Sunday, July 12, 2015

Summer’s On! Super Sysadmin Linkfest

Little Bro and I just wrapped up some Saturn Ion A/C system repairs in the driveway. Got the chill winds blowing in the cabin again. So with that resolved, time looks available for a summer’s on, super sysadmin linkfest dump to cover all the bases.  (And expect another Shade-tree Saturn Ion Mechanic tip post very soon, too.)

CryptoPrevent (Foolish IT) News

I personally use and recommend the awesome CryptoPrevent Malware Prevention utility from Foolish IT.

It is simple to use, hasn’t caused me any issue with the default security level settings, and gives me the comfort of having an additional layer of protection against ransomware threats. The free version works nicely on our home systems.

If you are using CryptoPrevent, this technical post may be useful: CryptoPrevent, ShadowExplorer, and VSSADMIN - Foolish IT.

Foolish IT has been hard at work on a new version and this post shows some of the new features and GUI - CryptoPrevent v8 Teaser.

Alternative remain thirdtier.net’s Cryptolocker Prevention Kit (updated) over at Spiceworks.

Considering the rash of ransomware infections at work lately, I’m surprised the AD and security team hasn’t gotten together to review the settings in the prevention kit noted above.  Just say’n…

Malwarebytes Tips and Updates

How-To’s

In my GSD post (mostly) Fast burn video file to DVD-playable format I ended up using DVDStyler Portable to burn some miscellaneous video files to a DVD. I really wanted to use DVD Flick (see this interesting comment thread and this one too regarding a portable version) but problems and a limited amount of time to solution the issue prevented a real trial. I had also found this Free Video to DVD Converter at DVDVideoSoft .

So it was with interest I spotted this post that looks like it could do the job as well.

The app mentioned was Freemake Video Converter. It is clearly stated in the post and in the comments that the application comes bundled with OpenCandy that may be tricky to decline installation thereof. A comment in the thread recommended running the installer from the command-line with the “/nocandy” switch. I tried that and it seemed to work. When you download the installer off the product web-site it is just a “stub downloaded” which then fetches and retrieves/installs the “full” package. In my case it was:

C:\Users\<PROFILEID>\Downloads\FreeVideoToDVDConverter.exe /nocandy

A follow-up scan with Malwarebytes Anti-malware come back clean (…well except where it found it embedded in the full app download package placed in the TEMP folder) and it always detects OpenCandy in installer packs (based on my personal experiences).

So here is a fourth option worth considering if you need a free utility to burn various video files into a single DVD compilation.

Passwords

I’m a hard-core user of the free KeePass Password Safe & MiniKeePass (iOS) utility. That said, I have to confess that it is very challenging keeping the core database synced between mine and Lavie’s various iDevices and laptops. Add to the fact that the master password datebase file is a hot target for hacking with all the keys to the kingdom I’m sincerely open to a new model for complex/random password management. And at work KeePass (and all password managers) are not approved software so I have to do a super-kludgy solution with using a Bitlocker volume file.

Master Password – project page.  Thanks to the TinyApps blogger I’m now very intrigued and will likely be seeing if I can incorporate this into my routine. There is lots of documentation available (both on TinyApps’ post and on the project page) and is is all very human-readable. The desktop version is a Java app so there is that “issue” if you are on Windows and have stripped Java from your system, though I guess you could go with jPortable and the jPortable Launcher from portable apps as a compromise. The developer also has a beta version of a Web app that could work.

Encrypting Windows Hard Drives - Schneier on Security

Network Nuggets

TraceWrangler – Jasper Bongertz’s awesome tool for sanitizing and anonymizing trace files was updated a while back to beta build 0.4.0 build 616 in x32/x64 flavors. ChangeLog. Sadly, I don’t (yet) do the twitter so there doesn’t seem to be an RSS alternative to watching for update releases without stopping by for a visit from time to time. Update! Jasper Bongertz has kindly now updated the project page to include a RSS feed! Awesome and many thanks! See also these recent posts by Jasper:

Link to test –> Speed test – DSLReports

Note to get the application to run successfully in Firefox (running NoScript) I had to temporarily do the following:

Adblock, or NOSCRIPT - is blocking access to remote IPs (not scripts).
Set NOSCRIPT>Options>Advanced>Trusted>Cascade top document.

Once testing was done, I disabled that option setting.

New or Interesting Utilities

SimpleWMIView reminded me a bit of WMI Explorer over at CodePlex. Probably would be complimentary apps.

SterJo NetStalker – SterJo Software – This is an interesting app. I particularly like that it comes in a portable version. As noted in the gHacks post, it is very similar to (but with some differences) to Nir Sofer’s CurrPorts utility.

At the church-house we run a program called Shelby Systems. It is a client/server based model and though most all of the systems have the client software on it, only one user in particular is constantly having issues connecting to the server unless we shut-down the (Windows) server’s firewall, allow the client communication to establish, then turn on the firewall again. So it looks like the server firewall has some not-yet-located firewall rule in play not set correctly. I’m hoping that this and/or CurrPorts can help us hone in on the specific issue. If I do solve it, I’ll post a troubleshooting guide.

SterJo Software – Products – SterJo offers a number of freeware utilities that may be of use to some sysadmins.

Troubleshooting Tips from the Pros

Windows SysAdmin Tips and Techniques

Microsoft Trainings and Infographics

Kali & Docker

McAfee & The Great Stinger “feature update” Debacle

So McAfee’s standalone Stinger AV tool is/has-been/was a great tool to run in an attempt to scan a system for specific threats and attempt to neutralize/remove them.  It is updated often with new definition patterns and has been a long-time tool in the GSD infection response toolkit.

However a while back an uproar occurred when it was found a new version upgrade with enhanced features left a running/persistent McAfee service (the 'McAfee Validation Trust Protection Service' mfevtps.exe) on your system afterward; even when the binary was removed, and with no clear way to remove it.

It seemed that the only way to really “clean” your system from McAfee after you tried to clean your system with McAfee’s Stinger was to follow these steps: How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool

Only what I didn’t see in the aftermath were any notices that McAfee reported the persistent service module everyone was hollering about was due to a bug in the application. It was quickly fixed and now Stinger behaves the way it used to, fully cleaning itself up after run.

PortableApps McAfee Stinger news Comment thread post. From that comment..

John - thanks for reporting this issue.

The McAfee Validation Trust Protection Service is needed for Stinger to perform rootkit scanning of a system. This service is temporarily installed during a Stinger scan and is removed once the rootkit scanning portion is completed.

In a recent update to the Stinger's rootkit scanning engine, an issue was found where it wasn't getting uninstalled in certain conditions. We've fixed that in last week's release. The latest Stinger available for download should not leave behind any components post a scan.

Please let me know if you require any other clarification.

Best,
Vinoo Thomas
Product Manager, McAfee Labs

Possibly interesting (or conversational) but not related to McAfee Stinger debacle - Beware: Free Antivirus Isn’t Really Free Anymore – How-To Geek blog. I may come back to this post in more detail at a future time…

Microsoft Surface / Surface Pro News & Tips

iOS 9 Peeks & Misc Apple News

I’m really excited to see some dual-tasking coming to the iPad device in iOS 9!

Whew!

--Claus V.

2 comments:

Jasper Bongertz said...

Hi Claus!

thanks for your praise of TraceWrangler!

I added an RSS feed here: https://www.tracewrangler.com/feed.xml

Thanks for the suggestion, I hope it helps!

Cheers,
Jasper

Claus said...

@ Jasper - Awesome! I've updated the post (and my RSS feed machines) to take in the goodness!

This will be a great help.

Thank you very much for the kindness.

Cheers.

--Claus V.