Server #Take action: Disable Secure Time Seeding (STS) in Windows Server 2016 and later

Microsoft recommends disabling the Secure Time Seeding (STS) in Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025 due to reported timekeeping issues. Additionally, organizations should review and ensure proper time synchronization and monitoring on critical servers.   

 
When will this happen:
Microsoft recommends applying this disablement as soon as possible. This recommendation applies to all existing deployments of Windows Server 2016 and later (including domain controllers and member servers).


more details could be found here:

Posted by
Labels: , , ,

Tips #The Module DLL C:\WINDOWS\system32\inetsrv\rewrite.dll failed to load

 Upgrading Windows server 2012 to 2016 you might face this error.



Uninstalling "IIS Url Rewrite Module 2.0" from Programs and Features and reinstall from Microsoft website iis.net/downloads/microsoft/url-rewrite + IISReset fixed the issue


[original article https://superuser.com/questions/948411/the-module-dll-c-windows-system32-inetsrv-rewrite-dll-failed-to-load


https://stackoverflow.com/questions/18714709/windows-8-1-windows-10-breaks-my-asp-net-iis-service-unavailable]



Posted by
Labels: , ,

Sophos #How to uninstall & install software client/server

Here they are some useful articles that indicate on how to safely uninstall Sophos Antivirus,

Sophos Central Endpoint and Server: Uninstall Sophos using the command line or a batch file

https://support.sophos.com/support/s/article/KBA-000003469?language=en_US

Remove Sophos Central without tamper protection password

https://community.sophos.com/community-chat/f/discussions/134537/remove-sophos-central-without-tamper-protection-password

SophosZap: Frequently asked questions (to be used only as last chance)

https://support.sophos.com/support/s/article/KBA-000006929?language=en_US

Sophos Central Endpoint: Automate the software deployment to Windows devices

https://support.sophos.com/support/s/article/KBA-000003140?language=en_US

Sophos Central Endpoint: Installer command line options for Mac and Windows

https://support.sophos.com/support/s/article/KBA-000004840?language=en_US

Posted by
Labels:

Sophos #XDR feature, adaptive attack protection

About sophos Intercept X Advanced with XDR and other Sophos features I take note, on blog, about some related articles:

Sophos Intercept X Advanced with XDR: Help with Forensic Snapshots

https://support.sophos.com/support/s/article/KBA-000006333?language=en_US+

Sophos XDR-enabled devices continually capture data related to processes, files, networks, and other system activities. When threat detection occurs, a snapshot file of current activity is created on the device's disk. This snapshot helps generate the Threat Case in Sophos Central, which attempts to piece together the threat chain of an attack and identify related activities.

Data Lake uploads

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/LiveDiscover/DataLakeUploads/index.html

Sophos XDR: Getting Started with XDR and Data Lake Hydration

https://techvids.sophos.com/watch/JWndawT866eCh9gVXTNE2K

Sophos Intercept X: Adaptive attack protection

https://support.sophos.com/support/s/article/KBA-000008632?language=en_US

This protection feature is part of the malicious behavior protection capability in the Sophos endpoint. It consists of a series of technique-focused behavioral rules intended to disrupt the actions of a threat actor.

Admin Isolated Devices

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/GlobalSettings/IsolatedComputers/index.html


[UPDATE 2025.06.05]

Sophos Endpoint: Adaptive Attack Protection Gets Even Better

https://news.sophos.com/en-us/2024/04/29/sophos-endpoint-adaptive-attack-protection-gets-even-better/

Posted by
Labels: ,

Network #Some switch commands

On Cisco switches you can review single port configuration

show running-config interface Gi4/0/13

In case you would like to reset single port configuration:

Config t

default interface GigabitEthernet 4/0/13



Posted by
Labels: ,

Network #PKI-4-TRUSTPOOL_EXPIRATION_WARNING

We faced, on several Cisco switches, this warning:

Mar  8 11:11:52.680: %PKI-4-TRUSTPOOL_EXPIRATION_WARNING: The Trustpool will expire in 20 days

Mar  8 11:11:52.680: %PKI-4-TRUSTPOOL_AUTO_UPDATE_DISABLED: Auto-trustpool update is disabled.

In Cisco IOS XE version 17.12.04, the auto-update feature for the PKI trustpool is enabled by default. This means the device will automatically download and update the trustpool bundle from Cisco's servers when necessary.

How Auto-Update Works

When the PKI trustpool is due for an update—due to reasons like certificate expiration, reissuance, or the addition of new trusted certificates—the system will:Cisco

  1. Attempt to download the updated trustpool bundle from the configured URL.
  2. If the download is successful, the trustpool is updated.
  3. If the download fails, the system will retry at increasing intervals: 20 days, 15 days, 10 days, 5 days, 4 days, 3 days, 2 days, 1 day, and then hourly until successful.Cisco

This process ensures that the device maintains an up-to-date set of trusted root certificates, which is crucial for secure operations like HTTPS, VPNs, and Smart Licensing.

unfortunately, in our case, this configuration command was missing

crypto pki trustpool policy

 cabundle url http://www.cisco.com/security/pki/trs/ios.p7b

 revocation-check none

to manual import certificate you must launch, through config t, this command:

crypto pki trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b

to avoid problems we launched this 

to view certificate status this is command

show crypto pki trustpool policy

[other articles]

https://community.cisco.com/t5/switching/trustpool-expiration-on-3750-x/m-p/2423362#M286822


PKI Trustpool Management

Posted by
Labels: ,
Subscribe to: Posts (Atom)