Unable to encrypt mbam client
Hi, I am getting prompt mbam popup but unable to encrypt the windows10 enterprise system Build 2004.
Strange Winlogon Behavior
I'm having a strange issue where within the span of one minute everything decides to logoff. The general order goes like this each time: Font Driver Host\UMFD-* logs off SYSTEM logs on Windows Manager …
Windows Fails to Boot With Signed WDAC Policy
I am deploying a signed WDAC policy to a Dell Latitude 7200 running Windows Enterprise (20H2 at the time this question was written) which includes TPM 2.0 with Secure Boot. The policy is being added to the target system using the Application Control CSP.…
Hacker with Microsoft email address??
I am attempting to communicate with Microsoft support regarding an email proposing blackmail due to hacked material which would embarrass the victim. The email address is hacker@microsoft-security.com This looks like it comes from Microsoft to me.…
Can't decrypt file even though I have the certificate imported
Hi, so I've just reinstalled my windows 10 due to slow performance and I have encrypted files in my external drive with the certificate as well. Thing is, I have imported the certificate successfully. Yet, I still can't decrypt my files. I have tried…
Bitlocker locked the drive itself with no protectors
I was using windows 10, I got a virus notification then suddenly my system crashed and I was not able to use it again because it was stuck in the auto repair loop. I had a bootable windows 10 pen drive which I used to format and reinstall windows 10 in…
Chained MSI installation fails in Device Guard Enforced mode
I have a installer (msi), where App2 installer is embedded in App1 installer - Chained installer. In a regular windows 10 machine, when i install App1, both App1 and App2 get installed in their respective installation path. Now, in Device Guard…
Is Enter-PSSession secure when using domain administrator account?
Sometimes I need to open a remote power shell session on workstations for administration. It is convenient for me to do this on a domain controller under a domain administrator account. To do this, I run the command: "Enter-PSSession -ComputerName…
Unable to list Security Groups Access Denied
Hi Some user accounts and test accounts come back with Access Denied when trying to get a list of the User Security Groups: i.e. Gpresult /r in command prompt and whoami /groups both give an Access Denied in the Security Groups section How can I…
MS Defender Logging and Reporting
I'm in search of a tool that can manage MS Defender on Clients and Servers. I have not found one yet My current RMM (Solarwinds) can only check if the AV Signatures are up to date, but not if something was found on a client nor what action was taken. …
Attack Simulation Training
Hi, I am trying to create a simulation in attack simulation training, but I can't see Launch simulation on the Simulation tab. I am added to the Attack Simulator Admin group. Let me know what needs to be done.
if ent CA renew with new key, does client can chain up previous issued cert with new ent CA cert?
I checked that saying existing cert will has no impact until its expire, but I need more information about the details, and I wish to know the mechanism, does client can chain up previous issued cert with new ent CA cert? if chain by AKID to…
[Feedback] WDAC XML Policy Rule ID Format
Hi all, I couldn't find an article online that matched what I am talking about, so I thought I'd write this here. Just wanted to provide my feedback on my experience, when writing a WDAC XML Policy by hand, and the Rule ID format. Windows 10 20H2 x64 -…
Password complexity setting for AD domain with Windows 10 workstations
I am trying to setup the Windows 10 password policy for our office workstation. Seems like there is a 'Password must meet complexity requirements' option in the policy setting, which require any 3 combination out of 5 criteria. But I cannot set custom…
Device Guard status of "audit mode" is shown incorrectly in System Information
Hi, i have enabled Device Guard in Audit mode by following the blog https://learn.microsoft.com/en-us/archive/blogs/ukplatforms/getting-started-with-windows-10-device-guard-part-1-of-2 Even though Device Guard is enabled in Audit mode, the SYstem…
My hard disk has been locked by bit locker automatically.
I brought a new laptop by replacing my older laptop, I removed my old laptops hard disk and replaced with my new laptop. now on my computer the local disk are locked with bit locker and when i going to open that lock it ask for recovery key. i dont have…
Windows 10 is not relaying remote TFTP server packets to the VM.
Hello Everyone, I have a Virtual Machine (an Ubuntu Server) that is running as a VM on VMware Workstation Pro 16 on my Windows 10 laptop. I am trying to use the VM's TFTP client to transfer a file from another computer connected to the same LAN as my…
Windows defender for Endpoint on VDI SENSE service breaking VDI's from displaying engine status
We're running a non-persistent VDI pool with FileShares as the definition update source. This has been working fine until we began onboarding/offboarding VM's into security centre. Initially, I configured the image to run the onboarding script for…
Remove spesific Applocker rule by name with powershell
Hello, I trying to remove Default Applocker rules from Local with powershell. When support teams create a Applocker rule on lacal they select yes for adding Default Rules. Is there anyway to delete this policy rules with powershell? I only want to…
shares reporting tool
Does any one know of a free reporting tool with a user interface that can be run remotely against a server and produce the share and directory permissions, as the old legacy MBSA tool used to do, e.g. Most free security permissions reporting…