Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.

M365/Exchange Hybrid OAuth Testing command, OAuth-Cert out-of-sync 4001, IIS VDIR OAuth wrong

www.butsch.ch Resolve and find OAuth problem in Exchange Hybrid Setup Environment Short Understanding OAuth: OAuth (Open Authorization) is an industry-standard protocol that enables secure authorization for third-party applications without the need to disclose user credentials. It allows users to grant limited access to their resources on one site to another site, without sharing their credentials. […]

Crowdstrike Falcon Sensor, Azure VM Repair paths

The procedures in this article describe methods you can use to attach an encrypted OS disk to a repair VM and then unlock that disk. After the disk is unlocked, you can repair it. As a final step, you can replae the OS disk on the original VM with this newly repaired version. Microsoft has […]

Crowdstrike Falcon, BSOD, VMWARE Server Recovery DEU

Es gibt einige Server, bei denen Sie nicht in den Wiederherstellungsmodus oder den abgesicherten Modus booten können. Wenn das Volume nicht verschlüsselt ist, haben Sie eine Möglichkeit, die fehlerhafte CrowdStrike-Def-Datei von der Festplatte zu löschen. Basisartikel von uns: https://www.butsch.ch/post/19-07-2024-bsod-blue-screen-crowdstrike/ Crowdstrike Falcon Sensor, Azure VM Repair paths   Um eine virtuelle Festplatte in einer VMware-Umgebung von […]

Falcon Sensor, Bluescreen of Death Vmware workaround if you can’t boot into recovery

  Workaround Server / Vmware affected with NO Recovery Option and not encrypted:   There are some server where you can’t boot into recovery or safe boot. If the volume is not encrypted you have one way to delete the faulty crowdstrike def file from the disk. Base article: 19.07.2024 BSOD Blue screen Crowdstrike – […]

19.07.2024 BSOD Blue screen Crowdstrike

The falcon has crashed BSOD blue screen of death on clients and server OS Red Teams and Hackers > see where you have brought us?   https://www.trellix.com/about/why-trellix/vscrowdstrike/ The latest CrowdStrike Falcon Sensor update is causing a widespread issue resulting in a Blue Screen of Death (BSOD) boot loop globally. It’s a security professional’s worst nightmare […]

Proxy settings der Cryptography API bei Zertifikatswiderrufslisten (CRL) von einem CRL-Verteilungspunkt

  Dieser Artikel zielt darauf ab, den Prozess zu erläutern, den die Crypto API durchläuft, um erfolgreich eine HTTP-basierte URL für den CRL-Verteilungspunkt herunterzuladen. Er dient auch der Fehlerbehebung in Situationen, die mit der Netzwerkrückgewinnung von CRLs verbunden sind. Zusätzlich wird unser kostenloses Tool, crlcheck.exe, erwähnt, das dazu beitragen soll, komplexe Probleme effektiver zu lösen. […]

13.06.2024 False-Postive with ENS 10.7, AMCORE 5554 on Windows Defender AM_Delta_Patch Server 2019 German

  Trellix ENS 10.7 deletes Windows Defender Update which come from WSUS-Server on German Server 2019 We just did see a false positive on Windows Defender Updates we provide via WSUS with autoaprove on a Windows Server 2019 German with Trellix ENS 10.7 and AMCORE 5554. The file was deleted from C:\Windows\SoftwareDistribution\Download\ Microsoft affected file: […]

16.07.2024, Office 365 / M365 EX814289 shared calendar not working

Workaround ONLY works as long as you don’t close Outlook.exe (Don’t close Outlook after it works until MS solves problem) EX814289 Users may be unable to access shared calendars in the Outlook desktop app. Users who have access to Outlook on the web or Outlook for Windows (https://www.microsoft.com/store/productId/9NRX63209R7B?ocid=pdpshare) can use this connection method to access […]

Mcafee/Trellix ENS Gootkit False ENS 10.7 after 15.05.2024, rule SIG 6232 with VBS from TEMP

  Mcafee/Trellix ENS 10.7 Exploit Prevention Content 13401 Update SIG 6232 from 15.05.2024 brought a false with some customers from us. This comes with good (change) or bad (false) timing after we have seen some Gootloader activity happening in EU/CH these days. This happens on ENS 10.7 APRIL 2024 and also on Nov 2023 Version […]

Google chrome 124 and Edge Chromium Probleme Webserver SSL-Brechen [DEU]

  Google Chrome.exe 124 und Edge Chromium könnten Probleme haben, sich mit einem Webserver hinter älteren Firewalls oder Proxys zu verbinden, ODER bestimmte Sicherheitsgeräte filtern HTTPS/TLS-Websites nicht mehr.   Das Problem hat etwa am 22.04.2024 begonnen und nimmt laufend zu. Dies könnte Sie betreffen, wenn: Sie oder jemand anderes einen Webserver oder einen Dienst mit […]