A discussion about setting up Compliance for macOS with JamfPro as the MDM was had, with a user mentioning that they were prompted for additional approvals despite having imported the configuration profile from ControlUp's site. Others suggested adding additional configurations to the Profile Policy and raised the question of whether the "Local Network" option can be added using the PPPC Utility. Discussion also took place about whether documentation could be improved for this service.
Read the entire article here...
ControlUp for Compliance (Secure DX)
ControlUp for Compliance (Secure DX) training and support-related archives from inside the ControlUp Community on Slack.
Security concerns regarding ControlUp for Compliance
A user encountered an issue where C:\Program Files\ControlUp\Cu4Compliance\cu4csvc.exe was being blocked by an ASR rule. They suggested that this be added to the documentation on the support site and a discussion about this update will happen internally. Two key locations for CU4C functionality are C:\Program Files\ControlUp\CU4C and C:\ProgramData\ControlUp\CU4C. To further address security concerns, a user is referred to a relevant Knowledge Base article.
Read the entire article here...
Read the entire article here...
Removing Uninstalled Apps from ControlUp Reports
ControlUp users discussed the lingering appearance of FortiClient on CU4C reports despite its removal from all devices. It was suggested to remove the software from the template scope in order for it to no longer appear in future reports. It was also advised to check for any leftover folders or files that may have caused the detection. To exclude it from scan reports, it should only be removed from the template.
Read the entire article here...
Read the entire article here...
Troubleshooting and Validating ControlUp’s Compliance API
A team member reported an error while using the new Compliance API and asked if it was a known issue. Another member suggested creating a new API key as a possible solution and confirmed that the API was working for them. The team explained how to use the API and shared a code for testing API key access. After rechecking, the team found and fixed the issue.
Read the entire article here...
Read the entire article here...
Reporting on High Network Utilization in ControlUp
A user is looking to report on applications with high Network Utilization in a Non-persistent environment. They suggest having a "Top 5" report for Network Usage. Another user recommends using the Process view in CU4VDI or the Monitor PowerShell query API to easily sort based on Network send or receive.
Read the entire article here...
Read the entire article here...
The Possibility of an API for CU4C for Workflow Automation and Ticket Creation
A user asked about the possibility of an API for CU4C that could trigger workflows in CU4W when a patch is detected. Another user asked for clarification on the use case for this feature, to which the first user explained that it would help automate ticket creation for new application vulnerabilities. The CU4C PM, @member, would have more details on the API release and it was mentioned that it should be ready by the end of the month, with potential for more endpoints to be added in the future.
Read the entire article here...
Read the entire article here...
Triggering SecureDX Agent Installation in ControlUp.
Members discussed whether it is possible for the ControlUp for Devices Agent to trigger the SecureDX agent to install. Options for automatically installing the CU4C client using scripts were suggested, but with a disclaimer that it has not been tested by the Dev Team. This issue is on the roadmap but there is no ETA. A suggested workaround is to set the install script to run once per day. This process is outlined in detail in the discussion thread.
Read the entire article here...
Read the entire article here...
Troubleshooting Secure DX Agent Auto-Updates in ControlUp
In the discussion, there was a question about the Secure DX agent not automatically updating in CU4D. It was suggested that the agent may not be updating due to it being manually deployed. The solution was also given to update manually or make changes to the script to run more frequently. There are planned changes in the works to give users more control over the versions and updates, similar to what is available in CU4D. It was also mentioned that if the script is not running once a day, support can be contacted to help troubleshoot the issue. The Devices tab can show which devices have upgraded to the latest version, with the install date of 8/19 being mentioned. The script will only run if devices are on at specific times.
Read the entire article here...
Read the entire article here...
Exploring the Patching Process at ControlUp
A discussion took place regarding the process of remediation for patching and whether the device reaches out to a CDN or pulls directly from the vendor website. ControlUp has tools for analyzing network impact, including the ability to disable the default CDN and download patches directly. The location where patches are downloaded and stored was also mentioned. The impact on the network will depend on the type of update, but patches are downloaded as compressed files and then uncompressed during deployment.
Read the entire article here...
Read the entire article here...
How to Clean Up Old Patches on ControlUp Client Devices
A user asked for a way to clean up old patches on client devices without causing any issues. It was recommended to enable logs in the C:\ProgramData\ControlUp\CU4C\logs\files or C:\ProgramData\ControlUp\SecureDX\logs location to check for remediation failures or aborts. It is safe to delete subfolders in the patches folder.
Read the entire article here...
Read the entire article here...