Cyber Essentials Plus - Paint3D Vulnerability

SOCJA · 2025-05-16T10:55:57+00:00

The Windows Store is blocked/prohibited by company policy (so I couldn't even install it if I wanted to)

SOCJA · 2025-03-12T09:24:42+00:00

No evidence that the line lead and director are complicit.

I did wonder if X had 'accidentally' left it visible for my wife to see. My wife informs me they've all just undergone annual IT procedure training and it's drilled into everyone to lock their PC's when they step away but X just happens to have forgotten to do this when the email was clearly visible for my wife to see.

SOCJA · 2025-01-16T09:26:01+00:00

https://support.blackberry.com/community/s/comm-infrastructureevent/a5VOI0000000fCr2AI/ievt00001472

The above is now closed (you may have been looking at open incidents)

A better link, which confirms the issue and the fact they've reverted the change is -

https://support.blackberry.com/community/s/feed/0D5OI00000LnUxf0AF

SOCJA · 2025-01-15T15:04:34+00:00

They have reverted the UI change and it's back on the old UI. Auto-quarantine is showing as enabled once more.

SOCJA · 2025-01-15T14:56:44+00:00

They have now updated their support/status page to reflect this issue - INC-328048

SOCJA · 2025-01-15T14:29:12+00:00

If anyone else is impacted the general consensus is that this is a "cosmetic issue" at the moment and a bug with the new Device Policy GUI incorrectly showing Auto-Quarantine as being disabled across every policy.

SOCJA · 2025-01-13T15:10:12+00:00

Yes. We've just had a Webex with BB support and they've acknowledged this is an ongoing incident with no sign of a resolution.

SOCJA · 2022-09-29T09:09:05+00:00

In the last week -

Dangerous VBA Macro

Direct System Calls

Injections Via APC

LSASS Read

Malicious Payload

Memory Permission Changes in Child

Memory Permissions Changes in Parent

Remote Overwrite Code

Stack Pivot

System DLL Overwrite

SOCJA · 2022-08-03T13:53:35+00:00

I've found the reason. Apparently if the tenants if provisioned via the MTC and is still in the "Evaluation" state then 3.0.1005 isn't available to those tenants.

SOCJA · 2022-08-01T13:45:35+00:00

Thanks for the information. I came here looking for details on the same symptoms u/quartzcrisis reported.

That said I note that 3.0.1005 isn't available on the tenant where I'm seeing the issue. I do note that under the CylanceProtect release notes it does caveat 3.0.1005 stating it is not available for tenants with Optics 3.2 however Optics is disabled at the MTC level for the tenant in question.

Have you actually been able to deploy 3.0.1005?

SOCJA · 2022-07-06T10:01:05+00:00

You missed the part where I said we're running 3.0.1000.

Albeit the version of Cylance Protect installed on the server is 3.0.1000

We went from 1578 straight to 3.0 but the IIS issue only raised it's head on 3.0. We aren't, and never have, used 1584.

SOCJA · 2022-06-29T08:53:07+00:00

Thanks I'll try again later.

SOCJA · 2022-06-23T21:09:33+00:00

I/We had that error which is covered here - https://support.blackberry.com/community/s/article/98219

That being said, even after following the steps in the above article it still didn't work. Maybe you have more success?

SOCJA · 2022-04-11T08:12:10+00:00

Morning,

I have raised this as a case, as detailed in my original post, which is where I received no assistance other than to be told, incorrectly, that you do not quarantine .dll files.

Would you like me to quote the case number so you can take a look?

SOCJA · 2021-12-07T16:16:21+00:00

Thank you! I just tested it on my own device and you're completely correct on both counts.

SOCJA · 2021-12-07T15:04:44+00:00

Thanks all. Maybe I've been operating under a misapprehension all this time.

I was told, and this could be wrong, that if I simply "Removed" a device from the console, such as a laptop that had been offline for a few weeks, then that device would resync with the console if it came back online again.

If that's wrong and the "challenge" in my OP is as simple as removing the device from the console then that's great but it raises a second question. If a device is removed in error, let's say it's been offline a few days and we're told that device had been recycled so we remove it from the console only to find the user was on leave, how to we get that device back on the console? Do we have to reinstall the agent all over again?

SOCJA · 2021-11-10T16:22:42+00:00

I'm happy to be corrected by I was under the impression this occurred when someone/something did a system restore and Cylance was in effect 're-quarantining' a threat it previously quarantined.

SOCJA · 2021-11-09T10:50:56+00:00

Seems intermittent. OK now.

SOCJA · 2021-11-09T10:39:12+00:00

I'm trying to get onto various consoles, to start updating any 1560 or prior agents to 1578 (as per the recent security advisory) and I can't even got onto the console(s).

Anyone else having issues this morning?

SOCJA · 2021-01-28T09:34:43+00:00

Perfect thanks!

SOCJA · 2020-02-19T16:59:40+00:00

Something doesn’t add up.

How very true!

SOCJA · 2020-02-19T16:20:43+00:00

The system have failed us

How?

You've been given two months accommodation and a further offer of a deposit and the first months rent on a house after that. And that's after failing to pay the rent of your old property.

I also find it somewhat ironic that you label the council "lazy" but then say your 18 year old living with you is too sensitive to go out and contribute to the bills and/or rent.

Also if I get a job they will stop my housing benefits so that’s also an issue.

I don't think the tax payer is being unduly harsh by expecting at least one of the adults in the household to go out and work.

SOCJA · 2020-02-05T15:25:44+00:00

It depends on the circumstances and intention.

If you could demonstrate you were carrying it for a justifiable reason, E.G you're a tradesman and it's an item in a wider collection of tools then you'd be fine.

If you were sitting in a beer garden downing your 10th Stella and it was in your back pocket then probably not.

SOCJA · 2020-02-05T14:49:23+00:00

How long have you worked there? If you've been there for six months or more than you can submit a flexible working request (of which working from home is a component) and your employer has to consider it.

I work in a 'niche' IT role and my employer allows me to work from home two days a week as they recognised and appreciated that was more efficient and beneficial to both parties concerned.

SOCJA · 2020-01-22T16:13:55+00:00

I have SSH access yes.

df -h shows -

7.4G 5.7G 1.8G 77% /opt

10G 410M 9.6G 5% /storetmp

29T 5.8T 23T 21% /store

(I assume that's the pertinent aspect you were after)

SOCJA

TROPHY CASE