblock now" (javascipt). This happended after upgrading to version 10.0.555. I have a bunch of open ports incoming. And there is no problem with the agents (updating, patching, inventory or remote access) communicating. Any idea where this message comes from? See screenshot atteched. Thanks, Juergen
Security Certificate Mismatch
We've added a security certificate from a Central Authority to ManageEngine Desktop Central. When we open the server, it always opens to the localhost configuration page instead of the certificate page and then we have to change the URL to the same site tied to the certificate. Is there any way to have Desktop Central recognize that it has a valid third-party CA cert and open using the correct URL?
Fixes to multiple vulnerabilities
Hello everyone, Greetings, Multiple vulnerabilities have been fixed and released in Desktop Central build 10.0.532. Here is the Knowledge Base article for your reference: https://www.manageengine.com/products/desktop-central/multiple-vulnerabilities-fix.html #securityupdate-dc If you need assistance, please reach us via desktopcentral-support@manageengine.com Kind regards, Desktop Central team
Setup Agents to talk while not on the network
Does any have a detailed document on how to setup Desktop Central to talk to an agent while it is on a corporate network/vpn? I installed the Secure Gateway Server but can't seem to get it to negotiate. Using Fortigate for my firewall.
Zero day Vulnerability - Need immediate attention! Desktop Central Server might be compromised.
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server contain an unauthenticated remote code execution vulnerability (originally reported by Steven Seeley of Source Incite). Since this vulnerability has been declared as "Zero Day - Vulnerability", we could see that some of the enterprises were targeted and few customers network compromised. Ever since this vulnerability was brought
Restrict server web access
Hi, To facilitate remote working, I have opened Desktop Central agent access to my organisation's VPN. However, I am concerned that this presents external users with a means to attempt to log in to the management console. I think it would be a good idea if there was a way to restrict access to the management console to specified IP addresses or subnets. Thanks!
Dell API update for Warranty fetch details
Dell has announced that the API to check for warranty details will be deprecated as on March 12, 2020. The new APIs for Dell has been released in build 10.0.479 and above. To continue to fetch warranty details in Desktop Central securely, follow the below given steps. 1. Log in to your Desktop Central console, click on your current build number on the top right corner. 2. You can find the latest build applicable to you. Download the PPM and update. Cheers, ManageEngine Team
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
Cyborg Ransomware reported!!
Hello All, A quick heads-up on the spreading cyborg ransomware phishing e-mails. It is not new that intruders make use of trending events to manipulate Internet users into cyber-attacks. Now that Windows has rolled-out its Vanadium 1909 feature pack update, what could be more trending in the cyber-space? So yes, Phishing e-mails are out seeking for victims. The e-mails come with subject lines like "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!". Just in
Installing a previous Windows server 2016 cumulative security patches
Hi, Is there any way to install the June 2019 windows server cumulative security patch once the July 2019 cumulative patch is released? We cannot possibly patch all our servers in a single months time frame and would like to keep them all running the same cumulative patch. I was told by ManageEngine that if you used a previous DTC config file that contained the June 2016 cumulative patch, it would install it even if the July cumulative patch had been released. This is not the case.
Apache security update - version 2.4.39
Hi everyone The Apache version used by Desktop Central (build 10.0.343) is 2.4.33.0. Recently Apache version 2.4.39 was released. Is Desktop Central affected by the vulnerabilities mentioned in the security advisory (https://httpd.apache.org/security/vulnerabilities_24.html)? What are the plans to update to the latest version? Regards Stefan
Problem " 8020 8027 8443 Ports are in use. Hence could not start "forwarding server".
Hello, I've had a problem during desktop central forwarding set-up. After certificates have been installed an error occured, that said " 8020 8027 8443 Ports are in use. Hence could not start "forwarding server". I can't finish the set-up process due to this error. I've been following the instructions. Could you give me an advice on this issue?
Imported wrong certificate, cannot log into console.
I was trying to import a third party certificate using my Windows CA Server. By accident I imported a user certificate and now I cannot log into to the console not matter what I try. I've tried all browsers and I get a certificate mismatch err and it does not allow me to proceed. I opened a ticket yesterday morning (653009) but support has not been able to come up with a solution. I would think that all we need to do it remove the certificate so I assume this would need to be done from command line
Delete other domain
hi , I face an issue with Managed domain , every day when the DC scan the system will found new domains and install the agent automatically . we have one domain (KAMC-RD) , the DC found 2-3 Domains ,when I delete the Pc't that install agent on other domain and delete others domain next day will recive same issue , how can we block DC to scan other domain ness to install agen to our domain only and not install the agent to other domain . thank you
Problem " 8020 8027 8443 Ports are in use. Hence could not start forwarding server"
Hello, [имя]. I've had a problem during desktop central forwarding set-up. After certificates have been installed an error occured, that said " 8020 8027 8443 Ports are in use. Hence could not start forwarding server". I can't finish the set-up process due to this error. I've been following the instructions. Could you give me an advice on this issue?
SAFE, SECURE, PROPER way to open firewall for managing roaming DC agents
Can we get a setup of instructions for safe, secure and proper way to open firewall to manage roaming DC agents, the biggest concern is ensuring the DC management interface is safe from brute force attacks.
Install and Uninstall Management
Hi everyone, I am a novice in information technology, helping me: How to prevent installing and uninstalling software on the Agents? I have hidden Programs and Features in the Control Panel, but the software can still be uninstalled in C: \ and the start bar. I use Desktop Central server in the WORKGROUP model My agent uses windows 10.
Security Update : Logging key entries while in a remote session
Hello Everyone, Here is a security update for Desktop Central customers. What was the Problem? Logging Key entries while in a remote session Whenever a computer is remotely controlled, all the key entries of the remote user was printed in logs. Latest Fix Released Date : 14-Sep-2018 Reference : https://www.manageengine.com/products/desktop-central/logging-key-entries-vulnerability.html Regards, ----- R Romanus Prabhu Head - Technical Support Endpoint management solutions Direct Support : +1 408
Limiting Technician Login Timeout
Security seems like a good place to post this. It doesn't seem secure to allow technicians to disable their login timeout, without designing an administrative override.
Endpoint Security, GDPR & more from ManageEngine's experts
We are happy to inform ManageEngine is conducting a one-day endpoint security seminar in London on 17, April 2018. We would like to have you on board, make use of this opportunity to connect with our Endpoint Security experts and get insights into GDPR compliance from an endpoint management perspective. Please find the agenda and registration link here Pls, share it with your peers too. Hoping to see you there.
Securing agent WAN access
Hi, sorry if this has been covered elsewhere - I'm struggling to work out how I can properly secure agent communication from a WAN network (the internet). I have looked at the forwarding server, but it seems to require a split DNS setup which is not possible in my situation (I am part of a much larger organisation and do not have that degree of control over our DNS, and the majority of my systems including the DC server already are assigned public IP addresses, but are behind a firewall) Is there
Microsoft Patch Tuesday February 2018 updates
This month’s update includes patches for 50 vulnerabilities, along with patches for the infamous processor bugs Meltdown and Spectre. In addition to those patches, Microsoft has also released a patch for a recent zero-day vulnerability for Adobe Flash Player. This update was bundled along with Microsoft’s ADV180004 update last week. Read: https://blogs.manageengine.com/desktop-mobile/desktopcentral/2018/02/14/microsoft-patch-tuesday-february-2018-updates.html
Remote Office configurations for roaming users
I have a large work from home staff that primarily use straight up internet no VPN. The will VPN in for certain operations and will visit the office from time to time. Support said to follow these instructions for roaming users. https://www.manageengine.com/products/desktop-central/managing_roaming_users_how_to.html However when I follow the steps it won't let me save until I have specified a replication policy. I have no DS servers and no plans to use one. I tried to setup a replication policy but
Roaming users and Forwarding server
A little confused as to what agent to use to support this. https://www.manageengine.com/products/desktop-central/secure-communication-of-mobile-users-using-forwarding-server.html According to this they want you to have the same fqdn appear internally as well as externally. Do you have to create a remote office for this and use the wan agent? if it is the same fqdn why won't the LAN agent work? Is there some benefit to the wan agent? half of my workforce work from their homes using straight up internet
Security Update - ManageEngine Desktop Central and MSP
Hello Everyone, Here is a security update for Desktop Central and MSP customers. Fixed Versions : Apache 2.4.29 and openssl 1.0.2n Vulnerabilities in Apache https://httpd.apache.org/security/vulnerabilities_24.html Openssl vulnerabilities https://www.openssl.org/news/vulnerabilities.html ----------------------------------------------- Desktop Central https://www.manageengine.com/products/desktop-central/multiple-vulnerabilities-in-openSSL.html Desktop Central MSP https://www.manageengine.com/desktop-management-msp/multiple-vulnerabilities-in-openSSL.html
Webinar: How to mitigate the Meltdown and Spectre bugs. (Register Now)
Meltdown and Spectre, two massive hardware bugs that exist in Intel, AMD, and ARM processors that are capable of exposing any sensitive data that is being processed in your countless desktops, laptops, and other devices. Attend this webinar, to know how these bugs exploit sensitive data and mitigate them right away. Agenda: Quick recap of the devastating intel bugs and their impacts. Understanding the difference between Meltdown and Spectre. Methods to mitigate Meltdown and Spectre. Webinar details:
Mitigation for Meltdown and Spectre exploit
Introduction to Meltdown and Spectre Meltdown and Spectre are two new hardware bugs that exist in Intel, AMD, and ARM processors and capable of exposing any sensitive data processed by countless computers and devices. Personal data like passwords, photos, emails, and even business-critical documents can be accessed and stolen. Read more. Exploits CVE-2017-5754 (Meltdown) and CVE-2017-5753 and CVE-2017-5715 (Spectre). Mitigation Bulletin ID: MS18-JAN1 ManageEngine patch management team have already
Microsoft Patch Tuesday December 2017 updates
Microsoft Patch Tuesday is here for December 2017 with 34 security updates, 2 key fixes for 7 different products. Patch now and stay safe to have a happy vacation ahead. Read more: https://goo.gl/2QUDRa
TeamViewer hacked: Here’s how to protect your systems
Hi there, TeamViewer can be exploited using a vulnerability allowing users to switch between viewer and presenter side, or remotely control the server. If you are using TeamViewer in your enterprise, do act now. Read more: https://goo.gl/2E65yX
Ensure your company is GDPR compliant using Desktop Central
While companies are working their way towards GDPR compliance, Desktop Central—our very own endpoint management solution—can help you keep your users' PII secure so you can stay GDPR compliant. Manage your servers, desktops, laptops, smartphones, and even tablets, all from one central location and maintain GDPR compliance for long time. Read more: https://www.manageengine.com/products/desktop-central/gdpr.html
Forwarding Server Security
Desktop Central Forwarding server appears to be vulnerable to XSS and Forceful browsing attacks. Is there a way to mitigate this. The default configuration also exposes the DesktopCentral login to the internet, and 2-Factor can be bypassed with the mobile app - all serious security concerns for an internet facing device. How can this be disabled or mitigated? Thanks!
Free webinar series: Securing your organization from cyber attacks
Join us for our free two-part webinar series to learn about the tools and techniques you need to secure your organization from cyber attacks. We'll be discussing the two-pronged approach - including both reactive and proactive measures - that'd help you secure your IT against the recently prevalent cyber threats. Register here: http://bit.ly/SecEntIT Part 1: Handling an attack | Thursday, July 20th, 2:30pm IST Part 2: Preventing attacks | Thursday, August 3rd, 2:30pm IST Click here for more details
Security best practices?
Hi everyone I would like to get feedback on how to expose Desktop Central to the Internet in a secure manner. The documentation on this topic is scarce. I have not found any best practices so far. I would really appreciate comments from the community. When we installed Desktop Central a few years ago, it was mainly used internally to patch out-of-date PCs and collect inventory data. The Desktop Central server was therefore set up in our LAN. Now we would like to make use of the following additional
Hardening Guide for Desktop Central
Hi, I am new here and we are using Desktop Central for one of our customer , a local authority. Recently, they did an security audit on the infrastructure and there was an comment about lack of hardening guide for desktop central. Can I check if there are such an guide available ? Regards Soh
KB4022719 - Causes Internet Explorer to print the blank pages.
Hello, Greetings from ManageEngine Desktop Central. End users may report a blank page print out of contents that opened in a Internet Explorer frame. The root cause for this issue is not a printer, but the recent monthly rollup deployed to Workstation running with Windows 7 SP 1 OS. The Microsoft yet to provide a solution to this issue and in case of fixing this issue is on a highest priority situation then you may consider to uninstall this update. The reason why I recommend you to uninstall on
2-Factor Authentication, Lost phone, only admin - what now?
I am the only admin in Desktop Central, and have2-factor authentication enabled, but I've since lost my phone (actually, it got destroyed). I know my username & password, but can't seem to find any way to send myself a recovery email or replacement QR code. Any assistance would be appreciated.
Secure your computers from Fireball Malware
Dear Users, It's time to save your desktops. Fireball, a recently popular adware/malware infection has affected over 250 million computers across the world. This browser hijacker gets installed in our search engines and causes severe threats which also includes installation of more such malware. Why fear when you have Desktop Central :) Refer the article given below to know how Desktop Cental helps on securing your PCs from Fireball malware. https://www.manageengine.com/products/desktop-central/secure-computers-from-fireball-malware.html
Adding Certificate from Microsoft CA
Following: https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/importing_ssl_certificates.html I'm trying to add a certificate from our Microsoft domain CA. It gives me a .cer and .crt file When I import the .crt file it asks for a .key file. What do I need to do to get the .key file? Are there alternate instructions when using a Microsoft CA?
Lmit Technicians to Managing Dynamic group
We are ready to add our Desktop Support Technicians to Desktop Central, and what I've found is I can't just assign them to managing a Dynamic Group, as I desire. I want to limit their ability to deploy software, or updates, to prevent them from ever deploying to servers on accident, or from rebooting servers etc. I've created Dynamic Groups by OS type (which I expected to find a "desktop" category built in, but have not. And I can ask them to only deploy to these groups, but I want to limit their
Next Page