Tag Archives: microsoft
Où acheter Ozempic aux Philippines +44 —7552 —984331(((healthlinesphama.com)))
Trouver où acheter Ozempic aux Philippines est essentiel pour gérer le diabète de type 2. une marque de sémaglutide, aide à réguler la glycémie et aide à la gestion du poids. Une autre option consiste à explorer les cliniques et hôpitaux spécialisés dans le diabète. Ils offrent également l’avantage supplémentaire de bénéficier de conseils et d’un soutien médicaux professionnels. Savoir où acheter Ozempic aux Philippines garantit que les individus peuvent gérer efficacement leur diabète en ayant accès à ce médicament essentiel. Pour ceux qui préfèrent acheter en ligne, des plateformes comme healthlinesphama.com proposent Ozempic avec option de livraison. Il est important d’avoir une ordonnance d’un professionnel de la santé, car Ozempic est un médicament sur ordonnance. Consulter un médecin garantit que vous recevez le bon dosage et des conseils sur son utilisation.
Pharmacies locales Stocker la perte de poids
Vous pouvez l’acheter dans des pharmacies locales comme Mercury Drug et Watsons, qui proposent toutes deux des achats et une livraison en ligne.
Pharmacies en ligne au Royaume-Uni
Pour les options en ligne, consultez Southstar Drug et Rose Pharmacy. N’oubliez pas qu’Ozempic nécessite une prescription d’un professionnel de la santé. Consulter un médecin garantit le bon dosage et les bons conseils.
Cliniques et hôpitaux spécialisés proposant Ozempic
De plus, les cliniques et hôpitaux spécialisés dans le diabète, tels que le centre médical St. Luke et The Medical City, stockent souvent Ozempic et fournissent un soutien médical professionnel. Savoir où acheter Ozempic aux Philippines garantit une gestion efficace du diabète.
Trouver où acheter Ozempic aux Philippines est essentiel pour gérer le diabète de type 2. une marque de sémaglutide, aide à réguler la glycémie et aide à la gestion du poids. Une autre option consiste à explorer les cliniques et hôpitaux spécialisés dans le diabète. Ils offrent également l’avantage supplémentaire de bénéficier de conseils et d’un soutien médicaux professionnels. Savoir où acheter Ozempic aux Philippines garantit que les individus peuvent gérer efficacement leur diabète en ayant accès à ce médicament essentiel. Pour ceux qui préfèrent acheter en ligne, des plateformes comme healthlinesphama.com proposent Ozempic avec option de livraison. Il est important d’avoir une ordonnance d’un professionnel de la santé, car Ozempic est un médicament sur ordonnance. Consulter un médecin garantit que vous recevez le bon dosage et des conseils sur son utilisation.Pharmacies locales Stocker la perte de poidsVous pouvez l’acheter dans des pharmacies locales comme Mercury Drug et Watsons, qui proposent toutes deux des achats et une livraison en ligne.Pharmacies en ligne au Royaume-UniPour les options en ligne, consultez Southstar Drug et Rose Pharmacy. N’oubliez pas qu’Ozempic nécessite une prescription d’un professionnel de la santé. Consulter un médecin garantit le bon dosage et les bons conseils.Cliniques et hôpitaux spécialisés proposant OzempicDe plus, les cliniques et hôpitaux spécialisés dans le diabète, tels que le centre médical St. Luke et The Medical City, stockent souvent Ozempic et fournissent un soutien médical professionnel. Savoir où acheter Ozempic aux Philippines garantit une gestion efficace du diabète. Read More
Question about categorizing transactions from bank statement in EXCEL
I have a problem of categorizing every transaction in the bank statement for bookkeeping purposes.
As shown below, I have to input the Description for every item, and every item has to refer to different columns.
For example, if we see “CHECK NO” in REf 2, we have to input “*Look up in other excel file*”.
If “John” appears in REF2, we have to input “JOHN CO. -BC”.
If “BOOKTRANSFER” appears in “BANK TRAN. DESCRIPTION“, we have to input “BOOKTRANSFER DR. ABC CR. Def“.
If 360.9(DEBIT) and PAY TO CAR. CO(REF4) appears at the same time, than “VEHICLE LOAN – TOYOTA 123” (I still cannot figure out how to write this rule).
There are hundreds of these rules.
I wrote a function, like
=IFS(ISNUMBER(SEARCH((“BOOKTRANSFER”),CONCAT(B6,F6:K6),1)),”BOOKTRANSFER DR.ABC CR. Def”,
ISNUMBER(SEARCH((“John”),CONCAT(B6,F6:K6),1)),”JOHN CO. – BC”,
ISNUMBER(SEARCH((“CHECK NO”),CONCAT(B6,F6:K6),1)),”*Look up in other excel file*”),
and drag it down in cell E, to facilitate my job.
However, I cannot enter every single rules into a cell, and it would be very long and complicated. It is also difficult to modify.
I just wonder whether I can do it with a table or not, like this:
so I can input hundreds of rules.
But I still cannot figure out how to do it with a table.
Please advise if there is a smarter way to do the job.
Thank you.
(P.S. Reply in Chinese and English are welcomed)
I have a problem of categorizing every transaction in the bank statement for bookkeeping purposes. As shown below, I have to input the Description for every item, and every item has to refer to different columns. For example, if we see “CHECK NO” in REf 2, we have to input “*Look up in other excel file*”.If “John” appears in REF2, we have to input “JOHN CO. -BC”.If “BOOKTRANSFER” appears in “BANK TRAN. DESCRIPTION”, we have to input “BOOKTRANSFER DR. ABC CR. Def”.If 360.9(DEBIT) and PAY TO CAR. CO(REF4) appears at the same time, than “VEHICLE LOAN – TOYOTA 123” (I still cannot figure out how to write this rule). There are hundreds of these rules. I wrote a function, like=IFS(ISNUMBER(SEARCH((“BOOKTRANSFER”),CONCAT(B6,F6:K6),1)),”BOOKTRANSFER DR.ABC CR. Def”,ISNUMBER(SEARCH((“John”),CONCAT(B6,F6:K6),1)),”JOHN CO. – BC”,ISNUMBER(SEARCH((“CHECK NO”),CONCAT(B6,F6:K6),1)),”*Look up in other excel file*”),and drag it down in cell E, to facilitate my job. However, I cannot enter every single rules into a cell, and it would be very long and complicated. It is also difficult to modify. I just wonder whether I can do it with a table or not, like this: so I can input hundreds of rules.But I still cannot figure out how to do it with a table.Please advise if there is a smarter way to do the job.Thank you. (P.S. Reply in Chinese and English are welcomed) Read More
Once you use Edge Dev to search, then the browser will crash
With Edge Dev version 126.0.2578.1, the browser crashes when searching with Bing on the browser’s home page or address bar, but it doesn’t happen when visiting some other websites, such as BiliBili. And for some reason, on my computer I also crash when I open account.microsoft.com with Edge Dev.
Since I am not familiar with English, I wrote this article using the machine translation service provided by Microsoft, so please forgive me if there are grammatical errors.
With Edge Dev version 126.0.2578.1, the browser crashes when searching with Bing on the browser’s home page or address bar, but it doesn’t happen when visiting some other websites, such as BiliBili. And for some reason, on my computer I also crash when I open account.microsoft.com with Edge Dev. Since I am not familiar with English, I wrote this article using the machine translation service provided by Microsoft, so please forgive me if there are grammatical errors. Read More
GET STARTED WITH POWER AUTOMATE
My name is MAH E UROOJ and I’m Muslim Pakistani. I’m newly selected Microsoft Learn Student Ambassador milestone – Alpha. I cordially invite you all to attend an MLSA Challenge scheduled this upcoming week. Fasten your seat belts and get ready to test your knowledge and expertise! Get registered for Ambassadors Challenge! Your all presence will make this Challenge a success. You can also get a chance to win Microsoft Certificate and LinkedIn Premium voucher.
The challenge joining URL is given below:
Fill in the Microsoft Forms link below as an incentive to participate:
https://forms.office.com/r/kKinFRiX3y
Clouds Skills Challenge URL:
Start Date: May 28, 2024.
End Date: June 06, 2024.
Microsoft Ambassadors Cloud Skills Challenge.
To get more information about Ambassadors Challenge watch the attached CSC KickOff ppt.
LEARN, READ, WRITE & GROW!
My name is MAH E UROOJ and I’m Muslim Pakistani. I’m newly selected Microsoft Learn Student Ambassador milestone – Alpha. I cordially invite you all to attend an MLSA Challenge scheduled this upcoming week. Fasten your seat belts and get ready to test your knowledge and expertise! Get registered for Ambassadors Challenge! Your all presence will make this Challenge a success. You can also get a chance to win Microsoft Certificate and LinkedIn Premium voucher.The challenge joining URL is given below:Fill in the Microsoft Forms link below as an incentive to participate:https://forms.office.com/r/kKinFRiX3yClouds Skills Challenge URL:https://learn.microsoft.com/training/challenges?id=8daeda86-6f40-4d3f-a722-90458f757bc8&WT.mc_id=cloudskillschallenge_8daeda86-6f40-4d3f-a722-90458f757bc8&wt.mc_id=studentamb_293206 Start Date: May 28, 2024.End Date: June 06, 2024.Microsoft Ambassadors Cloud Skills Challenge.To get more information about Ambassadors Challenge watch the attached CSC KickOff ppt.LEARN, READ, WRITE & GROW! Read More
My mail adress disappeared since my last log in.
Hello
Someone might give me some help on my issue…
I have an email adress, let’s say xxx @ hotmail.fr
It’s a very old mail adress (understand, almost 20y old) with a fair amount of mails in it.
Due to people trying to log into this very address since months (or even year i’m not sure), i have been forced to constantly change my password over the time. So, i finally decided to change the way i proceed this last friday :
1. I logged in xxx @ hotmail.fr and changed once more the password
2. I created a whole new microsoft account, this very one i’m using here, with a novel mail that would become the main mail
3. I associated the email address with my account.
4. I made so that my old skype account and old email become alias of my new account.
Things seemed to work as expected friday.
Except that today, trying to log into my new microsoft account, my old mail is not associated anymore with it. It simply disappeared
Trying to log in with my old mail doesn’t work either : “This Microsoft account does not exist”.
This make no sense since that was working Friday, and now it just disappeared and is not associated with my microsoft account anymore.
.
Hello Someone might give me some help on my issue… I have an email adress, let’s say xxx @ hotmail.frIt’s a very old mail adress (understand, almost 20y old) with a fair amount of mails in it. Due to people trying to log into this very address since months (or even year i’m not sure), i have been forced to constantly change my password over the time. So, i finally decided to change the way i proceed this last friday : 1. I logged in xxx @ hotmail.fr and changed once more the password2. I created a whole new microsoft account, this very one i’m using here, with a novel mail that would become the main mail 3. I associated the email address with my account. 4. I made so that my old skype account and old email become alias of my new account. Things seemed to work as expected friday. Except that today, trying to log into my new microsoft account, my old mail is not associated anymore with it. It simply disappearedTrying to log in with my old mail doesn’t work either : “This Microsoft account does not exist”. This make no sense since that was working Friday, and now it just disappeared and is not associated with my microsoft account anymore.. Read More
I need a best & safe Facebook video downloader, Any suggestions?
I’m looking for the best and safest Facebook video downloader for my PC (Windows 11). I’ve tried a few free online tools, but I’ve encountered issues like annoying ads, potential security risks, and poor video quality. Given these challenges, I’m seeking recommendations for reliable software that offers a smooth user experience, consistent performance, and HD high-quality downloads. If you have any suggestions or have had positive experiences with specific tools, I would greatly appreciate your input. Thanks in advance!
I’m looking for the best and safest Facebook video downloader for my PC (Windows 11). I’ve tried a few free online tools, but I’ve encountered issues like annoying ads, potential security risks, and poor video quality. Given these challenges, I’m seeking recommendations for reliable software that offers a smooth user experience, consistent performance, and HD high-quality downloads. If you have any suggestions or have had positive experiences with specific tools, I would greatly appreciate your input. Thanks in advance! Read More
Carry over cell formatting from source worksheet to destination worksheet generated via LET (TAKE 2?
Not sure if the first request is out there somewhere.
I have created a custom format(s) ‘#0.00 ” in”‘ so when a value is entered, it displays “1.00 in”. Using a LET statement on a destination worksheet, the data is filtered and copied over. However, the custom format is not copied over. Is there a way to do this?
=LET(
features_tbl, FILTER(‘pty-linkProductFeatures_Base’!$A$1:$BG$1600, ‘pty-linkProductFeatures_Base’!$A1:$A$1600<>””),
data, DROP(DROP(features_tbl, 1, 2),, -1),
keys, DROP(HSTACK(TAKE(features_tbl,, -1), TAKE(features_tbl,, 2)), 1),
specNames, DROP(DROP(TAKE(features_tbl, 1),, 2),, -1),
code, XLOOKUP(specNames, Table_Specifications[Attribute name], Table_Specifications[[Classification Attribute ]], “not found”),
typevalue, XLOOKUP(specNames,Table_Specifications[Attribute name], Table_Specifications[Feature Type], “not found”),
a, SEQUENCE(ROWS(data)),
b, SEQUENCE(, COLUMNS(data)),
CHOOSECOLS(
EXPAND(
HSTACK(
CHOOSEROWS(keys, TOCOL(IF(b,a))),
TOCOL(IF(a,code)),
TOCOL(IF(a,typevalue))&”,”&TOCOL(data)
),, 7, “”),
2, 3, 4, 5, 6, 7, 1
)
)
Not sure if the first request is out there somewhere. I have created a custom format(s) ‘#0.00 ” in”‘ so when a value is entered, it displays “1.00 in”. Using a LET statement on a destination worksheet, the data is filtered and copied over. However, the custom format is not copied over. Is there a way to do this? =LET(features_tbl, FILTER(‘pty-linkProductFeatures_Base’!$A$1:$BG$1600, ‘pty-linkProductFeatures_Base’!$A1:$A$1600<>””),data, DROP(DROP(features_tbl, 1, 2),, -1),keys, DROP(HSTACK(TAKE(features_tbl,, -1), TAKE(features_tbl,, 2)), 1),specNames, DROP(DROP(TAKE(features_tbl, 1),, 2),, -1),code, XLOOKUP(specNames, Table_Specifications[Attribute name], Table_Specifications[[Classification Attribute ]], “not found”),typevalue, XLOOKUP(specNames,Table_Specifications[Attribute name], Table_Specifications[Feature Type], “not found”),a, SEQUENCE(ROWS(data)),b, SEQUENCE(, COLUMNS(data)),CHOOSECOLS(EXPAND(HSTACK(CHOOSEROWS(keys, TOCOL(IF(b,a))),TOCOL(IF(a,code)),TOCOL(IF(a,typevalue))&”,”&TOCOL(data)),, 7, “”),2, 3, 4, 5, 6, 7, 1)) Read More
Save screenshots to onedrive option not available any more?
I’ve always used onedrive to save my screenshots but today the option to save them to OneDrive is missing. How to revert this option?
I’ve always used onedrive to save my screenshots but today the option to save them to OneDrive is missing. How to revert this option? Read More
A BlackByte Ransomware intrusion case study
Introduction
As ransomware attacks grow in number and sophistication every year, threat actors can quickly impact business operations if organizations are not well prepared. In this blog, we detail an investigation into a ransomware event. During this intrusion the threat actor progressed through the full attack chain, from initial access through to impact, in less than five days, causing significant business disruption for the victim organization.
During the investigation, the Microsoft Incident Response team (formerly known as DART) identified the threat actor employing a range of tools & techniques to achieve their objectives, including:
Exploitation of unpatched internet exposed Microsoft Exchange Servers
Web Shell deployment facilitating remote access
Use of living of the land tools for persistence and reconnaissance
Cobalt Strike beacons for command and control
Process Hollowing and the use of vulnerable drivers for defense evasion
Deployment of custom developed backdoors to facilitate persistence
Deployment of a custom developed data collection and exfiltration tool
Forensic analysis
Initial Access
In order to obtain initial access into the victim’s environment, the Threat Actor was observed exploiting known vulnerabilities (ProxyShell) on unpatched Microsoft Exchange Servers:
CVE-2021-34473
CVE-2021-34523
CVE-2021-31207
The exploitation of these vulnerabilities allowed the Threat Actor to:
Attain SYSTEM level privileges on the compromised Exchange host
Enumerate LegacyDN of users by sending an Autodiscover requests, including SIDs of users
Construct a valid authentication token and use it against the Exchange Powershell backend
Impersonate domain admin users and creates a web shell by using the New-MailboxExportRequest cmdlet
Create web shells in order to obtain remote control on the affected servers
The Threat Actor was observed operating from the following IP to exploit ProxyShell and access the web shell:
185.225.73[.]244
Persistence
Backdoor
Microsoft IR identified the creation of Registry Run Keys, a common persistence mechanism employed by threat actors to maintain access to a compromised device, where a payload is executed each time a specific user logs in.
Registry Key
ValueName
ValueData
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
MsEdgeMsE
rundll32 C:UsersuserDownloadsapi-msvc.dll,Default
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
MsEdgeMsE
rundll32 C:tempapi-msvc.dll,Default
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
MsEdgeMsE
rundll32 C:systemtestapi-system.png,Default
api-msvc.dll, detected by Microsoft Defender Antivirus as Trojan:Win32/Kovter!MSR, was determined to be a backdoor capable of collecting system information such as installed antivirus products, device name and IP address. This information is then sent via HTTP POST request to a command and control (C2) channel:
hxxps://myvisit[.]alteksecurity[.]org/t
FileName
SHA-256
api-msvc.dll
4a066569113a569a6feb8f44257ac8764ee8f2011765009fdfd82fe3f4b92d3e
Unfortunately, the organization was not using Microsoft Defender as the primary AV/EDR solution, preventing to take action against the malicious code.
An additional file name, api-system.png, was identified with similarities to api-msvc.dll. This file behaved like a DLL, had the same default export function, and also leveraged Run Keys for persistence.
Cobalt Strike Beacon
The threat actor leveraged Cobalt Strike, a common commercial penetration testing tool, to achieve persistence. The file sys.exe, detected by Microsoft Defender Antivirus as Trojan:Win64/CobaltStrike!MSR, was determined to be a Cobalt Strike beacon and was downloaded directly from the file sharing service temp.sh:
hxxps://temp[.]sh/szAyn/sys.exe
This beacon was configured to communicate with the following command and control (C2) channel:
109.206.243[.]59:443
FileName
SHA-256
sys.exe
5f37b85687780c089607670040dbb3da2749b91b8adc0aa411fd6280b5fa7103
AnyDesk
Microsoft IR frequently observes threat actors leveraging legitimate remote access during an intrusion, in an effort to blend in on a victim network. In this case, the threat actor utilized AnyDesk, a common remote administration tool to maintain persistence and move laterally within the network. AnyDesk was installed as a Service and was executed from the following paths:
C:systemtestanydeskAnyDesk.exe
C:Program Files (x86)AnyDeskAnyDesk.exe
C:ScriptsAnyDesk.exe
Successful connections were observed in AnyDesk Logs (ad_svc.trace) involving anonymizer service IP addresses linked to TOR and MULLVAD VPN. This is a common technique that actors employ to obscure their source IP ranges.
Reconnaissance and Privilege Escalation
Microsoft IR found the presence and execution of the network discovery tool NetScan being used by the threat actor to perform network enumeration, under the following executable names:
netscan.exe
netapp.exe
FileName
SHA-256
netscan.exe
1b9badb1c646a19cdf101ac4f6fdd23bc61eaab8c9f925eb41848cea9fd0738e
netapp.exe
1b9badb1c646a19cdf101ac4f6fdd23bc61eaab8c9f925eb41848cea9fd0738e
In addition, execution of AdFind, an Active Directory reconnaissance tool, was observed in the environment.
FileName
SHA-256
adfind.exe
f157090fd3ccd4220298c06ce8734361b724d80459592b10ac632acc624f455e
Credential Access
Evidence of likely Mimikatz usage, a credential theft tool commonly used by threat actors, was also uncovered, through the presence of a related log file mimikatz.log.
Microsoft IR assesses that Mimikatz was likely used to attain credentials for privileged accounts.
Lateral Movement
Using compromised domain admin credentials, the threat actor used Remote Desktop Protocol and Powershell Remoting to obtain access to other servers in the environment, including Domain Controllers.
Data Staging and Data Exfiltration
A suspicious file named “explorer.exe” was identified. The file was recognized by Microsoft Defender Antivirus as “Trojan:Win64/WinGoObfusc.LK!MT” and quarantined, but after disabling Windows Defender Antivirus service, the threat actor was able to execute the file using the following command:
explorer.exe P@$$w0rd
FileName
SHA-256
explorer.exe
2d078d18e64c0085278245e284112e01aa64c69a1485bf07a6d649773293faf6
Explorer.exe was reverse engineered by Microsoft IR and determined to be ExByte, a GoLang based tool developed and commonly used in BlackByte ransomware attacks for collection and exfiltration of files from victim networks.
The binary is capable of enumerating files of interest across the network, and upon execution creates a log file containing a list of files and associated metadata.
Multiple log files were uncovered during the investigation in the path:
C:ExchangeMSExchLog.log
Analysis of the binary revealed a list of file extensions which are targeted for enumeration.
Binary analysis showing file extensions enumerated by explorer.exe
Forensic analysis identified a file named data.txt that was created and later deleted after ExByte execution. This file contained obfuscated credentials which ExByte leveraged to authenticate to the popular file sharing platform Mega NZ, via it’s API at:
hxxps://g.api.mega.co[.]nz
Binary analysis showing explorer.exe functionality for connecting to file sharing service MEGA NZ
Microsoft IR also determined that this tool was crafted specifically for the victim, as it contained a hardcoded device name belonging to the victim and an internal IP address.
Execution Flow
Upon execution ExByte decodes several strings and checks if the process is running with privileged access by reading \.PHYSICALDRIVE0:
If this check fails, ShellExecuteW is invoked with IpOperation parameter RunAs which runs explorer.exe with elevated privilege.
After this access check, explorer.exe attempts to read data.txt file in the current location:
If the text file doesn’t exist, it invokes a command for self-deletion and exits from memory:
C:Windowssystem32cmd.exe /c ping 1.1.1.1 -n 10 > nul & Del <PATH>explorer.exe /F /Q
If data.txt exists, explorer.exe reads the file, passes the buffer to Base64 decode function and then decrypts the data using the key provided in the command-line. The decrypted data is then parsed as JSON below and fed for login function:
{
“a”:”us0”,
“user”:”<CONTENT FROM data.txt>”
}
Finally, it then forms an URL for login to the API of file sharing service MEGA NZ:
hxxps://g.api.mega.co[.]nz/cs?id=1674017543
Data Encryption and Destruction
MICROSOFT IR found several devices where files had been encrypted and identified suspicious executables, detected by Microsoft Defender Antivirus as Trojan:Win64/BlackByte!MSR, with the following names:
wEFT.exe
schillerized.exe
The files were analyzed and determined to be BlackByte 2.0 binaries responsible for encryption across the environment. This binary requires an 8-digit key number to encrypt files.
Two modes of execution were identified:
When the -s parameter is provided, the ransomware self-deletes and encrypts the machine it was executed on
When the -a parameter is provided, the ransomware conducts enumeration and uses an UPX packed version of PsExec to deploy across the network.
Several domain admin credentials were hardcoded in the binary, facilitating the deployment of the binary across the network.
Depending on the switch (-s or -a), execution may create below files:
C:SystemDataM8yl89s7.exe (Random Name – UPX Packed PsExec)
C:SystemDatawEFT.exe (Additional BlackByte binary)
C:SystemDataMsExchangeLog1.log (Log file)
C:SystemDatarENEgOtiAtES
A Vulnerable (CVE-2019-16098) driver RtCore64.sys, used to evade detection by installed AV/EDR software
C:SystemDataiHu6c4.ico (Random Name – BlackBytes icon)
C:SystemDataBB_Readme_file.txt (BlackByte ReadMe File)
C:SystemDataskip_bypass.txt (Unknown)
FileName
SHA-256
M8yl89s7.exe (RANDOM NAME)
ba3ec3f445683d0d0407157fda0c26fd669c0b8cc03f21770285a20b3133098f
rENEgOtiAtES
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
Some capabilities identified for the BlackByte 2.0 ransomware were:
AV/EDR Bypass:
The file rENEgOtiAtES created matches RTCore64.sys, a vulnerable driver (CVE-2049-16098) that allows any authenticated user to read/write to arbitrary memory.
The BlackByte binary then creates and starts a service named RABAsSaa calling rENEgOtiAtES, and exploits this service to evade detection by installed AV/EDR software.
Process Hollowing
Invokes svchost.exe, injects to it to complete device encryption, and self-deletes by executing the following command:
cmd.exe /c ping 1.1.1.1 -n 10 > Nul & Del “PATH_TO_BLACKBYTE” /F /Q
Modification / Disabling of Windows Firewall
The following commands are executed to either modify existing Windows Firewall rules, or to disable Windows Firewall entirely:
cmd /c netsh advfirewall set allprofiles state off
cmd /c netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=Yes
cmd /c netsh advfirewall firewall set rule group=”Network Discovery” new enable=Yes
Modification of Volume Shadow Copies
The following commands are executed to destroy volume shadow copies on the machine:
cmd /c vssadmin Resize ShadowStorge /For=B: /On=B: /MaxSuze=401MB
cmd /c vssadmin Resize ShadowStorage /For=B: /On=B: /MaxSize=UNBOUNDED
Modification of Registry Keys/Values
The following commands are executed to modify the registry, facilitating elecated execution on the device:
cmd /c reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f
cmd /c reg add HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesSystem /v EnableLinkedConnections /t REG_DWORD /d 1 /f
cmd /c reg add HKLM\SYSTEM\CurrentControlSet\Control\FileSystem /v LongPathsEnabled /t REG_DWORD /d 1 /f
Additional Functionality
Ability to terminate running services and processes.
Ability to enumerate and mount volumes and network shares for encryption.
Perform anti-forensics technique time-stomping (sets the file time of encrypted and ReadMe file to 2000-01-01 00:00:00)
Ability to perform anti-debugging techniques.
Recommendations
To guard against BlackByte ransomware attacks, Microsoft IR recommends the following:
Ensure that you have a patch management process in place and that patching for internet exposed devices is prioritized.
Implement an EDR solution like Microsoft Defender for Endpoint to gain visibility of malicious activity in real time across your network
Ensure antivirus signatures are updated regularly and that your AV solution is configured to block threats
Block inbound traffic from Ips specified in the Indicators of Compromise table
Block inbound traffic from TOR Exit Nodes
Block inbound access from unauthorized public VPN services
Enable tamper protection to prevent components of Microsoft Defender Antivirus from being disabled
Understand and assess your cyber exposure with advanced vulnerability and configuration assessment tools
Indicators of compromise (IOC)
The table below shows IOCs observed during our investigation. We encourage our customers to investigate these indicators in their environments and implement detections and protections to identify past related activity and prevent future attacks against their systems.
Indicator
Type
Description
api-msvc.dll
(Backdoor installed through RunKeys)
SHA-256
4a066569113a569a6feb8f44257ac8764ee8f2011765009fdfd82fe3f4b92d3e
sys.exe
(Cobalt Strike Beacon)
SHA-256
5f37b85687780c089607670040dbb3da2749b91b8adc0aa411fd6280b5fa7103
explorer.exe
(Exbyte, file enumeration and exfiltration tool)
SHA-256
2d078d18e64c0085278245e284112e01aa64c69a1485bf07a6d649773293faf6
rENEgOtiAtES
(Vulnerable driver RtCore64.sys created by BlackByte binary)
SHA-256
01aa278b07b58dc46c84bd0b1b5c8e9ee4e62ea0bf7a695862444af32e87f1fd
[RANDOM_NAME].exe
(UPX Packed PsExec created by BlackByte binary)
SHA-256
ba3ec3f445683d0d0407157fda0c26fd669c0b8cc03f21770285a20b3133098f
“netscan.exe”,
“netapp.exe
(Netscan network discovery tool)
SHA-256
1b9badb1c646a19cdf101ac4f6fdd23bc61eaab8c9f925eb41848cea9fd0738e
AdFind.exe
(Active Directory information gathering tool)
SHA-256
f157090fd3ccd4220298c06ce8734361b724d80459592b10ac632acc624f455e
hxxps://myvisit[.]alteksecurity[.]org/t
URL
C2 for backdoor api-msvc.dll
hxxps://temp[.]sh/szAyn/sys.exe
URL
Download URL for sys.exe
109.206.242[.]59
IP Address
C2 for Cobalt Strike beacon sys.exe
185.225.73[.]44
IP Address
Originating IP address for ProxyShell exploitation and web shell interaction
NOTE: These indicators should not be considered exhaustive for this observed activity.
Detections
Microsoft 365 Defender
Microsoft Defender Antivirus
Trojan:Win32/Kovter!MSR
Trojan:Win64/WinGoObfusc.LK!MT
Trojan:Win64/BlackByte!MSR
HackTool:Win32/AdFind!MSR
Trojan:Win64/CobaltStrike!MSR
Microsoft Defender for Endpoint
Microsoft Defender for Endpoint customers should watch for these alerts that can detect behavior observed in this campaign. Note however that these alerts are not indicative of threats unique to the campaign or actor groups described in this report.
‘CVE-2021-31207’ exploit malware was detected
An active ‘NetShDisableFireWall’ malware in a command line was prevented from executing.
Suspicious registry modification.
‘Rtcore64’ hacktool was detected
Possible ongoing hands-on-keyboard activity (Cobalt Strike)
A file or network connection related to a ransomware-linked emerging threat activity group detected
Suspicious sequence of exploration activities
A process was injected with potentially malicious code
Suspicious behavior by cmd.exe was observed
‘Blackbyte’ ransomware was detected
Microsoft Defender Vulnerability Management
Microsoft Defender Vulnerability Management surfaces impacted devices that may be affected by the Exchange (ProxyShell) and drivers vulnerabilities used in the attack:
CVE-2021-34473
CVE-2021-34523
CVE-2021-31207
CVE-2019-16098
Advanced hunting queries
Microsoft 365 Defender and Microsoft Sentinel
ProxyShell Web Shell Creation Events
DeviceProcessEvents
| where ProcessCommandLine has_any (“ExcludeDumpster”,”New-ExchangeCertificate”) and ProcessCommandLine has_any ((“-RequestFile”,”-FilePath”)
Suspicious Vssadmin Events
DeviceProcessEvents
| where ProcessCommandLine has_any (“vssadmin”,”vssadmin.exe”) and ProcessCommandLine has “Resize ShadowStorage” and ProcessCommandLine has_any (“MaxSize=401MB”,” MaxSize=UNBOUNDED”)
Conclusions
BlackByte Ransomware attacks are still targeting organizations having infrastructure with old unpatched vulnerabilities, allowing them to accomplish their objectives with a minimum effort. According to Shodan, at the time this blog was written, there are nearly 3300 public facing servers still affected to ProxyShell vulnerabilities, making this an easy target for threat actors looking to impact organizations around the world.
As Microsoft shows in the Microsoft Digital Defense Report, key practices like “Keep up to date” in conjunction to other good practices mentioned from a basic security hygiene strategy, could protect against 98 percent of attacks.
As new tools are being developed by threat actors, a modern threat protection solution M365 Defender is necessary to prevent and detect the multiple techniques used in the attack chain, especially where the threat actor attempts to evade or disable specific defense mechanisms.
Hunting for malicious behavior should be performed regularly in order to detect potential attacks that could evade detections, as a complementary activity for continuous monitoring from security tools alerts and incidents.
To understand how Microsoft can help you secure your network and respond to network compromise, visit https://aka.ms/MicrosoftIR.
Appendix
Encryption
Different file extensions are targeted by BlackByte binary for Encryption:
.4dd
.4dl
.accdb
.accdc
.accde
.accdr
.accdt
.accft
.adb
.ade
.adf
.adp
.arc
.ora
.alf
.ask
.btr
.bdf
.cat
.cdb
.ckp
.cma
.cpd
.dacpac
.dad
.dadiagrams
.daschema
.db
.db-shm
.db-wal
.db3
.dbc
.dbf
.dbs
.dbt
.dbv
. dbx
. dcb
. dct
. dcx
. ddl
. dlis
. dp1
. dqy
. dsk
. dsn
. dtsx
. dxl
. eco
. ecx
. edb
. epim
. exb
. fcd
. fdb
. fic
. fmp
. fmp12
. fmpsl
. fol
.fp3
. fp4
. fp5
. fp7
. fpt
. frm
. gdb
. grdb
. gwi
. hdb
. his
. ib
. idb
. ihx
. itdb
. itw
. jet
. jtx
. kdb
. kexi
. kexic
. kexis
. lgc
. lwx
. maf
. maq
. mar
. masmav
. mdb
. mpd
. mrg
. mud
. mwb
. myd
. ndf
. nnt
. nrmlib
. ns2
. ns3
. ns4
. nsf
. nv
. nv2
. nwdb
. nyf
. odb
. ogy
. orx
. owc
. p96
. p97
. pan
. pdb
. pdm
. pnz
. qry
. qvd
. rbf
. rctd
. rod
. rodx
. rpd
. rsd
. sas7bdat
. sbf
. scx
. sdb
. sdc
. sdf
. sis
. spg
. sql
. sqlite
. sqlite3
. sqlitedb
. te
. temx
. tmd
. tps
. trc
. trm
. udb
. udl
. usr
. v12
. vis
. vpd
. vvv
. wdb
. wmdb
. wrk
. xdb
. xld
. xmlff
. abcddb
. abs
. abx
. accdw
. and
. db2
. fm5
. hjt
. icg
. icr
. kdb
. lut
. maw
. mdn
. mdt
File extensions targeted by BlackByte binary for encryption
Also, the following Shared Folders are targeted to encrypt:
Users
Backup
Veeam
homes
home
media
common
Storage Server
Public
Web
Images
Downloads
BackupData
ActiveBackupForBusiness
Backups
NAS-DC
DCBACKUP
DirectorFiles
share
Example: \IP_AddressDownloads
Extensions ignored:
.ini
.url
.msilog
.log
.ldf
.lock
.theme
.msi
.sys
.wpx
.cpl
.adv
.msc
.scr
.key
.ico
.dll
.hta
.deskthemepack
.nomedia
.msu
.rtp
.msp
.idx
.ani
.386
.diagcfg
.bin
.mod
.ics
.com
.hlp
.spl
.nls
.cab
.exe
.diagpkg
.icl
.ocx
.rom
.prf
.thempack
.msstyles
.icns
.mpa
.drv
.cur
.diagcab
.cmd
.shs
Folders ignored:
windows
boot
program files (x86)
windows.old
programdata
intel
bitdefender
trend micro
windowsapps
appdata
application data
system volume information
perflogs
msocache
Files ignored:
bootnxt
ntldr
bootmgr
thumbs.db
ntuser.dat
bootsect.bak
autoexec.bat
iconcache.db
bootfont.bin
Process terminated by BlackByte binary
teracopy
teamviewer
nsservice
nsctrl
uranium
processhacker
procmon
pestudio
procmon64
x32dbg
x64dbg
cff explorer
procexp
pslist
tcpview
tcpvcon
dbgview
rammap
rammap64
vmmap
ollydbg
autoruns
autorunssc
filemon
regmon
idaq
idaq64
immunitydebugger
wireshark
dumpcap
hookexplorer
importrec
petools
lordpe
sysinspector
proc_analyzer
sysanalyzer
sniff_hit
windbg
joeboxcontrol
joeboxserver
resourcehacker
fiddler
httpdebugger
dumpit
rammap
rammap64
vmmap
agntsvc
cntaosmgr
dbeng50
dbsnmp
encsvc
infopath
isqlplussvc
mbamtray
msaccess
msftesql
mspub
mydesktopqos
mydesktopservice
mysqld
mysqld-nt
mysqld-opt
Ntrtscan
ocautoupds
ocomm
ocssd
onenote
oracle
outlook
PccNTMon
powerpnt
sqbcoreservice
sql
sqlagent
sqlbrowser
sqlservr
sqlwriter
steam
synctime
tbirdconfig
thebat
thebat64
thunderbird
tmlisten
visio
winword
wordpad
xfssvccon
zoolz
Services terminated by BlackByte binary
CybereasonRansomFree
vnetd
bpcd
SamSs
TeraCopyService
msftesql
nsService
klvssbridge64
vapiendpoint
ShMonitor
Smcinst
SmcService
SntpService
svcGenericHost
Swi_
TmCCSF
tmlisten
TrueKey
TrueKeyScheduler
TrueKeyServiceHelper
WRSVC
McTaskManager
OracleClientCache80
mfefire
wbengine
mfemms
RESvc
mfevtp
sacsvr
SAVAdminService
SepMasterService
PDVFSService
ESHASRV
SDRSVC
FA_Scheduler
KAVFS
KAVFS_KAVFSGT
kavfsslp
klnagent
macmnsvc
masvc
MBAMService
MBEndpointAgent
McShield
audioendpointbuilder
Antivirus
AVP
DCAgent
bedbg
EhttpSrv
MMS
ekrn
EPSecurityService
EPUpdateService
ntrtscan
EsgShKernel
msexchangeadtopology
AcrSch2Svc
MSOLAP$TPSAMA
Intel(R) PROSet Monitoring
msexchangeimap4
ARSM
unistoresvc_1af40a
ReportServer$TPS
MSOLAP$SYSTEM_BGC
W3Svc
MSExchangeSRS
ReportServer$TPSAMA
Zoolz 2 Service
MSOLAP$TPS
aphidmonitorservice
SstpSvc
MSExchangeMTA
ReportServer$SYSTEM_BGC
Symantec System Recovery
UI0Detect
MSExchangeSA
MSExchangeIS
ReportServer
MsDtsServer110
POP3Svc
MSExchangeMGMT
SMTPSvc
MsDtsServer
IisAdmin
MSExchangeES
EraserSvc11710
Enterprise Client Service
MsDtsServer100
NetMsmqActivator
stc_raw_agent
VSNAPVSS
PDVFSService
AcrSch2Svc
Acronis
CASAD2DWebSvc
CAARCUpdateSvc
McAfee
avpsus
DLPAgentService
mfewc
BMR Boot Service
DefWatch
ccEvtMgr
ccSetMgr
SavRoam
RTVsc
screenconnect
ransom
sqltelemetry
msexch
vnc
teamviewer
msolap
veeam
backup
sql
memtas
vss
sophos
svc$
mepocs
wuauserv
EDR/AV drivers Blackbyte can bypass
360avflt.sys
360box.sys
360fsflt.sys
360qpesv.sys
5nine.cbt.sys
a2acc.sys
a2acc64.sys
a2ertpx64.sys
a2ertpx86.sys
a2gffi64.sys
a2gffx64.sys
a2gffx86.sys
aaf.sys
aalprotect.sys
abrpmon.sys
accessvalidator.sys
acdriver.sys
acdrv.sys
adaptivaclientcache32.sys
adaptivaclientcache64.sys
adcvcsnt.sys
adspiderdoc.sys
aefilter.sys
agentrtm64.sys
agfsmon.sys
agseclock.sys
agsyslock.sys
ahkamflt.sys
ahksvpro.sys
ahkusbfw.sys
ahnrghlh.sys
aictracedrv_am.sys
airship-filter.sys
ajfsprot.sys
alcapture.sys
alfaff.sys
altcbt.sys
amfd.sys
amfsm.sys
amm6460.sys
amm8660.sys
amsfilter.sys
amznmon.sys
antileakfilter.sys
antispyfilter.sys
anvfsm.sys
apexsqlfilterdriver.sys
appcheckd.sys
appguard.sys
appvmon.sys
arfmonnt.sys
arta.sys
arwflt.sys
asgard.sys
ashavscan.sys
asiofms.sys
aswfsblk.sys
aswmonflt.sys
aswsnx.sys
aswsp.sys
aszfltnt.sys
atamptnt.sys
atc.sys
atdragent.sys
atdragent64.sys
aternityregistryhook.sys
atflt.sys
atrsdfw.sys
auditflt.sys
aupdrv.sys
avapsfd.sys
avc3.sys
avckf.sys
avfsmn.sys
avgmfi64.sys
avgmfrs.sys
avgmfx64.sys
avgmfx86.sys
avgntflt.sys
avgtpx64.sys
avgtpx86.sys
avipbb.sys
avkmgr.sys
avmf.sys
awarecore.sys
axfltdrv.sys
axfsysmon.sys
ayfilter.sys
b9kernel.sys
backupreader.sys
bamfltr.sys
bapfecpt.sys
bbfilter.sys
bd0003.sys
bddevflt.sys
bdfiledefend.sys
bdfilespy.sys
bdfm.sys
bdfsfltr.sys
bdprivmon.sys
bdrdfolder.sys
bdsdkit.sys
bdsfilter.sys
bdsflt.sys
bdsvm.sys
bdsysmon.sys
bedaisy.sys
bemk.sys
bfaccess.sys
bfilter.sys
bfmon.sys
bhdrvx64.sys
bhdrvx86.sys
bhkavka.sys
bhkavki.sys
bkavautoflt.sys
bkavsdflt.sys
blackbirdfsa.sys
blackcat.sys
bmfsdrv.sys
bmregdrv.sys
boscmflt.sys
bosfsfltr.sys
bouncer.sys
boxifier.sys
brcow_x_x_x_x.sys
brfilter.sys
brnfilelock.sys
brnseclock.sys
browsermon.sys
bsrfsflt.sys
bssaudit.sys
bsyaed.sys
bsyar.sys
bsydf.sys
bsyirmf.sys
bsyrtm.sys
bsysp.sys
bsywl.sys
bwfsdrv.sys
bzsenspdrv.sys
bzsenth.sys
bzsenyaradrv.sys
caadflt.sys
caavfltr.sys
cancelsafe.sys
carbonblackk.sys
catflt.sys
catmf.sys
cbelam.sys
cbfilter20.sys
cbfltfs4.sys
cbfsfilter2017.sys
cbfsfilter2020.sys
cbsampledrv.sys
cdo.sys
cdrrsflt.sys
cdsgfsfilter.sys
centrifyfsf.sys
cfrmd.sys
cfsfdrv
cgwmf.sys
change.sys
changelog.sys
chemometecfilter.sys
ciscoampcefwdriver.sys
ciscoampheurdriver.sys
ciscosam.sys
clumiochangeblockmf.sys
cmdccav.sys
cmdcwagt.sys
cmdguard.sys
cmdmnefs.sys
cmflt.sys
code42filter.sys
codex.sys
conduantfsfltr.sys
containermonitor.sys
cpavfilter.sys
cpavkernel.sys
cpepmon.sys
crexecprev.sys
crncache32.sys
crncache64.sys
crnsysm.sys
cruncopy.sys
csaam.sys
csaav.sys
csacentr.sys
csaenh.sys
csagent.sys
csareg.sys
csascr.sys
csbfilter.sys
csdevicecontrol.sys
csfirmwareanalysis.sys
csflt.sys
csmon.sys
cssdlp.sys
ctamflt.sys
ctifile.sys
ctinet.sys
ctrpamon.sys
ctx.sys
cvcbt.sys
cvofflineflt32.sys
cvofflineflt64.sys
cvsflt.sys
cwdriver.sys
cwmem2k64.sys
cybkerneltracker.sys
cylancedrv64.sys
cyoptics.sys
cyprotectdrv32.sys
cyprotectdrv64.sys
cytmon.sys
cyverak.sys
cyvrfsfd.sys
cyvrlpc.sys
cyvrmtgn.sys
datanow_driver.sys
dattofsf.sys
da_ctl.sys
dcfafilter.sys
dcfsgrd.sys
dcsnaprestore.sys
deepinsfs.sys
delete_flt.sys
devmonminifilter.sys
dfmfilter.sys
dgedriver.sys
dgfilter.sys
dgsafe.sys
dhwatchdog.sys
diflt.sys
diskactmon.sys
dkdrv.sys
dkrtwrt.sys
dktlfsmf.sys
dnafsmonitor.sys
docvmonk.sys
docvmonk64.sys
dpmfilter.sys
drbdlock.sys
drivesentryfilterdriver2lite.sys
drsfile.sys
drvhookcsmf.sys
drvhookcsmf_amd64.sys
drwebfwflt.sys
drwebfwft.sys
dsark.sys
dsdriver.sys
dsfemon.sys
dsflt.sys
dsfltfs.sys
dskmn.sys
dtdsel.sys
dtpl.sys
dwprot.sys
dwshield.sys
dwshield64.sys
eamonm.sys
easeflt.sys
easyanticheat.sys
eaw.sys
ecatdriver.sys
edevmon.sys
ednemfsfilter.sys
edrdrv.sys
edrsensor.sys
edsigk.sys
eectrl.sys
eetd32.sys
eetd64.sys
eeyehv.sys
eeyehv64.sys
egambit.sys
egfilterk.sys
egminflt.sys
egnfsflt.sys
ehdrv.sys
elock2fsctldriver.sys
emxdrv2.sys
enigmafilemondriver.sys
enmon.sys
epdrv.sys
epfw.sys
epfwwfp.sys
epicfilter.sys
epklib.sys
epp64.sys
epregflt.sys
eps.sys
epsmn.sys
equ8_helper.sys
eraser.sys
esensor.sys
esprobe.sys
estprmon.sys
estprp.sys
estregmon.sys
estregp.sys
estrkmon.sys
estrkr.sys
eventmon.sys
evmf.sys
evscase.sys
excfs.sys
exprevdriver.sys
failattach.sys
failmount.sys
fam.sys
fangcloud_autolock_driver.sys
fapmonitor.sys
farflt.sys
farwflt.sys
fasdriver
fcnotify.sys
fcontrol.sys
fdrtrace.sys
fekern.sys
fencry.sys
ffcfilt.sys
ffdriver.sys
fildds.sys
filefilter.sys
fileflt.sys
fileguard.sys
filehubagent.sys
filemon.sys
filemonitor.sys
filenamevalidator.sys
filescan.sys
filesharemon.sys
filesightmf.sys
filesystemcbt.sys
filetrace.sys
file_monitor.sys
file_protector.sys
file_tracker.sys
filrdriver.sys
fim.sys
fiometer.sys
fiopolicyfilter.sys
fjgsdis2.sys
fjseparettifilterredirect.sys
flashaccelfs.sys
flightrecorder.sys
fltrs329.sys
flyfs.sys
fmdrive.sys
fmkkc.sys
fmm.sys
fortiaptfilter.sys
fortimon2.sys
fortirmon.sys
fortishield.sys
fpav_rtp.sys
fpepflt.sys
fsafilter.sys
fsatp.sys
fsfilter.sys
fsgk.sys
fshs.sys
fsmon.sys
fsmonitor.sys
fsnk.sys
fsrfilter.sys
fstrace.sys
fsulgk.sys
fsw31rj1.sys
gagsecurity.sys
gbpkm.sys
gcffilter.sys
gddcv.sys
gefcmp.sys
gemma.sys
geprotection.sys
ggc.sys
gibepcore.sys
gkff.sys
gkff64.sys
gkpfcb.sys
gkpfcb64.sys
gofsmf.sys
gpminifilter.sys
groundling32.sys
groundling64.sys
gtkdrv.sys
gumhfilter.sys
gzflt.sys
hafsnk.sys
hbflt.sys
hbfsfltr.sys
hcp_kernel_acq.sys
hdcorrelatefdrv.sys
hdfilemon.sys
hdransomoffdrv.sys
hdrfs.sys
heimdall.sys
hexisfsmonitor.sys
hfileflt.sys
hiofs.sys
hmpalert.sys
hookcentre.sys
hooksys.sys
hpreg.sys
hsmltmon.sys
hsmltwhl.sys
hssfwhl.sys
hvlminifilter.sys
ibr2fsk.sys
iccfileioad.sys
iccfilteraudit.sys
iccfiltersc.sys
icfclientflt.sys
icrlmonitor.sys
iderafilterdriver.sys
ielcp.sys
ieslp.sys
ifs64.sys
ignis.sys
iguard.sys
iiscache.sys
ikfilesec.sys
im.sys
imffilter.sys
imfilter.sys
imgguard.sys
immflex.sys
immunetprotect.sys
immunetselfprotect.sys
inisbdrv64.sys
ino_fltr.sys
intelcas.sys
intmfs.sys
inuse.sys
invprotectdrv.sys
invprotectdrv64.sys
ionmonwdrv.sys
iothorfs.sys
ipcomfltr.sys
ipfilter.sys
iprotect.sys
iridiumswitch.sys
irongatefd.sys
isafekrnl.sys
isafekrnlmon.sys
isafermon
isecureflt.sys
isedrv.sys
isfpdrv.sys
isirmfmon.sys
isregflt.sys
isregflt64.sys
issfltr.sys
issregistry.sys
it2drv.sys
it2reg.sys
ivappmon.sys
iwdmfs.sys
iwhlp.sys
iwhlp2.sys
iwhlpxp.sys
jdppsf.sys
jdppwf.sys
jkppob.sys
jkppok.sys
jkpppf.sys
jkppxk.sys
k7sentry.sys
kavnsi.sys
kawachfsminifilter.sys
kc3.sys
kconv.sys
kernelagent32.sys
kewf.sys
kfac.sys
kfileflt.sys
kisknl.sys
klam.sys
klbg.sys
klboot.sys
kldback.sys
kldlinf.sys
kldtool.sys
klfdefsf.sys
klflt.sys
klgse.sys
klhk.sys
klif.sys
klifaa.sys
klifks.sys
klifsm.sys
klrsps.sys
klsnsr.sys
klupd_klif_arkmon.sys
kmkuflt.sys
kmnwch.sys
kmxagent.sys
kmxfile.sys
kmxsbx.sys
ksfsflt.sys
ktfsfilter.sys
ktsyncfsflt.sys
kubwksp.sys
lafs.sys
lbd.sys
lbprotect.sys
lcgadmon.sys
lcgfile.sys
lcgfilemon.sys
lcmadmon.sys
lcmfile.sys
lcmfilemon.sys
lcmprintmon.sys
ldsecdrv.sys
libwamf.sys
livedrivefilter.sys
llfilter.sys
lmdriver.sys
lnvscenter.sys
locksmith.sys
lragentmf.sys
lrtp.sys
magicbackupmonitor.sys
magicprotect.sys
majoradvapi.sys
marspy.sys
maxcryptmon.sys
maxproc64.sys
maxprotector.sys
mbae64.sys
mbam.sys
mbamchameleon.sys
mbamshuriken.sys
mbamswissarmy.sys
mbamwatchdog.sys
mblmon.sys
mcfilemon32.sys
mcfilemon64.sys
mcstrg.sys
mearwfltdriver.sys
message.sys
mfdriver.sys
mfeaack.sys
mfeaskm.sys
mfeavfk.sys
mfeclnrk.sys
mfeelamk.sys
mfefirek.sys
mfehidk.sys
mfencbdc.sys
mfencfilter.sys
mfencoas.sys
mfencrk.sys
mfeplk.sys
mfewfpk.sys
miniicpt.sys
minispy.sys
minitrc.sys
mlsaff.sys
mmpsy32.sys
mmpsy64.sys
monsterk.sys
mozycorpfilter.sys
mozyenterprisefilter.sys
mozyentfilter.sys
mozyhomefilter.sys
mozynextfilter.sys
mozyoemfilter.sys
mozyprofilter.sys
mpfilter.sys
mpkernel.sys
mpksldrv.sys
mpxmon.sys
mracdrv.sys
mrxgoogle.sys
mscan-rt.sys
msiodrv4.sys
msixpackagingtoolmonitor.sys
msnfsflt.sys
mspy.sys
mssecflt.sys
mtsvcdf.sys
mumdi.sys
mwac.sys
mwatcher.sys
mwfsmfltr.sys
mydlpmf.sys
namechanger.sys
nanoavmf.sys
naswsp.sys
ndgdmk.sys
neokerbyfilter
netaccctrl.sys
netaccctrl64.sys
netguard.sys
netpeeker.sys
ngscan.sys
nlcbhelpi64.sys
nlcbhelpx64.sys
nlcbhelpx86.sys
nlxff.sys
nmlhssrv01.sys
nmpfilter.sys
nntinfo.sys
novashield.sys
nowonmf.sys
npetw.sys
nprosec.sys
npxgd.sys
npxgd64.sys
nravwka.sys
nrcomgrdka.sys
nrcomgrdki.sys
nregsec.sys
nrpmonka.sys
nrpmonki.sys
nsminflt.sys
nsminflt64.sys
ntest.sys
ntfsf.sys
ntguard.sys
ntps_fa.sys
nullfilter.sys
nvcmflt.sys
nvmon.sys
nwedriver.sys
nxfsmon.sys
nxrmflt.sys
oadevice.sys
oavfm.sys
oczminifilter.sys
odfsfilter.sys
odfsfimfilter.sys
odfstokenfilter.sys
offsm.sys
omfltlh.sys
osiris.sys
ospfile_mini.sys
ospmon.sys
parity.sys
passthrough.sys
path8flt.sys
pavdrv.sys
pcpifd.sys
pctcore.sys
pctcore64.sys
pdgenfam.sys
pecfilter.sys
perfectworldanticheatsys.sys
pervac.sys
pfkrnl.sys
pfracdrv.sys
pgpfs.sys
pgpwdefs.sys
phantomd.sys
phdcbtdrv.sys
pkgfilter.sys
pkticpt.sys
plgfltr.sys
plpoffdrv.sys
pointguardvista64f.sys
pointguardvistaf.sys
pointguardvistar32.sys
pointguardvistar64.sys
procmon11.sys
proggerdriver.sys
psacfileaccessfilter.sys
pscff.sys
psgdflt.sys
psgfoctrl.sys
psinfile.sys
psinproc.sys
psisolator.sys
pwipf6.sys
pwprotect.sys
pzdrvxp.sys
qdocumentref.sys
qfapflt.sys
qfilter.sys
qfimdvr.sys
qfmon.sys
qminspec.sys
qmon.sys
qqprotect.sys
qqprotectx64.sys
qqsysmon.sys
qqsysmonx64.sys
qutmdrv.sys
ranpodfs.sys
ransomdefensexxx.sys
ransomdetect.sys
reaqtor.sys
redlight.sys
regguard.sys
reghook.sys
regmonex.sys
repdrv.sys
repmon.sys
revefltmgr.sys
reveprocprotection.sys
revonetdriver.sys
rflog.sys
rgnt.sys
rmdiskmon.sys
rmphvmonitor.sys
rpwatcher.sys
rrmon32.sys
rrmon64.sys
rsfdrv.sys
rsflt.sys
rspcrtw.sys
rsrtw.sys
rswctrl.sys
rswmon.sys
rtologon.sys
rtw.sys
ruaff.sys
rubrikfileaudit.sys
ruidiskfs.sys
ruieye.sys
ruifileaccess.sys
ruimachine.sys
ruiminispy.sys
rvsavd.sys
rvsmon.sys
rw7fsflt.sys
rwchangedrv.sys
ryfilter.sys
ryguard.sys
safe-agent.sys
safsfilter.sys
sagntflt.sys
sahara.sys
sakfile.sys
sakmfile.sys
samflt.sys
samsungrapidfsfltr.sys
sanddriver.sys
santa.sys
sascan.sys
savant.sys
savonaccess.sys
scaegis.sys
scauthfsflt.sys
scauthiodrv.sys
scensemon.sys
scfltr.sys
scifsflt.sys
sciptflt.sys
sconnect.sys
scred.sys
sdactmon.sys
sddrvldr.sys
sdvfilter.sys
se46filter.sys
secdodriver.sys
secone_filemon10.sys
secone_proc10.sys
secone_reg10.sys
secone_usb.sys
secrmm.sys
secufile.sys
secure_os.sys
secure_os_mf.sys
securofsd_x64.sys
sefo.sys
segf.sys
segiraflt.sys
segmd.sys
segmp.sys
sentinelmonitor.sys
serdr.sys
serfs.sys
sfac.sys
sfavflt.sys
sfdfilter.sys
sfpmonitor.sys
sgresflt.sys
shdlpmedia.sys
shdlpsf.sys
sheedantivirusfilterdriver.sys
sheedselfprotection.sys
shldflt.sys
si32_file.sys
si64_file.sys
sieflt.sys
simrep.sys
sisipsfilefilter
sk.sys
skyamdrv.sys
skyrgdrv.sys
skywpdrv.sys
slb_guard.sys
sld.sys
smbresilfilter.sys
smdrvnt.sys
sndacs.sys
snexequota.sys
snilog.sys
snimg.sys
snscore.sys
snsrflt.sys
sodatpfl.sys
softfilterxxx.sys
soidriver.sys
solitkm.sys
sonar.sys
sophosdt2.sys
sophosed.sys
sophosntplwf.sys
sophossupport.sys
spbbcdrv.sys
spellmon.sys
spider3g.sys
spiderg3.sys
spiminifilter.sys
spotlight.sys
sprtdrv.sys
sqlsafefilterdriver.sys
srminifilterdrv.sys
srtsp.sys
srtsp64.sys
srtspit.sys
ssfmonm.sys
ssrfsf.sys
ssvhook.sys
stcvsm.sys
stegoprotect.sys
stest.sys
stflt.sys
stkrnl64.sys
storagedrv.sys
strapvista.sys
strapvista64.sys
svcbt.sys
swcommfltr.sys
swfsfltr.sys
swfsfltrv2.sys
swin.sys
symafr.sys
symefa.sys
symefa64.sys
symefasi.sys
symevent.sys
symevent64x86.sys
symevnt.sys
symevnt32.sys
symhsm.sys
symrg.sys
sysdiag.sys
sysmon.sys
sysmondrv.sys
sysplant.sys
szardrv.sys
szdfmdrv.sys
szdfmdrv_usb.sys
szedrdrv.sys
szpcmdrv.sys
taniumrecorderdrv.sys
taobserveflt.sys
tbfsfilt.sys
tbmninifilter.sys
tbrdrv.sys
tdevflt.sys
tedrdrv.sys
tenrsafe2.sys
tesmon.sys
tesxnginx.sys
tesxporter.sys
tffregnt.sys
tfsflt.sys
tgfsmf.sys
thetta.sys
thfilter.sys
threatstackfim.sys
tkdac2k.sys
tkdacxp.sys
tkdacxp64.sys
tkfsavxp.sys
tkfsavxp64.sys
tkfsft.sys
tkfsft64.sys
tkpcftcb.sys
tkpcftcb64.sys
tkpl2k.sys
tkpl2k64.sys
tksp2k.sys
tkspxp.sys
tkspxp64.sys
tmactmon.sys
tmcomm.sys
tmesflt.sys
tmevtmgr.sys
tmeyes.sys
tmfsdrv2.sys
tmkmsnsr.sys
tmnciesc.sys
tmpreflt.sys
tmumh.sys
tmums.sys
tmusa.sys
tmxpflt.sys
topdogfsfilt.sys
trace.sys
trfsfilter.sys
tritiumfltr.sys
trpmnflt.sys
trufos.sys
trustededgeffd.sys
tsifilemon.sys
tss.sys
tstfilter.sys
tstfsredir.sys
tstregredir.sys
tsyscare.sys
tvdriver.sys
tvfiltr.sys
tvmfltr.sys
tvptfile.sys
tvspfltr.sys
twbdcfilter.sys
txfilefilter.sys
txregmon.sys
uamflt.sys
ucafltdriver.sys
ufdfilter.sys
uncheater.sys
upguardrealtime.sys
usbl_ifsfltr.sys
usbpdh.sys
usbtest.sys
uvmcifsf.sys
uwfreg.sys
uwfs.sys
v3flt2k.sys
v3flu2k.sys
v3ift2k.sys
v3iftmnt.sys
v3mifint.sys
varpffmon.sys
vast.sys
vcdriv.sys
vchle.sys
vcmfilter.sys
vcreg.sys
veeamfct.sys
vfdrv.sys
vfilefilter.sys
vfpd.sys
vfsenc.sys
vhddelta.sys
vhdtrack.sys
vidderfs.sys
vintmfs.sys
virtfile.sys
virtualagent.sys
vk_fsf.sys
vlflt.sys
vmwvvpfsd.sys
vollock.sys
vpdrvnt.sys
vradfil2.sys
vraptdef.sys
vraptflt.sys
vrarnflt.sys
vrbbdflt.sys
vrexpdrv.sys
vrfsftm.sys
vrfsftmx.sys
vrnsfilter.sys
vrsdam.sys
vrsdcore.sys
vrsdetri.sys
vrsdetrix.sys
vrsdfmx.sys
vrvbrfsfilter.sys
vsepflt.sys
vsscanner.sys
vtsysflt.sys
vxfsrep.sys
wats_se.sys
wbfilter.sys
wcsdriver.sys
wdcfilter.sys
wdfilter.sys
wdocsafe.sys
wfp_mrt.sys
wgfile.sys
whiteshield.sys
windbdrv.sys
windd.sys
winfladrv.sys
winflahdrv.sys
winfldrv.sys
winfpdrv.sys
winload.sys
winteonminifilter.sys
wiper.sys
wlminisecmod.sys
wntgpdrv.sys
wraekernel.sys
wrcore.sys
wrcore.x64.sys
wrdwizfileprot.sys
wrdwizregprot.sys
wrdwizscanner.sys
wrdwizsecure64.sys
wrkrn.sys
wrpfv.sys
wsafefilter.sys
wscm.sys
xcpl.sys
xendowflt.sys
xfsgk.sys
xhunter1.sys
xhunter64.sys
xiaobaifs.sys
xiaobaifsr.sys
xkfsfd.sys
xoiv8x64.sys
xomfcbt8x64.sys
yahoostorage.sys
yfsd.sys
yfsd2.sys
yfsdr.sys
yfsrd.sys
zampit_ml.sys
zesfsmf.sys
zqfilter.sys
zsfprt.sys
zwasatom.sys
zwpxesvr.sys
zxfsfilt.sys
zyfm.sys
zzpensys.sys
Microsoft Tech Community – Latest Blogs –Read More
Unable to save Outlook attachment to long path location
Need help, I have logistics and engineering clients that are not able to save attachments from MS Outlook due to long character limit, getting error like ‘File name is not valid’ or ‘You can’t save here’.
All solution I find is for copying files but not for saving attachments using MS outlook.
OS:
Windows 10
Windows 11
Issue replication steps:
I created a shared folder.Added nested sub folders.
Solutions tried but not working:
Restarted the PC.Ran Windows update and Microsoft update.Online repair MS office.Uninstalled and installed MS office.Modified registry and restarted the PC.
I also noticed that if you clicked on the deepest folder (test folder 3), it’s giving a randomized characters shown in below screenshots.
Not accepted Solutions as Apple / Mac users are able to save using MS Outlook:
Shorten/rename folder name and file name.Save in local drive and move to shared folder.
WORKAROUND:
Open the Windows explorer and go to the deepest / long path folder.Back to email and select all attachments.Drag and drop the attachments to the shared folder (deep folder path).
Note: Clients are not satisfied with the workaround as they want to do the normal process.
test folder 2
test folder 3
Need help, I have logistics and engineering clients that are not able to save attachments from MS Outlook due to long character limit, getting error like ‘File name is not valid’ or ‘You can’t save here’.All solution I find is for copying files but not for saving attachments using MS outlook. OS:Windows 10Windows 11 Issue replication steps:I created a shared folder.Added nested sub folders. Solutions tried but not working:Restarted the PC.Ran Windows update and Microsoft update.Online repair MS office.Uninstalled and installed MS office.Modified registry and restarted the PC. I also noticed that if you clicked on the deepest folder (test folder 3), it’s giving a randomized characters shown in below screenshots. Not accepted Solutions as Apple / Mac users are able to save using MS Outlook:Shorten/rename folder name and file name.Save in local drive and move to shared folder. WORKAROUND:Open the Windows explorer and go to the deepest / long path folder.Back to email and select all attachments.Drag and drop the attachments to the shared folder (deep folder path). Note: Clients are not satisfied with the workaround as they want to do the normal process. test folder 2 test folder 3 Read More
Bookings Notification Reminders to Client error
Our Day Before and Hour Before email reminders to the client are being sent 30 minutes after the actual appointment. Has anyone encountered this or have any suggestions? TIA
Our Day Before and Hour Before email reminders to the client are being sent 30 minutes after the actual appointment. Has anyone encountered this or have any suggestions? TIA Read More
Microsoft PowerPoint
Hello,
I am having trouble with the “Record Audio.” feature in PowerPoint. It is recording, but the playback volume is extremely low. I would appreciate any suggestions!
Thank you.
Hello, I am having trouble with the “Record Audio.” feature in PowerPoint. It is recording, but the playback volume is extremely low. I would appreciate any suggestions! Thank you. Read More
subst disks cause stalling for diskpart and diskmgmt.msc
run diskpart.exe
enter “list vol” to check listing time
Import registry file
reboot
run diskpart.exe
enter “list vol” – there is stalling
REGEDIT4
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerDOS Devices]
“Z:”=”\??\C:\Windows”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerFolderDescriptions{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“RelativePath”=”Z:\”
“Category”=dword:00000004
“Name”=”Z_”
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerBitBucketKnownFolder{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“MaxCapacity”=dword:0000c7eb
“NukeOnDelete”=dword:00000000
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerFolderDescriptions{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“RelativePath”=”Z:\”
“Category”=dword:00000004
“Name”=”Z_”
[HKEY_CURRENT_USERSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerBitBucketKnownFolder{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“MaxCapacity”=dword:0000c7eb
“NukeOnDelete”=dword:00000000
This is for subst disks with a working trash bin.
run diskpart.exeenter “list vol” to check listing timeImport registry filerebootrun diskpart.exeenter “list vol” – there is stalling REGEDIT4
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSession ManagerDOS Devices]
“Z:”=”\??\C:\Windows”
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerFolderDescriptions{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“RelativePath”=”Z:\”
“Category”=dword:00000004
“Name”=”Z_”
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionExplorerBitBucketKnownFolder{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“MaxCapacity”=dword:0000c7eb
“NukeOnDelete”=dword:00000000
[HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftWindowsCurrentVersionExplorerFolderDescriptions{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“RelativePath”=”Z:\”
“Category”=dword:00000004
“Name”=”Z_”
[HKEY_CURRENT_USERSoftwareWow6432NodeMicrosoftWindowsCurrentVersionExplorerBitBucketKnownFolder{6603B7A0-ED77-4927-BB71-D25DE52BB9D7}]
“MaxCapacity”=dword:0000c7eb
“NukeOnDelete”=dword:00000000 This is for subst disks with a working trash bin. Read More
Guide: Building a Policy to restrict File sharing on a VPN connection using Purview DLP
Building a Policy to restrict File sharing on a VPN connection using Microsoft Purview DLP
Scenario: The organisation needs to block any files to be copied by the user from their corporate device to a network share if they are connected from their home network via VPN.
Desired outcome: By implementing this DLP policy, any attempt to copy files within the selected file types (or file extension) to the VPN network address (example: 192.168.0.0/16 subnet) will be blocked.
There are 2 key steps that is needed to accomplish this.
Step 1: Creating the DLP policy and Configuring the VPN setting in the DLP Settings
To block file sharing to a specific network subnet (e.g. 192.168.0.0/16) using Microsoft Purview Data Loss Prevention (DLP), you can create a DLP policy with the following configuration:
Configure DLP Policy.Define the sensitive information types or sensitivity labels you want to protect from being shared to the restricted subnet.Under the policy’s Locations, Select Devices (Endpoints).
In the Conditions section, create a blanket detection to include the most common file types by using File type is. Note: You may also add additional file type by adding extra file types by using the option for File extension is
In the Actions section, go to File activities for all apps (please note that you can put in exceptions if needed) and select Copy to a network share > Then edit the Network restriction to select VPN and Select Block
This will block access to file being copied over to the network share that you will put in to Step 2:
Step 2: Updating the VPN settings in the DLP configuration
Add a VPN
Open Microsoft Purview compliance portal > Data loss prevention > Overview > Data loss prevention settings > Endpoint settings > VPN settings.Select Add or edit VPN addresses.Provide either the Server address or Network address (example: 192.168.0.0/16) To get a more accurate reading of the VPN connection. Run Get-VpnConnection on the target device using Powershell to ppull this info.Select Save.Close the item.
Source: https://learn.microsoft.com/en-gb/purview/dlp-configure-endpoint-settings#vpn-settings
Building a Policy to restrict File sharing on a VPN connection using Microsoft Purview DLPScenario: The organisation needs to block any files to be copied by the user from their corporate device to a network share if they are connected from their home network via VPN. Desired outcome: By implementing this DLP policy, any attempt to copy files within the selected file types (or file extension) to the VPN network address (example: 192.168.0.0/16 subnet) will be blocked. There are 2 key steps that is needed to accomplish this.Step 1: Creating the DLP policy and Configuring the VPN setting in the DLP SettingsTo block file sharing to a specific network subnet (e.g. 192.168.0.0/16) using Microsoft Purview Data Loss Prevention (DLP), you can create a DLP policy with the following configuration: Configure DLP Policy.Define the sensitive information types or sensitivity labels you want to protect from being shared to the restricted subnet.Under the policy’s Locations, Select Devices (Endpoints).In the Conditions section, create a blanket detection to include the most common file types by using File type is. Note: You may also add additional file type by adding extra file types by using the option for File extension isIn the Actions section, go to File activities for all apps (please note that you can put in exceptions if needed) and select Copy to a network share > Then edit the Network restriction to select VPN and Select BlockThis will block access to file being copied over to the network share that you will put in to Step 2:Step 2: Updating the VPN settings in the DLP configurationAdd a VPNOpen Microsoft Purview compliance portal > Data loss prevention > Overview > Data loss prevention settings > Endpoint settings > VPN settings.Select Add or edit VPN addresses.Provide either the Server address or Network address (example: 192.168.0.0/16) To get a more accurate reading of the VPN connection. Run Get-VpnConnection on the target device using Powershell to ppull this info.Select Save.Close the item.Source: https://learn.microsoft.com/en-gb/purview/dlp-configure-endpoint-settings#vpn-settings Read More
Azure Windows 2016 server IIS 10 ASP connection to MS Access 2016 w3wp.exe crashes
Summary:
My ASP pages are having w3wp.exe errors when using ADODB.Connection to my MS Access 2016 database. I tried two different approaches and observe different behaviors.
Approach #1 – Use OLEDB connection string
When I use OLEDB connection string (e.g. “Provider=Microsoft.ACE.OLEDB.16.0; Data Source=C:inetpubwwwroot6peasdb6Peas.accdb”), I am able open ADODB.Connection to the database without any error. And I have no problem trying to open ADODB.Recordset with small and simple queries. However, I run into w3wp.exe errors when trying to open ADODB.Recordset of some more complex and larger queries. The w3wp.exe errors will cause the page to crash most of the time and result in a “ERR_CONNECTION_RESET” error.
Approach #2 – Use DSN connection string
When I use DSN connection string (e.g. “DSN=6peas;UID=;PWD=”), I will run into w3wp.exe error every time *BUT* the error will not be severe enough to cause the page to crash. I am only seeing the w3wp.exe error in the Event Viewer. And with the DSN connection string, I am able to open ADODB.Recordset of the same more complex and larger queries without any additional w3wp.exe error.
At this moment, Approach #2 seem to be a better choice as there are no page crashes. However, its drawback is that regards of the size/complexity of the queries, I am getting a w3wp.exe error. And due to the Rapid-Fail Protection setting in IIS Application Pools, the web site application pool will stop if too many w3wp.exe errors occur within the set time period.
So I am hoping to get some help in resolving/stopping the w3wp.exe errors when accessing my MS Access database. Hope some one may have run into similar issues and can provide a solution.
Thank you very much!!
Tech Stack Summary of my web site:
Azure Windows 2016 server
IIS 10.0.14393.0
MS Access 2016
ASP classic
Summary:My ASP pages are having w3wp.exe errors when using ADODB.Connection to my MS Access 2016 database. I tried two different approaches and observe different behaviors. Approach #1 – Use OLEDB connection stringWhen I use OLEDB connection string (e.g. “Provider=Microsoft.ACE.OLEDB.16.0; Data Source=C:inetpubwwwroot6peasdb6Peas.accdb”), I am able open ADODB.Connection to the database without any error. And I have no problem trying to open ADODB.Recordset with small and simple queries. However, I run into w3wp.exe errors when trying to open ADODB.Recordset of some more complex and larger queries. The w3wp.exe errors will cause the page to crash most of the time and result in a “ERR_CONNECTION_RESET” error. Approach #2 – Use DSN connection string When I use DSN connection string (e.g. “DSN=6peas;UID=;PWD=”), I will run into w3wp.exe error every time *BUT* the error will not be severe enough to cause the page to crash. I am only seeing the w3wp.exe error in the Event Viewer. And with the DSN connection string, I am able to open ADODB.Recordset of the same more complex and larger queries without any additional w3wp.exe error. At this moment, Approach #2 seem to be a better choice as there are no page crashes. However, its drawback is that regards of the size/complexity of the queries, I am getting a w3wp.exe error. And due to the Rapid-Fail Protection setting in IIS Application Pools, the web site application pool will stop if too many w3wp.exe errors occur within the set time period. So I am hoping to get some help in resolving/stopping the w3wp.exe errors when accessing my MS Access database. Hope some one may have run into similar issues and can provide a solution. Thank you very much!! Tech Stack Summary of my web site:Azure Windows 2016 serverIIS 10.0.14393.0MS Access 2016ASP classic Read More
Support of excel files in Azure language studio
Hello
Today, May 2024, in Azure language studio, I can do a Q and A based on a text file I upload.
When can I expect excel file support ?
I know I can ask natural language question using M365 copilot but I am trying to use azure resources for this.
Hello Today, May 2024, in Azure language studio, I can do a Q and A based on a text file I upload.When can I expect excel file support ? I know I can ask natural language question using M365 copilot but I am trying to use azure resources for this. Read More
Other things to improve (to add to the survey)
If you open an mmc console, like lusrmgr.msc gpedit.msc gpmc.msc dsa.msc etc, every administrator, since the year 2000, moves the divider between the tree pane and the list pane to the right. If you look at every linkedin video you can find, every administrator does that move. Every time. Between three and six seconds wasted. For the last ~24 years. And the divider is too thin to grab on slow remote sessions, costing more time. Updating that default in mmc.exe, to make the tree pane at least double the width and that divider two pixels bigger, would be great. My suggestion would be 250% the current width.
For Edge on Windows Server, it should skip the enforced “do you want to use your data?” at the start. We administrators log on to many MANY servers, often after weeks or month of not logging on, and about every time that wizard comes up and costs us about 20+ seconds. The default start page should be an empty page for data protection reasons and not Bing, let alone that many servers are not allowed to go on the internet anyway. (The same applies to clients as well, every time wasting time with that Edge questions, and no way around, even if we only log in once and never again for the whole life time of that client).
All cloud features (OneDrive, including the notification to backup to OneDrive, Azure/Entra tool etc) should be not installed, but available as feature/role/capability without needing internet to install those.
If you open an mmc console, like lusrmgr.msc gpedit.msc gpmc.msc dsa.msc etc, every administrator, since the year 2000, moves the divider between the tree pane and the list pane to the right. If you look at every linkedin video you can find, every administrator does that move. Every time. Between three and six seconds wasted. For the last ~24 years. And the divider is too thin to grab on slow remote sessions, costing more time. Updating that default in mmc.exe, to make the tree pane at least double the width and that divider two pixels bigger, would be great. My suggestion would be 250% the current width.For Edge on Windows Server, it should skip the enforced “do you want to use your data?” at the start. We administrators log on to many MANY servers, often after weeks or month of not logging on, and about every time that wizard comes up and costs us about 20+ seconds. The default start page should be an empty page for data protection reasons and not Bing, let alone that many servers are not allowed to go on the internet anyway. (The same applies to clients as well, every time wasting time with that Edge questions, and no way around, even if we only log in once and never again for the whole life time of that client).All cloud features (OneDrive, including the notification to backup to OneDrive, Azure/Entra tool etc) should be not installed, but available as feature/role/capability without needing internet to install those. Read More
Exchange Server, Service Pack and Rollup for current Outlook for MacOS
Having an issue with integration with Apple Mail. It’s almost certainly an Apple issue and we are pursuing a ticket with Apple. The engineers have asked for the Exchange Server, Service Pack and Rollup numbers that apply to the version of Outlook I’m currently using (as part of my 365 account and updated). Help documents don’t provide information how to get this data.
Having an issue with integration with Apple Mail. It’s almost certainly an Apple issue and we are pursuing a ticket with Apple. The engineers have asked for the Exchange Server, Service Pack and Rollup numbers that apply to the version of Outlook I’m currently using (as part of my 365 account and updated). Help documents don’t provide information how to get this data. Read More
Update schedule for Windows’ OpenSSH
Hello everyone!
I was looking at Windows OpenSSH that can be installed in Settings under System -> Optional Features -> OpenSSH.
The version of SSH that is installed by Windows this way is 8.6p1 (which was released just under 3 years ago). The latest OpenSSH for Windows available on the GitHub repository is 9.5p1.
I was wondering what the update schedule is for OpenSSH for Windows via Windows Update. I have the following questions specifically:
On what schedule does Microsoft update this feature? Is it ever updated?Are security fixes released in the past 3 years included in the OpenSSH that is installed by Windows? Based purely on the version numbers described above, it seems like this OpenSSH distribution has not been updated in the past 3 years: from a security perspective, this seems problematic.
I would be grateful for any information you may have!
Thanks!
Hello everyone!I was looking at Windows OpenSSH that can be installed in Settings under System -> Optional Features -> OpenSSH.The version of SSH that is installed by Windows this way is 8.6p1 (which was released just under 3 years ago). The latest OpenSSH for Windows available on the GitHub repository is 9.5p1.I was wondering what the update schedule is for OpenSSH for Windows via Windows Update. I have the following questions specifically:On what schedule does Microsoft update this feature? Is it ever updated?Are security fixes released in the past 3 years included in the OpenSSH that is installed by Windows? Based purely on the version numbers described above, it seems like this OpenSSH distribution has not been updated in the past 3 years: from a security perspective, this seems problematic.I would be grateful for any information you may have!Thanks! Read More
The Art of SQL Server Tuning
Microsoft Tech Community – Latest Blogs –Read More