An XPS with Ubuntu is very hard to beat for work. I used to have a setup like that. My needs changed lately and now is most efficient to run Win10/11, however, possibly 2nd quarter next year I'll be back to running Ubuntu mainly after I finish some Windows related projects.

@scottalanmiller said in Anyone used Infection Monkey?:

@ambarishrh I meant that YOU should make one.

I'm too subtle, I guess.

lol! Yes, will make one for sure! Just need to test it on a lab and see how it goes. Its an interesting project 🙂

@scottalanmiller Thank you! 🙂

@ambarishrh said in PDQ Link:

@jaredbusch said in PDQ Link:

@Ambarishrh said in PDQ Link:

The only catch I could see is the mandatory port 443 as per their site

The majority of work for Link is done with our installer, but there is one bit that will have to be done by you or your network team. Your external firewall will need to route incoming TCP 443 to your PDQ Link server. 443 is the only port SSTP can utilize. This configuration is mandatory to allow your external clients to connect.

If you already have another service on 443 with a public IP, we need to use an additional IP for PDQ link.

That is what inbound proxy servers are for.

digging an older topic as I am testing this now. Regarding inbound proxy
, what would you suggest to be used?

This isn't that simple, you need a proxy that supports TCP streams, unless SSTP behaves just like HTTPS. You'd need to talk to PDQ support to get more details. If you do end up needing TCP streams, I think Nginx, Traefik, and Haproxy all support that, and there's a mod for Apache too, but if I recall it correctly, it was specifically for MSRPC, so Exchange OWA or RDS.

Jared ran into a simliar'ish problem recently... There is a thread around here somewhere.

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

And security products straight from O365 admin portal subscriptions page:
560b3413-64e4-4a77-9b6c-27030798a842-image.png

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

malware protection, both behavioral and definition based ransomware protection phishing protection ids/ips device control exploit blocker botnet protection web filtering memory analysis central management, either cloud or local

And a full forensics audit trail?

I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

I'm having a hard time finding what the real price here is?

I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

The above posts have a dozen different security things listed.

As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

Also - is O365 E3 the requirement, or can you add ATP onto E1?

Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.

If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.

Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

@scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

@dbeato no, just an online file by file virus scanner?

No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:
2019-04-23_0039.png

It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

That might be true for ConnectWise but not all Executables create a new hash everytime.

And in those unrelated cases, lots of things flagging the would be more meaningful.

@ambarishrh nice!

@ambarishrh said in Centralized password manager:

Re: Centralized password manager

Revisiting this again, as I would like to setup something with our team. What's the latest choice of PM on ML now?

First few results that caught my attention:

https://www.passbolt.com/

https://www.syspass.org/index-en.html

Looking at a self-hosted possibly free version to use with a team of 4 members.

Nextcloud + passman

@scottalanmiller said in Audible or blinkist?:

Audible is pretty awesome.

I have a decent library now. I have been using Audible for several years.

@obsolesce said in Microsoft Teams Free:

Also, looks like it's coming to Linux

I'm hopeful that Microsoft is recognizing that they will have more success not tying to an OS.

@Ambarishrh I saw it pop up on my subscriptions 🙂

@wrx7m said in Edge crash:

@black3dynamite said in Edge crash:

@dashrender said in Edge crash:

@ambarishrh said in Edge crash:

@wrx7m said in Edge crash:

@ambarishrh said in Edge crash:

@dashrender said in Edge crash:

Ug.. upgrades... what other software do you have installed?

Can you skip 1709 and go to 1803?

Will try this today

Be warned... 1803 has its own set of weird issues. 😐

Need to make few changes on our AV as well (an upgrade to support 1803), so it might take some time for me to complete the test

My AV just updated for 1709, and now they are back to having issues with 1803.

We’ve been pretty lucky with our Sophos.

Sophos endpoint?

Yes

@dustinb3403 said in Evaluating OneDrive for Business to replace traditional end point backup:

At approximately $12/user you get 1TB/user

Yeah but you also get Exchange and a full Office Suite.

The size difference on files on my computer was an issue with dropbox on the latest version of Win10. I used my mac to download all files and then moved the Dropbox folder inside OneDrive and got all synced. Apart from some files not being synced all looks good now. I am almost ready to cut Dropbox, part of that I already switched from yearly plan to monthly (was due for renewal on sep), just keeping it a month or two more to finalize.

With the new option of getting MS offoce on unlimited devices and concurrent sign in to 5 devices with the O365 plan ( https://techcommunity.microsoft.com/t5/Office-365-Blog/You-re-about-to-get-even-more-from-your-Office-365-Home-or/ba-p/234907) along with smart sync, I guess its a great deal

The O365 account is used at multiple services (network monitoring, snipeit are some of them). I guess mailgun would be a good choice to avoid this altogether. The free version supports 10K mails

@farizazmi try following this: https://snipe-it.readme.io/docs/moving-snipe-it

Do you have some sort of intrusion detection service running right now? (Wazuh, OSSIM, or one of the paid for solutions?) If you do, between that and the ClamAV, you should be as well protected as you could possibly by.

Edit: I should specify to never skimp on user training! KnowB4 is a great tool.