Joseph Kumar

Trellix Endpoint Detection & Response (Trellix EDR) is a cloud-delivered service that enables you to detect, investigate, and respond to threats. Trellix EDR provides continuous data collection and advanced analytics that helps you detect suspicious behavior on your network.

Team/Department:- Dynamic Endpoint

Role/Responsibilities:
Supporting issues pertaining to the following products and actively collaborating with internal
teams and management to ensure issues are resolved in an efficient and brisk manner.

Products Supported:

*McAfee ePolicy Orchestrator or (McAfee ePO) 5.3.x to 5.10

This platform is a centralized management solution for managing any Enterprise McAfee Security product deployed on the Endpoints

*McAfee Virus Scan Enterprise: (VSE 8.8 (Patch 7 to Patch 14) for Windows and Linux also referred to as VSEL (1.2.0 – 1.3.0))

This Antivirus software solution combines antivirus, antispyware, firewall, and intrusion prevention technologies to proactively detect and remove malware.

*McAfee Endpoint Security Threat Prevention: (ENSTP for Windows (10.5.x – 10.7.0) ) and (ENSL for Linux (10.2.x – 10.6.x))

Endpoint security systems protect computers and other devices on a network or in the cloud from
cybersecurity threats.

*McAfee Management for Optimized virtual environments (MOVE)- 4.6.x – 4.8.

McAfee MOVE AntiVirus detects, resolves, and logs information about detected threats. The
software is installed on McAfee MOVE AntiVirus Security Virtual Machine (SVM) to perform these
tasks.
The software includes two deployment options,Multi-Platform and Agentless. Both options provide
consistent protection and are managed and reported on by McAfee ePO.

*Application and Change Control: (Windows and Linux) version 6.x to 8.x

Ensure that only trusted applications run on devices, servers, and desktops.

Benefits:

Reduce risk from unauthorized applications

Local and global reputation intelligence

Real-time behavioral analytics

Auto-immunization of endpoints

*McAfee Active Response (MAR) version 2.1.0 to 2.4.4.x

McAfee Active Response is an endpoint detection and response tool that finds and responds to advanced threats. Behaviors are associated with trace rules. When a rule matches, the associated behavior is shown as part of the activity and potential threat in the workspace.
For instance, if a process tries to write a value in the HKLM\...\Run key that matches a trace rule associated with persistence behavior, this definition will be applied.

*Endpoint Detection and Response version 3.0.0 to 4.10

Tools used:

-Windows SysInternal tools like Procmon, Poolmon, Process Explorer, Autoruns, Memory Dump analyzer, Windows Debug.

-Networking protocols and tools like Wireshark.

-Linux commandline troubleshooting and using bash scripts for debugging and deployments.

-Java heap dump and thread dump analysis.

-Basic Python knowledge, sometimes used in API interactions review with ePO.

Team/Department: High Availability

Windows Failover Clustering (Windows Server 2008 and 2008 R2; Windows Server 2012 and
2012 R2)
*Use of FCM (Failover cluster manager interface) to manage and troubleshoot resource and
resource group failures
*Use of Powershell to remediate and resolve clustering issues
*Clustering network concepts and storage architecture
*Cluster Shared volume architecture
*Hyper-V based clustering
*Scale out file server integration with clustering.
*Resource deadlocks and Bugcheck 9E.
*SQL Always on and Exchange DAG setup for clustering

Microsoft Storage stack

*Miniport and Storport driver architecture
*Storage controller concepts
*Multipathing and DSM (Device specific module concepts)
*Class drivers
*Partition manager, volume manager, volume snapshot
*3rd party filter driver integration in the windows Storage stack.
*File system driver (NTFS)
*I/O subsystem
*Troubleshooting with Storport and perfmon (disk counters) captures for disk and storage
subsystem failures.

Disk recovery
*CHS (Cylinders, heads and sectors) and LBA (Logical block addressing)

*Difference in disk architecture for MBR and GPT partitioning.
*Difference in volume layout for Basic and Dynamic disks
*Using disk recovery tools such as Disk Probe,DMPSS and DMDiag
**Using “Refs recovery tools”for Windows Server 2016 disk recovery**
*CHKDSK and switches like CHKDSK /F and CHKDSK /R
*Using SFC /scannow (to check with the files and file system integrity at the base level which does
not impact the drive)

VSS
*Understanding of the complete VSS architecture.
*System writer missing or failed based errors troubleshooting
*VSS snapshot related failures
*VssDiag
*Vssadmin list writer commands
*Using Windows Server Backup feature
*Using Procmon
*Cluster Shared volume based backup (Clustering)
*Hyper-V based backup

Hyper-V
*Hyper-V architecture
*Difference between Microkernel and Monolithic kernels (VMware ESXi and Hyper-V differences)
*Hyper-V concepts:
Snapshots
vCPU
Parent-Child Configuration using Differencing disks
*Hyper-V virtual networking best practices
*Hyper-V VM migration (Quick and Live migrations)
*Hyper-V configuring VLANS and VLAN tagging

Tools used on a daily basis:

-Hyper-V clustering setup

-VSS backup based command line troubleshooting

-Disk based tools for troubleshooting like Diskmon, DiskView , DiskExt . NTFSInfo .Disk Probe,DMPSS and DMDiag

- NotMyFault

Notmyfault is a tool that you can use to crash, hang, and cause kernel memory leaks on your Windows system.

-Procmon, Poolmon, Process explorer, memory dump analyzer, Windows Debugger.

Roles and Responsibilities:
Troubleshooting AWS (Other cloud platforms) for Panzura storage controller issues.

Panzura storage architecture.
Key features like Unified Namespace, File locking, Data Locality , User managed snapshots, High
Availability.
DR Cloud Recovery.
Unified Storage
On hands experience with Extended File Systems (ACLs), Global Deduplication, Intelligent
Read/Write cache, Cloud diagnostics, Configurable Mesh.
*Ticketing tool used was Salesforce*
Additional features of Panzura Storage controller
*McAfee VirusScan Enterprise 8.8 with VirusScan Enterprise for Storage

*Symantec Protection Engine for Network attached Storage.

Responsibilities: Aligned to Infrastructure services (Storage and Networking)
Troubleshooting on the following products and platforms:
* ESXi&vCenter platform
Host profiles and Auto deployment for ESXi.
Update manager
3rd party storage APIs like VAAI and working with RDMs.
Storage issues (Fibre Channel, iSCSI and NAS storage).
Issues pertaining to vmotion, Storage vmotion, host disconnect, host in not responding state.
Issues pertaining to virtual machines (Power on failure, inactive state, consolidation of snapshots,
file lock)
Issues pertaining to Host crash and identifying the hardware component or firmware/driver
responsible.
Understanding of basic configuration pre-requisites at the host level and virtual machine for
optimal performance.
vCenter deployment pre-requisites as an appliance or installation on a Windows server with
Multiclient.
Knowledge on SSO authentication with manual and automated SSL generated certificatesResponsibilities: Aligned to Infrastructure services (Storage and Networking)
Troubleshooting on the following products and platforms:
* ESXi&vCenter platform
Host profiles and Auto deployment for ESXi.
Update manager
3rd party storage APIs like VAAI and working with RDMs.
Storage issues (Fibre Channel, iSCSI and NAS storage).
Issues pertaining to vmotion, Storage vmotion, host disconnect, host in not responding state.
Issues pertaining to virtual machines (Power on failure, inactive state, consolidation of snapshots,
file lock)
Issues pertaining to Host crash and identifying the hardware component or firmware/driver
responsible.
Understanding of basic configuration pre-requisites at the host level and virtual machine for
optimal performance.
vCenter deployment pre-requisites as an appliance or installation on a Windows server with
Multiclient.
Knowledge on SSO authentication with manual and automated SSL generated certificates.

Responsibilities: (Aligned to Acronis Backup and recovery program)
(* Acronis was the basic software provider to backup and recover the data related to all the above
mentioned platforms.*)
Troubleshooting issues related to:
o Operating systems Platforms: Windows XP, Windows Vista, Windows 7, Windows Server
2003/2008/2012.
o Databases such as : Microsoft Exchange server 2003/2007, Microsoft SQL Server.
o Virtualization platforms like: VMware, Virtual PC, Citrix Xenapp and Citrix Xen Server.
o Disaster recovery, related to workstations, servers and backup of data online.

Technical Support Engineer(Global Service Desk)
Responsibilities: (Aligned to KPMG process)
o Troubleshooting operating system,MS office suite, KPMG applications, Active Directory, printers,wireless and wired network concepts(modem, office, wireless network, virtual private network),
Blackberry issues, network and password resets for users and basic server issues.
o Handle queries from KPMG staff.
o Worked on Remedy tool, Active directory, Remote server access tool and Amdocs tool.
o Ensure cases are processed in compliance with current policies, guidelines and legislation.
o Develop sound relationships with KPMG staff by maintaining two-way communication.
o Adhere to Group Credit Policy and Code of Banking Practice with the objective of maximizing
revenue and minimizing risk.
o Escalate all applications over Amdocs, with appropriate and perfect information updated in the
Amdocs tool.
o Problem and incident management.