MeshCentral - Authenticode Time Stamp, Resources, Assistant Lock, Intel® SM, Router

MeshCentral is an open source, web based, feature packed computer management web site. MeshCentral development is continuing swiftly, and the blog posts are not keeping up with the number of features being released, so, this week’s post includes plenty of unrelated features and improvements that are making MeshCentral most customized and more secure than ever before. We have many improvements to the Authenticode feature we announced a few weeks back, code to change the resource strings within an executable, MeshCentral Assistant now has the server locking feature, Intel® Standard Manageability support was improved and more improvements to MeshCentral Router. It’s been a crazy month so far and it’s not over. In detail:

  • Authenticode-JS Time Stamping. A few weeks back we released Authenticode-JS, the first ever fully NodeJS tool for code signing Windows executables. This last week, we improved this tool to add support for certificate authority time stamping. This allows an executable that is signed by a trusted code signing certificate to remain valid even after the certificate used to sign the executable expires. With time stamping, the Windows operating system can verify that the executable was signed during the certificate’s validity period. This tool makes it possible to sign and time-stamp Windows executables from any OS including Linux, which is super useful in the server world.
  • Authenticode-JS Resource Modifications. In addition to signing and time-stamping a Windows executable, Authenticode-JS can now look at the different sections of a Windows executable and completely break apart the resource section (.rsrc) and allow modifications to be made to the version strings and then reassemble the executable with a re-encoded resource section. This allows a user to edit the version information of an executable prior to signing and time stamping it. This allows an executable to be customized to an organization like never before.
  • Time Stamping and Resource Modification in MeshCentral. Authenticode-JS is released as an open-source stand-alone tool for anyone to use, but its primary purpose is its integration into MeshCentral. Starting this week, MeshCentral will automatically time stamp the MeshAgent and a new option is available to disable this feature or change the default time-stamping server used. In addition, you can now set agent version string information to be included in the agent. When set, MeshCentral will place these strings inside the agent resource section before performing code signing and time stamping.
  • MeshCentral Assistant Sign-Lock feature. When code signing MeshCentral Assistant, you now have the option to lock the signed binary so that it can only connect to a specific server. The lock includes the DNS name of the server and the server certificate hash. This makes is impossible to use a signed MeshCentral Assistant on any server by your server and so, preserving the trust of your certificate. This feature was included in the MeshAgent at the beginning of the year but is now also in MeshCentral Assistant with the same signing URL format to perform the lock. 
  • Improved Intel® Standard Manageability (Intel® SM) support. Intel® Standard Manageability includes some of the features of Intel® AMT on lower-cost platforms. Starting this week, MeshCentral has better support for these platforms. MeshCentral will detect this platform type for both agent based and agent-less device groups and will now better adjust the user interface to handle the features supported by these platforms. Both the desktop and mobile web site have been updated. This will be a welcome improvement to owners of these devices. 
  • MeshCentral Router Connectivity Improvements. MeshCentral Router is a popular tool used with MeshCentral for routing TCP and UDP traffic thru a MeshCentral server to any network where a MeshAgent is running. In the last month, MeshCentral Router got user interface improvements and more significantly, new connectivity settings so you can specify an HTTP proxy to use and, if needed, a TLS client certificate. The client certificate is interesting if MeshCentral is placed behind a reverse proxy and requires TLS client authentication to allow connections. This setup significantly reduces the attack surface when exposing MeshCentral to the Internet.

Many other features have been added and bug fixes included. As usual, feedback is appreciated. If you see any problems or need support on something, please create a new issue on GitHub or help other users. For more information, visit the portal at https://meshcentral.com.

Enjoy!
Ylian
MeshCentral, Blog, Twitter,
Reddit, GitHub, YouTube.

 







Popular posts from this blog

Starting work at Microsoft

Image
Hi everyone. It’s been a while since the last blog post and I wanted up update everyone on what is going on. As many of you know already from a discussion on GitHub , Bryan and I have been laid-off from Intel in early November 2022. This was quite a surprise as MeshCentral, MeshCommander, MeshCMD and other tools where widely used. This said, Intel has been having poor financials and Bryan and I where part of a very large first wave of downsizing by the company that involved many people that I know and worked with for a long time. I had been working for Intel for over 25 years having started in September 1998. Over the years I worked on IPsec key negotiation, Universal Plug & Play, DLNA and Intel® AMT. I loved working on all these projects and especially loved working with the open-source community on Mesh projects. Obviously, this was not my decision and Bryan and I had look for what comes next. One option was to continue working on MeshCentral as part of another company or with
Read more

MeshCentral - Windows ARM64, NodeJS v11, NPM Packages

Image
Hi all. It's been a while since I last posted and now that I am settling a bit more in my work at Microsoft, I have a bit of time to occasionally look after MeshCentral again. It's about time, there where a bunch of things that needed to get fixed. Before that, I want to say that I am doing great. I am working on Microsoft Forms which is one of the offerings of Microsoft 365. For kicks, I started a YouTube channel on Microsoft Forms here during a Microsoft hacking week. I tried to up my game since the videos I last published for MeshCentral. Also, I wanted to share pictures below. I was at a Tesla Supercharger last weekend and, by luck, got to see a Tesla Cybertruck in person. It's very big. Obviously, this is a release candidate driven by a Tesla employee. I saw it after attempting to see the solar eclipse over Oregon, but sadly, too many clouds and saw nothing. In any case, back to MeshCentral. In the last few months a few things have happened with the new releases. Wind
Read more

MeshCentral - New Windows Agents - Installation Dialog, Customization and Server Lock

Image
Lots is going on with MeshCentral, just yesterday Bryan Roe released a new MeshAgent for Windows with many improvements. An improved installation dialog box, logo customization and, to continue MeshCentral’s leadership in security, a new agent code signing locking feature that will surely be used by many to improve trust and security of their MeshCentral installation. In addition to this, we have many more server improvements to cover. In detail: MeshAgent with improved installation dialog box . The new MeshAgent for Windows is much improved with months of changes and bug fixes. The most noticeable feature is by far the new installation dialog with the new logo and connection details button. The new installer is a lot friendlier and easier on end-users. MeshAgent with improved customizations . In addition to all the existing agent customizations available in prior versions, the MeshAgent has new server settings for the installation text and logo. You can now set your own 200x200 PNG c
Read more