Ask a Question
Didn’t see what you’re looking for? Start a new topic. Help is on the way!
- 120 Topics
- 210 Replies
Prior to configure the Cymulate agent we are going to create a separate domain account just for the purpose of these testing. What kind of an account is preferred, User account with local admin privileges or Service account with elevated privileges ?
Hello,during the analysis of the report of the Immediate Threats test “GLOBEIMPOSTER RANSOMWARE WITH MEDUSALOCKER SPREADING VIA RDP” we verified that the access to a malicious URL has been correctly blocked. The related event registered by the SIEM reports:The action is blocked because “Not allowed to use this browser” The useragent reported in the event is “useragent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36”Our doubt is related to the fact that none of the reported browser version is currently installed on the host where the agent is running. We would like to ask if the agent uses an internal browser that is different from the default one used on the host? Thank you in advance!Lucio
UPDATE: I just checked the console and now it appears to be connected. It looks like it takes about 10 to 15 minutes post-reboot to come up. Seems a bit long, but I’ll take it for now. :-) I recently installed the service based agent on three machines. Two are running Windows Server 2019 and the other is running Windows 10 Pro. The two machines running Windows Server are working properly. On the Windows 10 Pro machine, the service based agent will only connect to the gateway when the user account is logged on. Has anyone seen this? The PC is joined to an Azure AD domain, so it’s not a traditional AD setup. This agent is configured for the email assessments as well, while the other two are not. Any ideas on how to solve this, or is this expected behavior given how this machine is configured? Thanks.
Hi,When I attempt to add a user profile for testing with a domain user, after I click add, the cymulate interface comes back with “Could not save profile”The profile creation does not work. Tried with a couple of existing domain accounts and a new one.Does anyone know how to resolve this issue?Thanks,Richard
When I attempt to run advanced scenarios, such as “ Domain Password Strength Evaluation”, the agent needs to be elevated. As it is not, the scenario fails to run.Does this need the service account that runs on the cymulate server to use a domain account and one specifically with privileged rights?What is the recommended approach and is there a tech note to cover this?Thanks,Richard
Hello cymulate communityWe are designing Phishing campaigns and we would like to "clone" landing pages or login pages from our corporate websites because trying to copy them with the design tools is practically impossible.My users are trained to be wary of poorly designed pages. How do you load "realistic" templates for your campaigns? Thanks
Hello Team,I am in process of setting up SSO for Azure and it required Client ID from Cymulate portal.As per the instruction, it should be next to Name and it is a combination of numbers and letters but I could not see it anywhere. Can you please share your thoughts on this one?
Hello everyone!I have launched an Endpoint Security Assessment which has failed. The main error is “Access is denied”:An error occurred trying to start process 'C:\Program Files\Cymulate\Agent\Executor\36.0\CymulateEDRScenarioExecutor.exe' with working directory 'C:\Program Files\Cymulate\Agent\Executor\36.0'. Access is denied.I have slightly debugged the problem and I can confirm that the user exists on the machine as well as the exceptions made in the EDR are the following:ProgramData\Cymulate\Agent\** Program Files\Cymulate\Executor\** Program Files\Cymulate\CLI\** Program Files\Cymulate\Service\** Program Files\Cymulate\Agent\*Has anyone else experienced this error on Endpoint Security Module or in another one? How could I debug deeper this error?Thank you very much!
Morning, Does any know what would happen in the below scenario should the agent lose connectivity to the network when running an Endpoint Security assessmentWould it reconnect and continue when a network is available? Would it have to be on the same network for the assessment to start ruining against from where it left off? Is there a time limit to how long before it would give up and not try reconnecting?Any help/ knowledge shared would be greatly appreciated.
Hello!Are there any best practice to manage agent logs on Windows machines?Specifically we are interested into best practices to manage the disk space, because we verified that after an year the disk is full and we need to decide which logs can be deleted.Moreover is there a configuration in the Agent or in the platform that can be set to overwrite past logs. Thank you,Lucio
HiRef to this guide If I don´t define any Scope Range and leave the field empty, will the agent scan and try to reach every singel network/IP it can find? Or the agent will never leave the server that the agent was installed. So final question is it require to fill the scope or exclude range?
Hi Is it possible to abort a (lateral movement) Hopper assessment after launch?And what will happen with the Hopper “agent” if the agent was able to jumpe to let say 3 server? Will the agent kill the Hopper “process” it self if don´t get some kind of “keep-alive” signal back from “mother” Hopper. Or the Hopper will continued to doing task until it don´t get any feedback.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.