CC 3.6.30 was automatically installed - result in Telephone Terror
ThK Cybersecurity Overlord ✭✭✭
I had problems with my a few customers this morning. I quickly noticed that the CC 3.6.30 was automatically distributed.
It's just stupid that the network card is deactivated on important servers or PCs, as was the case with the update to 3.6.26 or 27. What a challenge to come to the client when no rights are available. Oh man!
Furthermore, the DHCP query does not work or only after the DHCP server has been restarted several times.
Did anyone else notice this? The Ethernet device in deactivated in Windows after updates from CC ?
Category: Capture Client
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Hi @ThK the network interfaces gets disabled because of the PROTECTION & CONTAINMENT OPTION -> Disconnect from Network This should only happen in cause of an Incident.
I'am left to only two Endpoints running CC and did not see any Network Trouble so far.
Does ist affect all Endpoints or just specific ones? Like specific OS version or Endpoints with active Threats?
@BWC yes therefore it is activated. But this would allow management traffic so you are able to get hands on.
But no its not this funtion. Here the Windows NIC in NetworkCenter on the maschine is DISABLED. Not even the management access is possible.
I noticed this, i guess on 50 PCs/maschines out of 1700 in differnec tenents with different Windows systems. On different Networks, but with 3.6.24, 3.6.27, 3.6.29 and 3.6.30
The worst was today it disabled the AD Server with DNS and DHCP - Cutomer was completely down. :-(
@ThK that is indeed messed up, I never experienced something similar like that.
Do you remember if only thise 50-ish machines caused trouble since 3.6.24? Maybe they have something in common, like a network driver that's not used elsewhere?
I'am just fishing here, obviously.
I'm inclined to go with @BWC on this. It is entirely possible network drivers were chewed up and spit out inadvertently (like the Windows 7 issue with KB4499175 and the deleted OEM###.inf files).
@ThK are there any incidents about those computers in the CC logs?
@Larry @BWC is have no idea. the pcs are always HP models. or servers on VMware different OS Verison 2012r2 or 2016.
I witnessed a vmware session on a server that suddenly installed the update. Among other things, a DOS box opened during the installation. But I could see that the network card in the lower edge of the screen was "crossed out" but luckily came back online. So some routine interrupts the network connection and when it goes the network card remains deactivated.