Month: March 2020

Missing Icon Fonts in EM

Post author By Bhargav Atturu
Post date March 26, 2020

Issue

EM Icon fonts not being displayed due to a new Windows 10 security feature that blocks fonts that are installed outside of the Fonts directory called Untrusted Font Blocking.

Here is an article explaining the feature:

https://support.microsoft.com/en-us/help/3053676/windows-10-technical-preview-adds-a-feature-that-blocks-untrusted-font

Resolution

Changing the Mitigation Options value to 2000000000000 should resolve their issue.

How to turn on and use the blocking untrusted fonts feature

To turn this feature on, off, or to use audit mode, use one of the following methods.

Using Group Policy

Open Local Group Policy Editor.
Under Local Computer Policy, expand Computer Configuration, expand Administrative Templates, expand System, and then click Mitigation Options.
In the Untrusted Font Blocking setting, you can see the following options:
- Block untrusted fonts and log events
- Do not block untrusted fonts
- Log events without blocking untrusted fonts

Using Registry Editor

Open Registry Editor (regedit.exe) and go to the following registry subkey:
If the MitigationOptions key is not there, right-click and add a new QWORD (64-bit) Value, naming it as MitigationOptions.
Update the Value data of the MitigationOptions key, and make sure that you keep your existing value, like the important note below:
- To turn this feature on. Type 1000000000000.
- To turn this feature off. Type 2000000000000.
- To audit with this feature. Type 3000000000000.
- Important: Your existing MitigationOptions values should be saved during your update. For example, if the current value is 1000, your updated value should be 1000000001000.
Restart your computer.

Missing-Icon-Fonts-in-EM.pdf

Tags Block Untrusted Font, KB-00016-16-210201, 429, Guest, ESM, Windows 10 Security feature, Enterprise System Manager, Missing Icon Fonts, Windows 10 block

Knowledge Support Support exacqVision Enterprise Categories Products

Enterprise Manager Outbound Firewall Rules on Restricted Networks

Post author By Bhargav Atturu
Post date March 25, 2020

Issue

Accessing our licensing server from Enterprise Manager on a restricted network will require an exception to the outbound firewall rules. Please add exacq.com and port 443 to the outbound firewall rules to open access.

Version Affected

All.

Tags Licensing, Firewall, KB-00017-17-210201, 441, Guest, exacqVision Enterprise, Enterprise Manager

Knowledge Support Support exacqVision Enterprise Categories Products

Enabling stronger cipher/protocol security with Enterprise Manager

Post author By Bhargav Atturu
Post date March 23, 2020

If your exacqVision Enterprise Manager is already using HTTPS as described in our Knowledge Base Article ‘How to Enable HTTPS for ESM’ you can make sure you are using strong ciphers and the most current ssl protocol using this document.

Locate and make the indicated changes to the file httpd-ssl.conf

Windows

C:\Program Files\exacqVision\EnterpriseManager\apache_solr\apache2\conf\extra\httpd-ssl.conf

Linux

/usr/local/exacq/esm/apache_solr/apache2/conf/extra/httpd-ssl.conf

Find SSLCipherSuite and SSLProxyCipherSuite and make sure they match the following.

Find the SSL Protocol Support section and make sure the following is set as follows. Note, it may be possible to user TLSv1.3 but it has not been tested yet.

Verifying

To verify the endpoint is running as expected for your Enterprise Manager HTTPS site.

Run the following command from a Linux machine with openssl installed.

Note the output under SSL-Session.

Enabling-stronger-cipher-protocol-security-with-Enterprise-Manager.pdf

Tags Linux, Windows, exacqVision Enterprise, Enterprise Manager, Enterprise Manager Outbound Firewall Rules on Restricted Networks, KB-00018-18-210201, 457, Guest