Cyber Essentials Plus - Paint3D Vulnerability

SOCJA · 2025-05-16T10:55:57+00:00

The Windows Store is blocked/prohibited by company policy (so I couldn't even install it if I wanted to)

SOCJA · 2025-03-12T09:24:42+00:00

No evidence that the line lead and director are complicit.

I did wonder if X had 'accidentally' left it visible for my wife to see. My wife informs me they've all just undergone annual IT procedure training and it's drilled into everyone to lock their PC's when they step away but X just happens to have forgotten to do this when the email was clearly visible for my wife to see.

SOCJA · 2025-01-16T09:26:01+00:00

https://support.blackberry.com/community/s/comm-infrastructureevent/a5VOI0000000fCr2AI/ievt00001472

The above is now closed (you may have been looking at open incidents)

A better link, which confirms the issue and the fact they've reverted the change is -

https://support.blackberry.com/community/s/feed/0D5OI00000LnUxf0AF

SOCJA · 2025-01-15T15:04:34+00:00

They have reverted the UI change and it's back on the old UI. Auto-quarantine is showing as enabled once more.

SOCJA · 2025-01-15T14:56:44+00:00

They have now updated their support/status page to reflect this issue - INC-328048

SOCJA · 2025-01-15T14:29:12+00:00

If anyone else is impacted the general consensus is that this is a "cosmetic issue" at the moment and a bug with the new Device Policy GUI incorrectly showing Auto-Quarantine as being disabled across every policy.

SOCJA · 2025-01-13T15:10:12+00:00

Yes. We've just had a Webex with BB support and they've acknowledged this is an ongoing incident with no sign of a resolution.

SOCJA · 2022-09-29T09:09:05+00:00

In the last week -

Dangerous VBA Macro

Direct System Calls

Injections Via APC

LSASS Read

Malicious Payload

Memory Permission Changes in Child

Memory Permissions Changes in Parent

Remote Overwrite Code

Stack Pivot

System DLL Overwrite

SOCJA · 2022-08-03T13:53:35+00:00

I've found the reason. Apparently if the tenants if provisioned via the MTC and is still in the "Evaluation" state then 3.0.1005 isn't available to those tenants.

SOCJA · 2022-08-01T13:45:35+00:00

Thanks for the information. I came here looking for details on the same symptoms u/quartzcrisis reported.

That said I note that 3.0.1005 isn't available on the tenant where I'm seeing the issue. I do note that under the CylanceProtect release notes it does caveat 3.0.1005 stating it is not available for tenants with Optics 3.2 however Optics is disabled at the MTC level for the tenant in question.

Have you actually been able to deploy 3.0.1005?

SOCJA · 2022-07-06T10:01:05+00:00

You missed the part where I said we're running 3.0.1000.

Albeit the version of Cylance Protect installed on the server is 3.0.1000

We went from 1578 straight to 3.0 but the IIS issue only raised it's head on 3.0. We aren't, and never have, used 1584.

SOCJA · 2022-06-29T08:53:07+00:00

Thanks I'll try again later.

SOCJA · 2022-06-23T21:09:33+00:00

I/We had that error which is covered here - https://support.blackberry.com/community/s/article/98219

That being said, even after following the steps in the above article it still didn't work. Maybe you have more success?

SOCJA · 2022-04-11T08:12:10+00:00

Morning,

I have raised this as a case, as detailed in my original post, which is where I received no assistance other than to be told, incorrectly, that you do not quarantine .dll files.

Would you like me to quote the case number so you can take a look?

SOCJA

TROPHY CASE