C3 - Free Community Content - 6/1 Release Notes

Hello!

Before I begin with the new update – I wanted to thank our production users of C3 Content in the United States and in Europe! It makes me very happy to see this content getting used to manage endpoints around the world!

I am pleased to announce the second regular update to the C3 set of projects. Updates will occur on a weekly/biweekly basis. For information on the C3 set of projects (and how to set it up with your BigFix Environment) please see the announcement post: C3 - Free BigFix Community Content Libraries This content is provided by the community, maintained by me and anyone who contributes to the repositories on github. This is not IBM provided or supported content.

Overview

This release includes additional supported applications through C3 Patch, improved Bitlocker and Applocker Support, and adjustments to Analysis Property refresh times across the board.

  • C3 Inventory - 46 Analyses (4 Updated), 15 Fixlets
  • C3 Patch - 59 Supported Applications (10 New Applications)
  • C3 Protect - 25 Analyses (7 Updated), 63 Fixlets (9 New)
  • C3 Platform Kickstart - 22 Fixlets, 2 Analyses (1 Updated)

C3 Patch

Nine new applications have been added bringing the total supported applications to 59. The following new applications are now supported by C3 Patch and will have the latest deployment, update, and removal fixlets generated and published daily:

Adobe Air
Citrix Receiver
CutePDF Writer
Dell Command | Update
Dropbox
EMET
GIT for Windows
Greenshot
ImgBurn
InstedIT

##C3 Protect

The C3 Protect site saw a number of Bug fixes related to applocker, bitlocker, and cached windows credential discovery moving into production at a number of organizations. In addition, several improvements to bitlocker key escrow were included in this release. Content also now includes updated Applocker Content including helper scripts for creating Applocker Fixlets.

Helpers

  • Several Powershell Scripts designed to help automate Applocker rule creation
  • “Invoke - Applocker Rule Creation From Blocks and Warnings - Windows” - Creates Fixlets on a client for the blocks and warnings logged. Stores them in the __BESData folder for retrieval. Optionally uploads them via upload manager to the bigfix server.

Fixlets

The following Applocker starter rules are now included:

  • “ Applocker Rules - Allow Administrators to run Scripts in their Profiles - Windows”

The following Virtualization Based Security content is now available:

  • “Config - Credential Guard - Disable - Windows”
  • "Config - Credential Guard - Enable with UEFI Lock - Windows”
  • “Config - Hyper-V Platform - Disable - Windows”
  • “Config - Hyper-V Platform - Enable - Windows”
  • “Config - Isolated User Mode - Disable - Windows”
  • “Config - Isolated User Mode - Enable - Windows”
  • “Config - Virtualization Based Security - Disable - Windows”
  • “Config - Virtualization Based Security - Using Secure Boot - Windows”
  • “Config - Virtualization Based Security - Using Secure Boot and DMA - Windows”

Warning Fixlets

The following audit/warning fixlets are now available:

  • “Warning - Applocker Rules exist but AppIDSvc is stopped - Windows”
  • “Warning - System is set to store a large number of cached credentials - Windows”

Analyses

The following Analyses are now available:

  • “Applications - McAfee ePolicy Orchestrator - Configuration - Windows” - Provides information on ePolicy Orchestrator
  • “Virtualization Based Security - Windows” - Provides configuration information for the new Virtualization Based Security available in Windows 10

The following Analyses have new properties available:

  • “Applications - McAfee - Windows” - Provides information on Endpoint Security and ePolicy Orchestrator.
  • "Bitlocker - Audit - Windows” - Provides more accurate information about protection status.

The following Analyses have been otherwise updated:

  • “Applications - McAfee Endpoint Security - Configuration - Windows” - Fixes an issue with Firewall state detection
  • “Whitelisting - Applocker - Logs - Windows” - Consolidated gathering to reduce number of times touching the event log

C3 Inventory

Primarily included changes to the reporting frequency of various properties based on evaluation cycle effect in various production environments.

1 Like

Hi,

Can we block some kind of application like Team-viewer, VLC media player using C3 product Applocker?
If possible please share the details,

Thanks,
Nagaraj.

1 Like