Cannot Instal 3rd Party Certificate from Internal Microsoft Certificate Authority
We have DesktopCentral installed on a private network and our domain has a certificate authority. I wanted to issue a certificate to desktop central to prevent certificate errors when accessing the site. I followed the instructions here: https://www.manageengine.com/products/desktop-central/help/configuring_desktop_central/importing_ssl_certificates.html
Endpoint Security port scan settings?
We have the Endpoint Security add-on enabled which has a feature called "Port Audit". This scans network ports on the managed computers and spits out a report of which ports are open. Normally this would be fine except we have an internally used chat
Old Apache Version
Current Build: 10.1.2127.13 Current version of Desktop Central server includes a old version of Apache under ManageEngine\DesktopCentral_Server\apache\bin Version 2.4.46 This version is out of date and should be updated with the next release Note, this
2FA All or Nothing
This seems to be an all or nothing approach which does not suit us at all. It is not clear how will it affect the Secure Gateway Server which requires a log on to MEDC and is the only local MEDC account we use. To manage MEDC we use 3 individual local
How does the newly enforced 2FA authentication affect legacy REST API authentication? How will it work?
How does the newly enforced 2FA authentication affect legacy REST API authentication? How will it work? Thanks!
How to cancel security configuration deployment
Hello, By mistake I started deployment of "SMB client is not configured to communicate only with servers that perform packet signing" configuration. (We are running DC with the Endpoint Security Add-On). Is there a way to stop desktop central from further
Enabling DEP on machines with Bitlocker triggers Bitlocker recovery key prompt
Just a heads up to the community: Yesterday we enabled the security configuration "Data Execution Prevention is not enabled". The problem is most our machines had BitLocker enabled in the OS drive, protected by TPM. Enabling or disabling DEP means the
Restrict access web console on internet
We want to use agent to scan the laptops out of office , but the agent port and web console port is the same , so any user can open the web console on internet , we just want to access to web console through the LAN , what should we do ? thanks.
Ransomeware attacks through Desktop Central Software
Ransomeware attacks through computer system management software are currently happening. What is zoho managengine doing to prevent Ransomeware attacks through Desktop Central Management software? Are you reviewing your software to make sure there are
Dealing with CVE-2021-34527 #printnightmare. What is ManageEngine's plan to help out its customers?
I've been following the #printnightmare exploit since last wednesday when it was published. since then i've seen guidance from microsoft with respect to handling it here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 what i haven't
Checking CIS benchmarks on servers
Hi everyone, We're wanting to introduce CIS benchmarks to our Windows servers, and we're wondering if Desktop Manager (or any ManageEngine tool) can help us with this. A couple of things we're thinking of is being able to run checks on servers to see
Desktop Central - Security Feed Notification feature. (Build 10.0.697) - what is it?
Just trying to get more info on what exactly this feature is.
DUO Security 2FA support
Hello, I was wondering if there were any plans of integrating DUO 2FA support with Desktop Central. I see it is supported for ServiceDesk Plus and ADManager Plus. Thanks.
Secure Gateway Server - New security hotfix available
Hi everyone Just a heads-up for those who use the Secure Gateway Server. A new build is available (90087). According to the release notes it addresses high-severity vulnerabilities (see https://pitstop.manageengine.com/portal/en/community/topic/secure-gateway-server-updates-released).
Unable to disable TLSv1.0 and TLSv1.1
Is it possible to disable TLSv1.0 and TLSv1.1 - these have been flagged to me by a security audit as being non-compliant. I have been able to edit the httpd-ssl.conf to fix this issue temporarily but updates overwrite this and sometimes cause the DC service to not load correctly on the server. I've seen on another ticket that you have the option to switch off these protocols if you don't have 7/2008 clients (we have 2012R2/10) but cannot find the option. Any help would be highly appreciated!
Auto Action against Non-Complaint System
Is there a way to lock-out/disable a system from being accessed if it is non complainant. For Eg - Bitlocker has been disabled
Desktop Central - Can't sign in
Using Desktop central on prem - version - 10.0.684. Have users/techs set up to use 2FA (google). Saturday users reported not able to get past the login, where they needed to enter the google auth code. Server looked little frozen with windows updates.
Desktop Central server hardening guidelines
Hi Folks, It is critical to stay protected and have a check on your organization's approach towards securing and managing the endpoints. This article suggests security guidelines to harden the ManageEngine Desktop Central software. These security suggestions
BitLocker
Hi, We recently decided to deploy BitLocker through DC, however on a large number of devices with BitLocker already enabled locally, when users started up their laptops they would be presented with the BitLocker recovery screen. However the key for each
AgentUpgrader.exe is marked as malicious by SentinelOne
AgentUpgrader.exe found in C:\Windows\Temp, which I believe is the application that upgrades the DesktopCentral Agents whenever a server build is upgraded, is being flagged by SentinelOne in our environment. I just wanted to share the information, so
Inventory read only access not complete
Hi! I recently created a user with the Auditor role and gave permission to read the Inventory tab so my InfoSec officer could look up properties of specific hosts more easily. I added read permission for the Inventory module to the Auditor role. He is
BitLocker but no TPM
Hi, Can you tell me what happens if an unencrypted Windows device without a TPM chip gets added to a BitLocker policy in DC please? From my tests so far nothing seems to happens but I wanted to make sure. I've found that if an already encrypted device
Apache Struts version used by Desktop Central is no longer supported?
Hi everyone I just learned that Desktop Central still uses Apache Struts version 1.3. This version is out-of-date and is no longer being developed (https://struts.apache.org/struts1eol-announcement.html). In this article it clearly says that there won't be any further fixes for this version, even if major security problems or serious bugs are found. Considering how often critical vulnerabilities are reported for Apache Struts, why is this version still used in Desktop Central? What are the plans
SSL Anonymous Cipher Suites Supported on MEDC Server TCP Port 8031 (File Transfer)
Hi Folks, Throwing this out to the Community and Support in case they have resolved this already. Tenable.sc external IP scan of a current MEDC Server (version 10.0.632) is showing the above issue, albeit of low severity. I have been tasked with resolving
Secure Gateway Server - New security hotfix available
Hello there, Desktop Central's security component, Secure Gateway Server is now updated with issue fixes and enhancements. Download the latest Secure Gateway Server build from the below-given URL. https://www.manageengine.com/products/desktop-central/forwarding-server-download.html
Secure your Desktop Central server from unauthenticated access!
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server instances that were hosted as edge devices with weak password policies might be compromised (reported by BleepingComputer). A cyberthreat actor has claimed that the Desktop Central servers hosted as edge devices (publicly accessible) that do not have two-factor authentication enabled and use the default credentials to authenticate
DC alert: ports are blocked by windows firewall after 10.0.555 update
Hi, Desktop Central console (scope of management, computers) brings up an alert: "Ports that are used for the agent-server communication are being blocked by windows firewall" with an "unsafe" link "Unblock now" (javascipt). This happended after upgrading to version 10.0.555. I have a bunch of open ports incoming. And there is no problem with the agents (updating, patching, inventory or remote access) communicating. Any idea where this message comes from? See screenshot atteched. Thanks, Juergen
Security Certificate Mismatch
We've added a security certificate from a Central Authority to ManageEngine Desktop Central. When we open the server, it always opens to the localhost configuration page instead of the certificate page and then we have to change the URL to the same site tied to the certificate. Is there any way to have Desktop Central recognize that it has a valid third-party CA cert and open using the correct URL?
Fixes to multiple vulnerabilities
Hello everyone, Greetings, Multiple vulnerabilities have been fixed and released in Desktop Central build 10.0.532. Here is the Knowledge Base article for your reference: https://www.manageengine.com/products/desktop-central/multiple-vulnerabilities-fix.html #securityupdate-dc If you need assistance, please reach us via desktopcentral-support@manageengine.com Kind regards, Desktop Central team
Setup Agents to talk while not on the network
Does any have a detailed document on how to setup Desktop Central to talk to an agent while it is on a corporate network/vpn? I installed the Secure Gateway Server but can't seem to get it to negotiate. Using Fortigate for my firewall.
Zero day Vulnerability - Need immediate attention! Desktop Central Server might be compromised.
Dear Customer's, At ManageEngine, we consider security as our top priority. That’s why we bring it to your immediate attention, that some versions of Desktop Central Server contain an unauthenticated remote code execution vulnerability (originally reported by Steven Seeley of Source Incite). Since this vulnerability has been declared as "Zero Day - Vulnerability", we could see that some of the enterprises were targeted and few customers network compromised. Ever since this vulnerability was brought
Restrict server web access
Hi, To facilitate remote working, I have opened Desktop Central agent access to my organisation's VPN. However, I am concerned that this presents external users with a means to attempt to log in to the management console. I think it would be a good idea if there was a way to restrict access to the management console to specified IP addresses or subnets. Thanks!
Dell API update for Warranty fetch details
Dell has announced that the API to check for warranty details will be deprecated as on March 12, 2020. The new APIs for Dell has been released in build 10.0.479 and above. To continue to fetch warranty details in Desktop Central securely, follow the below given steps. 1. Log in to your Desktop Central console, click on your current build number on the top right corner. 2. You can find the latest build applicable to you. Download the PPM and update. Cheers, ManageEngine Team
ManageEngine launches Application Control Plus
We are thrilled to announce that we have introduced a brand-new application control and privilege management solution - Application Control Plus With Application Control Plus you can leverage the combined benefits of Least Privilege and Zero Trust principles to thwart application-related threats Features and Benefits Instant discovery of all running applications Trust-centric approach to application whitelisting Malware prevention by executable level blacklisting Varied flexibility modes to
Cyborg Ransomware reported!!
Hello All, A quick heads-up on the spreading cyborg ransomware phishing e-mails. It is not new that intruders make use of trending events to manipulate Internet users into cyber-attacks. Now that Windows has rolled-out its Vanadium 1909 feature pack update, what could be more trending in the cyber-space? So yes, Phishing e-mails are out seeking for victims. The e-mails come with subject lines like "Install Latest Microsoft Windows Update now!" or "Critical Microsoft Windows Update!". Just in
Installing a previous Windows server 2016 cumulative security patches
Hi, Is there any way to install the June 2019 windows server cumulative security patch once the July 2019 cumulative patch is released? We cannot possibly patch all our servers in a single months time frame and would like to keep them all running the same cumulative patch. I was told by ManageEngine that if you used a previous DTC config file that contained the June 2016 cumulative patch, it would install it even if the July cumulative patch had been released. This is not the case.
Apache security update - version 2.4.39
Hi everyone The Apache version used by Desktop Central (build 10.0.343) is 2.4.33.0. Recently Apache version 2.4.39 was released. Is Desktop Central affected by the vulnerabilities mentioned in the security advisory (https://httpd.apache.org/security/vulnerabilities_24.html)? What are the plans to update to the latest version? Regards Stefan
Problem " 8020 8027 8443 Ports are in use. Hence could not start "forwarding server".
Hello, I've had a problem during desktop central forwarding set-up. After certificates have been installed an error occured, that said " 8020 8027 8443 Ports are in use. Hence could not start "forwarding server". I can't finish the set-up process due to this error. I've been following the instructions. Could you give me an advice on this issue?
Imported wrong certificate, cannot log into console.
I was trying to import a third party certificate using my Windows CA Server. By accident I imported a user certificate and now I cannot log into to the console not matter what I try. I've tried all browsers and I get a certificate mismatch err and it does not allow me to proceed. I opened a ticket yesterday morning (653009) but support has not been able to come up with a solution. I would think that all we need to do it remove the certificate so I assume this would need to be done from command line
Delete other domain
hi , I face an issue with Managed domain , every day when the DC scan the system will found new domains and install the agent automatically . we have one domain (KAMC-RD) , the DC found 2-3 Domains ,when I delete the Pc't that install agent on other domain and delete others domain next day will recive same issue , how can we block DC to scan other domain ness to install agen to our domain only and not install the agent to other domain . thank you
Next Page