windows 10 spring update

[WhiskeyRiver 1]

9 minutes ago, WhiskeyRiver said:

I was just playing with that new group policy. Enabling Computer Configuration -> Administrative Templates -> System -> Credentials Delegation allows you to select migitgated, vulnerable or just disable the policy. This is a RDP session to a server that allows the user to look up all property records at every county court house in Oklahoma. I think I'm going to call them and see what they say because manipulating the three options doesn't help.

Problem was on the server end. They had to change their group policy to force updated clients. They're running Win2008 R2 if that helps anyone.

[WhiskeyRiver 1]

BAM! Caught one in the wild. Exact scenario we've been talking about. All three updates. Producing the Virus Scanner Initialization Failed message right now. Loading the NET developer tools on it so I'll have a memory dump later today.

[Daedalus 16]

1 hour ago, WhiskeyRiver said:

BAM! Caught one in the wild. 

Gotta Catch 'Em All 

[WhiskeyRiver 1]

Good Gawd. I can't get a memory dump from this computer by remote. The computer is so slow... And I'm trying to do it by remote.  It's in too trafficy an area and someone keeps coming by, trying to use it and resetting it. Apparently the dump is taking hours.  I can't induce a crash dump because I'm not there. Frustrating.

 

[Marcos 5,074]

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

[WhiskeyRiver 1]

8 minutes ago, Marcos said:

We've already got enough memory dumps so no further dumps are needed. As a workaround, you can try disabling Protected service in the HIPS setup and rebooting the machine. The only 100% solution known to date is upgrading Windows 10 RS4 x86 to x64 version.

Okie-Doke. Glad you have what you need. 

I'm looking at a shelf with 10 Dell i560 desktops, all dual core Intels, all with 4Gb RAM, all were running 32-bit Windows, all of which got retired by either v1709 or now v1803 for various reasons, starting with the Scepter and Meltdown patches. It's a damn shame. All were replaced with new machines, I7 processors and 16GB RAM running 64-Bit Windows. Somebody's making good money from these Microsoft errors.  I'm not a conspiracy nut but in this case...

Oh, one of my other groups are reporting that 64-Bit Windows machines with AVG and Avast updating to v1803 are blue-screening on the reboot.

These are trying times.

[WhiskeyRiver 1]

That last one... Avast breaks the rollback too apparently. Re-Install is the only answer for them.

[itman 1,659]

1 hour ago, Marcos said:

As a workaround, you can try disabling Protected service in the HIPS setup

I am still "mulling" over this one. Does this just disable PPL protection of ekrn.exe and/or additional Eset self-protection mechanisms?

Also, I assume Eset is still using is elam driver to load ekrn.exe early in the boot process?

[WhiskeyRiver 1]

1 minute ago, itman said:

I am still "mulling" over this one. Does this just disable PPL protection of ekrn.exe and/or additional Eset self-protection mechanisms?

Also, I assume Eset is still using is elam driver to load ekrn.exe early in the boot process?

Doesn't work for all of them. The one I was trying to dump the memory on had the protective service disabled.

[itman 1,659]

Here's some details on the Avast fiasco: https://news.softpedia.com/news/avast-antivirus-blamed-for-breaking-down-windows-10-april-2018-update-521227.shtml

This did "get me thinking." Has anyone tried rolling back to ver. 1709; I assume that is only possible if you took an image backup of it prior to upgrading to ver 1803?

Next, Uninstall NOD32.

Then, perform the ver. 1803 upgrade.

Finally, reinstall NOD32.

Wonder if this would stop the X(86) issues? We need to find someone who installed NOD32 for the first time on ver. 1803 x(86).

Edited May 22, 2018 by itman

[WhiskeyRiver 1]

I did that already. All three of the laptops I reference early in this thread were brand new hard drives with v1803 installed from scratch. As soon you install Nod32 and reboot the antivirus starts failing.

That Avast problem... It even breaks restore points so you're caught in a loop if you try to go back. I always straighten existing machines out... Clean them up... Make sure there's no viruses or rootkits... Clear all restore points and make a new one... Then do the upgrade.  I haven't had that particular problem where I couldn't return. But I only use eset products and malwarebytes so I'm atypical.

Edited May 22, 2018 by WhiskeyRiver

[itman 1,659]

I just found this "tidbit" in regards to the next Win 10 release:

Quote

Windows 10 Insider Preview Build 17672

Release date: May 16, 2018

This build has only very minor changes and fixes. In it, the Windows Security Center (WSC) service now requires that third-party antivirus programs run as protected processes, or else they won’t show up in the Windows Security interface, and Windows Defender Antivirus will run side by side with them. You can, however, disable the behavior by creating the following registry key and rebooting:

HKLM\SOFTWARE\Microsoft\Security Center\Feature DisableAvCheck (DWORD) = 1

Note that the key won’t work when the next version of Windows 10 is closer to being released.

https://www.computerworld.com/article/3118132/microsoft-windows/windows-10-redstone-a-guide-to-the-builds.html

Edited May 22, 2018 by itman

[WhiskeyRiver 1]

2 minutes ago, itman said:

I just found this "tidbit" in regards to the next Win 10 release:

https://www.computerworld.com/article/3118132/microsoft-windows/windows-10-redstone-a-guide-to-the-builds.html

I will apply it and report back.

[WhiskeyRiver 1]

17 hours ago, itman said:

I just found this "tidbit" in regards to the next Win 10 release:

https://www.computerworld.com/article/3118132/microsoft-windows/windows-10-redstone-a-guide-to-the-builds.html

If it does anything besides pitch an annoying security center box in R4 i can't confirm it. I still had to disable security center or it can be clicked right back on. I had to:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService - set start to 4

and

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run - delete the string value labeled SecurityHealth

So far I haven't tinkered this particular machine too much. The famous antivirus initialization error was evident when I found it this morning. I didn't know I had this many 32-bit installs still out there.

[itman 1,659]

13 minutes ago, WhiskeyRiver said:

If it does anything besides pitch an annoying security center box in R4 i can't confirm it.

Did you check via Process Explorer, etc. if WD engine was running; i.e. C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe?

Edited May 23, 2018 by itman

[WhiskeyRiver 1]

Not running. That part worked. I guess. WD is generally not running when the Nod32 errors occur. Hadn't thought about that before.

 

Edited May 23, 2018 by WhiskeyRiver

[WhiskeyRiver 1]

Well... Not surprising now that I think about it. On most of these machines I've already tinkered with them ahead of time. I know I'm going to install Nod32 so I zing in a few registry changes:

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection]
"DisableRealtimeMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Windows Defender Exploit Guard\Network Protection]
"EnableNetworkProtection"=-

I'm still working on my first cup of coffee. Surely the cobwebs will vacate shortly. In the meantime I'm distracted by the little guy in my head asking stupid questions like "is Batman a transvestite?"

 

[itman 1,659]

@WhiskeyRiver, FYI

Microsoft Releases KB4100403 to Fix Windows 10 Intel & Toshiba SSD Issues

Quote

Earlier today, Microsoft released cumulative update KB4100403 that fixes several bugs, including the issues some users reported with Intel and Toshiba solid-state drives (SSDs).

Users reported these issues after updating to the latest version of Windows 10, the April 2018 Update —also known as version 1803.

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4100403-to-fix-windows-10-intel-and-toshiba-ssd-issues/

Edited May 24, 2018 by itman

[WhiskeyRiver 1]

17 hours ago, itman said:

@WhiskeyRiver, FYI

Microsoft Releases KB4100403 to Fix Windows 10 Intel & Toshiba SSD Issues

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-kb4100403-to-fix-windows-10-intel-and-toshiba-ssd-issues/

Nobody's happier to see it than me. Well, maybe my neighbor who manages an IS department that has a couple of dozen Surface Pros deployed. I wonder if they've slipstreamed the fixes into their downloadable ISO?

[itman 1,659]

32 minutes ago, WhiskeyRiver said:

I wonder if they've slipstreamed the fixes into their downloadable ISO?

You can download it from the Win Update Catalog web site and roll it out to clients that way.

Appears Avast has fixed their issues in regards to ver. 1803: https://www.ghacks.net/2018/05/25/avast-update-fixes-windows-10-version-1803-upgrade-issue/

[WhiskeyRiver 1]

1 hour ago, itman said:

You can download it from the Win Update Catalog web site and roll it out to clients that way.

Appears Avast has fixed their issues in regards to ver. 1803: https://www.ghacks.net/2018/05/25/avast-update-fixes-windows-10-version-1803-upgrade-issue/

Haven't had a chance to look. Busy day. If the SSD fixes aren't slipstreamed then I still can't deploy a new installation using an Intel drive. I will check to see what they've got up. Thanks.