Summer’s On! Super Sysadmin Linkfest

Little Bro and I just wrapped up some Saturn Ion A/C system repairs in the driveway. Got the chill winds blowing in the cabin again. So with that resolved, time looks available for a summer’s on, super sysadmin linkfest dump to cover all the bases.  (And expect another Shade-tree Saturn Ion Mechanic tip post very soon, too.)

CryptoPrevent (Foolish IT) News

I personally use and recommend the awesome CryptoPrevent Malware Prevention utility from Foolish IT.

It is simple to use, hasn’t caused me any issue with the default security level settings, and gives me the comfort of having an additional layer of protection against ransomware threats. The free version works nicely on our home systems.

If you are using CryptoPrevent, this technical post may be useful: CryptoPrevent, ShadowExplorer, and VSSADMIN - Foolish IT.

Foolish IT has been hard at work on a new version and this post shows some of the new features and GUI - CryptoPrevent v8 Teaser.

Alternative remain thirdtier.net’s Cryptolocker Prevention Kit (updated) over at Spiceworks.

Considering the rash of ransomware infections at work lately, I’m surprised the AD and security team hasn’t gotten together to review the settings in the prevention kit noted above.  Just say’n…

Malwarebytes Tips and Updates

• New Malwarebytes Anti-Exploit Version Is Out! - Malwarebytes Unpacked
• Malwarebytes Anti-Exploit – version 1.07 – Malwarebytes
• History of Product Releases, Updates & Fixes – Malwarebytes
• Malwarebytes Anti-Malware Premium configuration guide - gHacks Tech News

How-To’s

• How To Set Up The Hidden Start Menu in Windows 8.1 - Next of Windows
• How to run command prompt commands from desktop shortcuts in Windows - gHacks Tech News
• Zoom Option in RDP 10 and How To Use It - Next of Windows
• Get MS Word To Remove Formatting When Pasting Text From The Browser – AddictiveTips
• How to set a Network to a "Private Network" in Windows 8.1 - Scott Hanselman

In my GSD post (mostly) Fast burn video file to DVD-playable format I ended up using DVDStyler Portable to burn some miscellaneous video files to a DVD. I really wanted to use DVD Flick (see this interesting comment thread and this one too regarding a portable version) but problems and a limited amount of time to solution the issue prevented a real trial. I had also found this Free Video to DVD Converter at DVDVideoSoft .

So it was with interest I spotted this post that looks like it could do the job as well.

• How to burn mkv video files to DVD - gHacks Tech News

The app mentioned was Freemake Video Converter. It is clearly stated in the post and in the comments that the application comes bundled with OpenCandy that may be tricky to decline installation thereof. A comment in the thread recommended running the installer from the command-line with the “/nocandy” switch. I tried that and it seemed to work. When you download the installer off the product web-site it is just a “stub downloaded” which then fetches and retrieves/installs the “full” package. In my case it was:

C:\Users\<PROFILEID>\Downloads\FreeVideoToDVDConverter.exe /nocandy

A follow-up scan with Malwarebytes Anti-malware come back clean (…well except where it found it embedded in the full app download package placed in the TEMP folder) and it always detects OpenCandy in installer packs (based on my personal experiences).

So here is a fourth option worth considering if you need a free utility to burn various video files into a single DVD compilation.

Passwords

• Google splits Sign-in process into two pages - gHacks Tech News
• Time to replace traditional password managers like KeePass, 1Password, LastPass, et.al.? – TinyApps.org

I’m a hard-core user of the free KeePass Password Safe & MiniKeePass (iOS) utility. That said, I have to confess that it is very challenging keeping the core database synced between mine and Lavie’s various iDevices and laptops. Add to the fact that the master password datebase file is a hot target for hacking with all the keys to the kingdom I’m sincerely open to a new model for complex/random password management. And at work KeePass (and all password managers) are not approved software so I have to do a super-kludgy solution with using a Bitlocker volume file.

Master Password – project page.  Thanks to the TinyApps blogger I’m now very intrigued and will likely be seeing if I can incorporate this into my routine. There is lots of documentation available (both on TinyApps’ post and on the project page) and is is all very human-readable. The desktop version is a Java app so there is that “issue” if you are on Windows and have stripped Java from your system, though I guess you could go with jPortable and the jPortable Launcher from portable apps as a compromise. The developer also has a beta version of a Web app that could work.

Encrypting Windows Hard Drives - Schneier on Security

Network Nuggets

• Message Analyzer 1.3 has Released (Build 7540) – MessageAnalyzer Blog
• Download Microsoft Message Analyzer – Official Microsoft Download Center
• Microsoft Message Analyzer Operating Guide – Microsoft TechNet
• Process Tracking with Message Analyzer – MessageAnalyzer Blog
• Memory Usage with Message Analyzer – MessageAnalyzer Blog
• Nmap 6.49BETA1 released - InfoSec Handlers Diary Blog – Nmap project page/downloads
• Turn Your Raspberry Pi into a Network Monitoring Tool – HolisticInfoSec blog

TraceWrangler – Jasper Bongertz’s awesome tool for sanitizing and anonymizing trace files was updated a while back to beta build 0.4.0 build 616 in x32/x64 flavors. ChangeLog. Sadly, I don’t (yet) do the twitter so there doesn’t seem to be an RSS alternative to watching for update releases without stopping by for a visit from time to time. Update! Jasper Bongertz has kindly now updated the project page to include a RSS feed! Awesome and many thanks! See also these recent posts by Jasper:

• Sanitizing IPv6 addresses – Packet-Foo blog (Jasper Bongertz)
• Port Numbers reused – Packet-Foo blog (Jasper Bongertz)
  
• Fiddler - updated to version 4.5.1.2. - ChangeLog
• A first look at Windows Firewall Notifier 2 - gHacks Tech News
• New speed test at DSLReports – TechBlog -

Link to test –> Speed test – DSLReports

Note to get the application to run successfully in Firefox (running NoScript) I had to temporarily do the following:

Adblock, or NOSCRIPT - is blocking access to remote IPs (not scripts).
Set NOSCRIPT>Options>Advanced>Trusted>Cascade top document.

Once testing was done, I disabled that option setting.

New or Interesting Utilities

• Update: AccessChk v6.0, Autoruns v13.4, Process Monitor v3.2, VMMap v3.2 - Sysinternals Site Discussion blog
• New utility that displays the result of WMI queries in a simple table - SimpleWMIView - NirSoft

SimpleWMIView reminded me a bit of WMI Explorer over at CodePlex. Probably would be complimentary apps.

• New utility that shows all tasks from the Task Scheduler of Windows Vista/7/8/10 – TaskSchedulerView - NirSoft
• Tools to Convert Virtual Machine from VMDK to VHD Format - Next of Windows
• Microsoft to open source its popular Live Writer blogging tool [Update: Maybe] - Ars Technica
• Desktops – Sysinternals – This free portable app allows you to spawn up to four virtual desktop sessions under your Windows account. That’s an old feature for most *Nix users and is getting added into Windows 10. But with this single file you can bring it to your Windows desktop OS right now.

SterJo NetStalker – SterJo Software – This is an interesting app. I particularly like that it comes in a portable version. As noted in the gHacks post, it is very similar to (but with some differences) to Nir Sofer’s CurrPorts utility.

• NetStalker checks and notifies you of Internet connections in real-time - gHacks Tech News

At the church-house we run a program called Shelby Systems. It is a client/server based model and though most all of the systems have the client software on it, only one user in particular is constantly having issues connecting to the server unless we shut-down the (Windows) server’s firewall, allow the client communication to establish, then turn on the firewall again. So it looks like the server firewall has some not-yet-located firewall rule in play not set correctly. I’m hoping that this and/or CurrPorts can help us hone in on the specific issue. If I do solve it, I’ll post a troubleshooting guide.

SterJo Software – Products – SterJo offers a number of freeware utilities that may be of use to some sysadmins.

Troubleshooting Tips from the Pros

• How to use Process Monitor and Process Explorer - Scott Hanselman
• The Mysterious Case of the Rogue Roaming Browser History - Removing OneView Internet Login - Scott Hanselman
• Performance Analysis Tool (PAL) PerfMon Templates Don’t Load in Win10 | chentiangemalc
• Hybrid Analysis: analyze Windows files in a browser sandbox - gHacks Tech News
• Access to Ext 2/3/4, HFS and ReiserFS from Windows – DiskInternals freeware product
• Troubleshooting Is A Lost Art (By Casey Mullis) – LoveMyTool blog. Interesting timing as I had only just before found the DiskInternals tool mentioned prior.
• Windows 10 Build Upgrades Break VMWare Workstation Network - chentiangemalc

Windows SysAdmin Tips and Techniques

• Local Administrator Password Solution, at Ignite - Aaron Margosis' Non-Admin, App-Compat and Sysinternals WebLog
• Introduction to Microsoft LAPS (Local Administrator Password Solution) - 4sysops
• Set up Microsoft LAPS (Local Administrator Password Solution) in Active Directory - 4sysops
• Set up clients for Microsoft LAPS (Local Administrator Password Solution) - 4sysops
• How to install the GUI on Windows Server 2016 - 4sysops
• What’s new in Windows Server 2016 Technical Preview 2 - Windows Server Blog
• Microsoft Deployment Toolkit: Automate MDT image capture - 4sysops

Microsoft Trainings and Infographics

• TRAINING: Microsoft Ignite 2015 – On-demand presentations available now! - Kurt Shintaku's Blog
• TRAINING: Microsoft BUILD 2015 – On-demand presentations available now! - Kurt Shintaku's Blog
• DOWNLOAD: Infographic/chart comparing Outlook vs Gmail - Kurt Shintaku's Blog

Kali & Docker

• Kali Linux 2.0 Release Day Scheduled - Kali Linux
• Official Kali Linux Docker Images - Kali Linux
• Publishing an ASP.NET 5 app to Docker on Linux with Visual Studio - Scott Hanselman

McAfee & The Great Stinger “feature update” Debacle

So McAfee’s standalone Stinger AV tool is/has-been/was a great tool to run in an attempt to scan a system for specific threats and attempt to neutralize/remove them.  It is updated often with new definition patterns and has been a long-time tool in the GSD infection response toolkit.

However a while back an uproar occurred when it was found a new version upgrade with enhanced features left a running/persistent McAfee service (the 'McAfee Validation Trust Protection Service' mfevtps.exe) on your system afterward; even when the binary was removed, and with no clear way to remove it.

• McAfee Stinger Removed From App Directory Due to Malware-Like Behavior - PortableApps.com
• McAfee Stinger installs McAfee Validation Trust Protection Service - gHacks Tech News
• Warning the McAfee Stinger (bloatware on board) -  Borns IT and Windows Blog (G-Translated from German)

It seemed that the only way to really “clean” your system from McAfee after you tried to clean your system with McAfee’s Stinger was to follow these steps: How to uninstall or re-install supported McAfee products using the Consumer Products Removal tool

Only what I didn’t see in the aftermath were any notices that McAfee reported the persistent service module everyone was hollering about was due to a bug in the application. It was quickly fixed and now Stinger behaves the way it used to, fully cleaning itself up after run.

PortableApps McAfee Stinger news Comment thread post. From that comment..

John - thanks for reporting this issue.

The McAfee Validation Trust Protection Service is needed for Stinger to perform rootkit scanning of a system. This service is temporarily installed during a Stinger scan and is removed once the rootkit scanning portion is completed.

In a recent update to the Stinger's rootkit scanning engine, an issue was found where it wasn't getting uninstalled in certain conditions. We've fixed that in last week's release. The latest Stinger available for download should not leave behind any components post a scan.

Please let me know if you require any other clarification.

Best,
Vinoo Thomas
Product Manager, McAfee Labs

Possibly interesting (or conversational) but not related to McAfee Stinger debacle - Beware: Free Antivirus Isn’t Really Free Anymore – How-To Geek blog. I may come back to this post in more detail at a future time…

Microsoft Surface / Surface Pro News & Tips

• Setting Up Microsoft Surface Pro with Dual Monitors - Next of Windows
• Running your own app at the click of the Surface Pen button – Rafael Rivera’s blog
• Microsoft releases May 2015 firmware upgrades for Surface Pro 3, Pro 2 – BetaNews
• Microsoft releases June 2015 firmware updates for Surface Pro 3, Surface 3 – BetaNews
• Download Surface software, firmware, and drivers - Official Microsoft Download Center

iOS 9 Peeks & Misc Apple News

I’m really excited to see some dual-tasking coming to the iPad device in iOS 9!

• Apple releases the first iOS 9 public beta - Ars Technica
• First look: iOS 9 public beta is the update the iPad deserves - Ars Technica
• Video: iOS 9 multitasking on the iPad Air 2 - Ars Technica
• Apple Saves Publishing... For Itself - Co.Design

Whew!

--Claus V.