ansible

[Nick Bhanji]

immunet 7.4.4 is blocking request from pywinrm.  We are trying to update workstations using ansible and winrm.  However, immunet after upgrading to 7.4.4 is blocking execution.

I am attaching before removal of immunet 7.4.4 and after

nbhanji@srv-fog:~/ansible-playbooks/testing$ ansible testing -m win_ping
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current
version: 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0]. This feature will be removed from ansible-core in version
2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
[WARNING]: ERROR DURING WINRM SEND INPUT - attempting to recover: WinRMError The pipe has been ended.  (extended fault
data: {'transport_message': 'Bad HTTP response returned from server. Code 500', 'http_status_code': 500,
'wsmanfault_code': '109', 'fault_code': 's:Receiver', 'fault_subcode': 'w:InternalError'})
10.50.51.192 | FAILED! => {
    "msg": "winrm send_input failed; \nstdout: \nstderr An error occurred while creating the pipeline.\r\n    + CategoryInfo          : NotSpecified: (:) [], ParentContainsErrorRecordException\r\n    + FullyQualifiedErrorId : RuntimeException\r\n "
}

After removal.
nbhanji@srv-fog:~/ansible-playbooks/testing$ ansible testing -m win_ping
[DEPRECATION WARNING]: Ansible will require Python 3.8 or newer on the controller starting with Ansible 2.12. Current
version: 3.6.9 (default, Jan 26 2021, 15:33:00) [GCC 8.4.0]. This feature will be removed from ansible-core in version
2.12. Deprecation warnings can be disabled by setting deprecation_warnings=False in ansible.cfg.
10.50.51.192 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

I can execute in powershell: enter-pssession -ComputerName 10.50.x.x -Credential xxx

this allows the session.

 

Is there a way of adding an exception to immunet and to ignore the requests to port 5985-5986 and also push that change with powershell script.  Thanks in advance for the help.

 

 

[zombunny2]

Your query looks a lot like you are running Immunet in some sort of organisation or corporate environment. Immunet is targeted at home users, so you may find you can only accomplish what you need with the corporate "version", Cisco AMP, instead. Additionally, support is not provided to Immunet users in corporate environments.

If you have already tried adding the relevant scripts and program components to Immunet's exception lists, and it still doesn't work, and you're not a home user, just buy AMP. To the best of my knowledge you can't add specific ports as exceptions in Immunet and it's not intended for having config changes pushed remotely (e.g. via Powershell) because those are the sorts of things home users don't usually need to do.

[Nick Bhanji]

Thank you for your help.  I will have to requisition and research on the budget for the school.

[ritchie58]

Hi Nick,

What zombunny2 suggested has some serious merit! Since you're using a server environment with multiple endpoints 'Immunet's cloud based enterprise version' called 'Secure Endpoints' (formally, AMP for Endpoints) would definitely better suit your needs. 

Secure Endpoints is 'much more individually configurable' than Immunet. It's also designed to work with and compliment any other security software you may be currently using.

Although not free to use like Immunet (there is a free trial period however!) the price is reasonable & actually negotiable depending on how many endpoints need to be protected, the type of and the length of your license that you choose.

If you represent a legitimate & confirmable 'non-profit' charitable or educational organization/entity that can also be taken into consideration.

Another nice thing about Secure Endpoints is that you don't need a Ph.D. in Computer Science to configure the software to your specific needs although some advanced computer knowledge would be best to get the most out of the software which I believe you already have in abundance.

Another point is, Secure Endpoints makes it much less cumbersome to deploy to multiple endpoints simultaneously when installing btw. 

Here's a URL link if you care to investigate Secure Endpoints for yourself. https://www.cisco.com/c/en/us/products/security/amp-for-endpoints/index.html

Best wishes, Ritchie...

P.S. - To all Immunet users: Although mainly developed towards server environments "Secure Endpoints can also be configured for individual/home use too!" Something to consider if you're thinking of installing some other paid software package or are (especially) currently using a multiple PC private networking configuration with Immunet.

[Nick Bhanji]

Thank you ritchie58.  I have contacted sales and waiting for response.