Hi!
Can someone tell me, if there is something to do with dcom hardening to keep insight discovery running after june 14, 22?
https://support.microsoft.com/en-us/topic/kb5004442-manage-changes-for-windows-dcom-server-security-feature-bypass-cve-2021-26414-f1400b52-c141-43d2-941e-37ed901c769c
At the moment some server log some error messages in windows event viewer. nevertheless some vm hosts can be scanned without some problems.
Insight Discovery Server Event Viewer Error:
DCOM was unable to communicate with the computer x.x.x.x using any of the configured protocols; requested by PID 2af4 (c:\Program Files\Discovery_DEV\Discovery\Discovery.exe).
Scanned VM Host Event Viewer Error:
The server-side authentication level policy does not allow the user xxx (SID) from address x.x.x.x to activate DCOM server. Please raise the activation authentication level at least to RPC_C_AUTHN_LEVEL_PKT_INTEGRITY in client application.
best regards,
florian
