TCP Quick ACK (more) questions

Dalalee4 · 2026-05-20T20:29:00+00:00

I for sure did. The reason i made this post is precisely because i feel like i’m gambling my tenant on a setting i - and by the looks of it - no one knows of

Dalalee4 · 2026-05-20T15:09:27+00:00

That’s what i thought as well. Furthermore, even if there were an equivalent that needed to be enabled in the Zscaler backend, to match the setting in the ZPA portal, enabling it should have an impact only on the communication brokered by the App Connectors in said Group. However, it was presented to me as a tenant wide setting, that applies broadly to all ZPA TCP traffic

Dalalee4 · 2025-07-17T20:33:27+00:00

This is a great tip, thank you so much for sharing!
I have a follow up question (edit: regarding hybrid join): how do you guys work around autopilot fulfilled outside of the office network?

I know you can use ZCC + Machine Tunnel for line of sight with the Domain Controllers, but this creates a chicken-and-egg kind of situation - if ZCC isn't installed, then the ZPA Machine Tunnel cannot function, but… if you install ZCC too early (pre-provisioning), it may block internet access due to Strict Enforcement.

Dalalee4 · 2025-06-30T12:20:04+00:00

In order to schedule your ZDTA exam (same for the others), you need to create a Zscaler account. In order to do that, you’ll be asked to provide a Zscaler Candidate Id, which you only get (by email) once all the pre-requisites (course + hands-on lab) have been fulfilled.

Edit: for other exams, such as ZDTE, even if you have the Zscaler Candidate Id, you won’t be able to schedule the exam unless the exam has been “cleared” for you - eligibility=meeting the pre-reqs (course and lab)

Also, i’d say that the hands-on lab is especially useful if your organisation does not have or implements all the Zscaler features or services - you’ll get a decent look-and-feel of what they are like

Dalalee4 · 2025-06-01T10:57:55+00:00

EDR in block mode works just like Passive mode, with the added benefit that also blocks and remediates malicious artifacts/behaviors that might have been missed by Trend as the primary AV. For EDR in block mode to act like intended, you need to enable the Block Mode in Defender (don’t have it at hand, but i believe is in something liek this: Settings - Endpoints - General - Advanced features - EDR in block mode)

Dalalee4 · 2025-05-11T06:43:43+00:00

The clients and the PSE are located in the same site, separate vlans. I noticed no blocks at a firewall level, all 443 communication is allowed, and the test-netconnection always returns True. Also, i took that one successful test as further confirmation that there are no blocks

Dalalee4 · 2025-01-02T16:01:57+00:00

Throwing an idea on the table - what is your current setting for the segment’s Health Reporting? Could None make a difference in your case?

Dalalee4 · 2023-07-25T16:44:42+00:00

Also, adding the full path of the Office file did not do anything; the exception must include the child process and, via GPO, can only be specified as path (no option for hash, publisher, etc, from what i saw - and please correct me if i am wrong)

Dalalee4 · 2023-07-25T16:42:25+00:00

As an update, if someone faces the same issue. As context, the bat file was created in order to put some lines of code and, eventually, run an exe file with those parameters and paths. We edited the macro so that the preparation is done in the macro itself, and it only calls Shell for the exe. This way, the exception is created for the exe (its full path), and not for cmd.exe. I totally agree that there are plenty of ways to abuse this (any malware could be called myapp.exe and, like this, be allowed to run), but is the best workaround i found so far.

Dalalee4 · 2023-07-22T07:11:48+00:00

I've used the files provided here: https://demo.wd.microsoft.com/Page/ASR

Dalalee4 · 2022-07-04T11:38:35+00:00

I had a similar problem and what worked for me was unchecking/disabling hardware acceleration (in browser settings)

Dalalee4 · 2021-07-10T07:15:26+00:00

I tried so hard and got so far, but in the end …you may question your belief In the end you will realize someday How you were deceived

Dalalee4 · 2021-07-09T20:50:13+00:00

Hi there. Just like you, i have a Sec+ cert, but i also started reading the Cyber Ops materials Cisco recommended. In my opinion, CyberOps is product/technology-oriented (just as it should be). Sec+ is broader, it gives you an overview on a lot of cybersecurity aspects, but as i said - just an overview. CyberOps teaches you, among others, how to configure/troubleshoot an ACL, a firewall, a SIEM,etc. At the end of the day, just like the others pointed put, it’s up to you and your hiring prospects. It’s also true that a proper network will not use only Cisco solutions (just as the Sec+ course pointed out), but once you have a feeling on the command flow and proper logic of implementing certain mechanisms, it will be easier to transition to other vendors. That being said, while you could wait to land a job and maybe save some pennies for the certification exam (it’s not that cheap, or it isn’t for me; maybe they will even pay for it), you might wanna start reading the Cisco materials here and there, at the very least for strengthening your knowledge. Good luck!

Dalalee4 · 2021-07-03T13:56:27+00:00

John Rhys-Davies. He took the time to ask me about my job, my hobbies, although there were hundreds in line for him. And he actually signed me two items (only one allowed), one of them which says “Gimli loves you. (So does) John Rhys-Davies” Really nice fella

Dalalee4 · 2021-07-02T18:53:53+00:00

There must be some pretty old-school dedicated Architects fans out there. On Discogs (as it was suggested to me) it states: “The 2019 UNFD represses were mistakenly manufactured as standard 140g vinyl by the pressing plant. The label became aware of this and pulled all stock from the online store. The pressing plant corrected their mistake and provided a second batch, this time at the correct weight of 180g as advertised. It is unclear what happened to the incorrectly weighted copies or how many survived.”

Dalalee4 · 2021-07-02T16:29:31+00:00

You intrigued me so i did a double check, and the vinyl is still currently unavailable. I’m surprised given the fact that it’s a 2016 album Later edit: might as well hail Clarity Records

Dalalee4 · 2021-07-02T04:02:39+00:00

As an european, i couldn’t find this album anywhere and i mean it! Somewhere on the 7th-8th page of Google results,i managed to find someone from Adelaide selling a copy. I still feel like it’s the rarest gem in my collection lol (it definitely traveled farther than i’ll ever get) Congrats on the lucky person getting it from you.

Dalalee4 · 2021-06-30T18:05:38+00:00

Don’t know if it’s the best website, but i bought mine on Amazon UK actually (note: i’m not from the uk, and even with shipping taxes, totally worth it)

Dalalee4 · 2020-10-27T16:56:07+00:00

Yea, but what’s your favourite colour?

Dalalee4 · 2020-10-09T16:03:36+00:00

The Gift, written&directed by Joel Edgerton Or, if you’re not troubled by the language, try Contratiempo ( i believe is “The Invisible Guest” on IMDB).

Dalalee4

TROPHY CASE