News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • MS-DEFCON 2: Get ready for battle stations

    Home » Forums » AskWoody blog » MS-DEFCON 2: Get ready for battle stations

    Author
    Topic
    #2382160

    ISSUE 18.29.1 • 2021-08-06 By Susan Bradley The annual security conference known as Black Hat is in the bag, and we are (well, I am) anxiously awaitin
    [See the full post at: MS-DEFCON 2: Get ready for battle stations]

    Susan Bradley Patch Lady

    4 users thanked author for this post.
    Viewing 6 reply threads
    Author
    Replies
    • #2382221

      I wonder why I have not seen mention of PC-Matic Super Shield, in relation to stopping attacks on your computer. I have used it now for a few years, and have not had a problem since I installed it on my computers. Desktop, laptop and even my phone. I have found it to be very easy to use and it works much better than the McAfee and others that come bundled on our computers these days.

      • #2382228

        I have some ideas as to why PC-Matic Super Shield is not discussed here more frequently. Whitelist-type programs inevitably block legitimate programs and scripts as well as missing detections and allowing harmful processes to run. PC-Matic Super Shield also received low protection scores from the AV-Test people. PC-Matic generates many false positives and is not that easy to configure and use for most people. The free version also doesn’t include the Super Shield function.

        As always, your mileage may vary. My company uses Webroot for our customers, and that product catches a lot of bad stuff, if not everything. I run no AV programs resident on my many home devices other than Windows Defender. Thanks for the suggestion though, as one size of AV never fits all.

      • #2382251

        Generally speaking whitelisting programs are not for the faint hearted.  Because the home/consumer folks are subject to the slings and arrows of feature releases I personally recommend sticking with Defender.  I’ve personally tracked too many times Service packs (Win7 sp1, Win 8.1 sp1) and Feature releases (Windows 10 especially in the early years) did not react well to third party antivirus and thus think it’s safer to stay with the code from Microsoft under the assumption that (hopefully) they talk to their own teams better than they do outside vendors.

        Susan Bradley Patch Lady

        1 user thanked author for this post.
    • #2382337

      What concerns me most is the “Microsoft Won’t-Fix-List (July 2021 Edition)” that a security researcher started in July of 2021 to document all the items that Microsoft hadn’t fixed by the end of July.

      “A list of vulnerabilities or design flaws Microsoft does not intend to fix.”

      Yet 33% of listed items say “will fix”, not “won’t fix”.

      Windows 10 Pro version 21H2 build 19044.1319 + Microsoft 365 (group ASAP)

    • #2382446

      Question:

      I have TRV set for 20H2. There WILL be a new cumulative coming this week. Let’s assume for the moment that is all there is for this month’s updates.

      I will NOT use wushowhide for that update. I HAVE been just ignoring the nags for updates waiting until end of month when blessed by Susan.

      MUST be a better way, no? How should I postpone installing that cumulative the BEST way while waiting those 2 or 3 weeks?

      • #2382478

        Per Susan in her initial post on the main page which started this thread,

        Remember, there are several ways to defer updates. The easiest way, in my opinion, is to click on Settings, Windows Update, Advanced Options, and then choose August 24 in the “Pause updates” section. When that clock runs out, updates will install automatically.

        For those with Windows 10 Pro, GPEdit can also be used. Simply go to Computer Configuration>Windows Components>Windows Update>Windows Update for Business and select the setting labeled “Select when Quality Updates are received”. In that setting, enable it and set the number in the first box that shows in the bottom panel to a number of 14 or higher. That will make any update that’s deemed a Quality Update by Microsoft not appear in Windows Update for a minimum of that many days after the update is released. If using this part of the policy setting, leave the box labeled “Pause Quality Updates starting” blank. Now click OK, and you’re done!

    • #2382480

      Thanks Bob, but checking because @PKCano said explicitly NOT to do this if using TRV in another thread of mine. I see no reason not to, but rather than create a new issue want to be very sure.

       

      • #2382484

        The paragraph about using GPEdit was aimed at others reading this thread who have Windows 10 Pro and don’t mind using settings within GPEdit to control their machines to an extent.

        As far as your own situation goes, I do recall a few lengthy exchanges between you and PK getting an outdated installation of 1909 updated to the then-current monthly release and then subsequently successfully getting it upgraded to 2004 or 20H2, so I don’t blame you a bit for posting a question about the update coming down the pipe on Tuesday! The update on Tuesday isn’t designed to move anyone from one version to another (i.e. from 20H2 to 21H1) but to simply add security patches and other fixes to the version of Windows 10 that one is currently on.

        Besides the method suggested by Susan in her initial post, there are other ways to keep the availability of the monthly updates from being shown in Windows Update until you’re ready to install them (or until we get the go-ahead from Susan), but I will leave that to a discussion between you and PK, since PK really has given you so much great help already.  🙂

         

        • This reply was modified 2 months, 2 weeks ago by Bob99.
      • #2382491

        You can use both group policy to push off updates as well as the trv registry key.

        Susan Bradley Patch Lady

    • #2382485

      Fully undwrstand Bob. Not at all the question, though your thoughfulness and replies appreciated.

       

      I just want to know if I can do ANYTHING to ignore the Monthly Cumulative other than ignore it until blessed since PK said NOT to use the Pause Updates feature at all. I **think** he thinks that after the pause expires the update is automatically installed like it or not. I do not believe that to be true. And the other bit of data is I am set on TRV as 20H2.

      So being proactive to decide is Pause Updates IS recommended or continue to ignore which irks me a bit.

      • #2382487

        I was editing my reply while you were typing yours. Please reread my reply. I think it’s more in keeping with your original question.  🙂

        My apologies as well.  🙂

    • #2382490

      Ahhh, thanks.

      So, two thoughts: Susan also seems to believe that when Pause Updates expires it will install automatically. I recall I did not find that the case.

      However, if GPEdit pauses without nags and DOES NOT install automatically when the 14 days expires, that should be my go to.

      Cleaner than seeing the nags every day.

      • #2382492

        It won’t do it immediately but will shortly after the date passes.

        Susan Bradley Patch Lady

      • #2382493

        GPEdit can indeed help avoid the nags, but it requires changing a setting or two and then changing the setting or two back when you’re ready to receive updates. Again, I will defer to PK for advising you on just what you should do with which setting within GPEdit.

        Since you’ve gotten so much good help from PK, PK’s the person who’s probably best suited to help you configure your machine to avoid the monthly nags from Windows Update.  🙂

        • #2382496

          GPEdit can indeed help avoid the nags, but it requires changing a setting or two and then changing the setting or two back when you’re ready to receive updates.

          The advantage of the one setting you provided earlier in this thread is that you never have to change it.

          Windows 10 Pro version 21H2 build 19044.1319 + Microsoft 365 (group ASAP)

          • #2382516

            Quite true. Setting a time of 14-30 days gives one time to see if an update is problematic and, if it is, to use their utility of choice to hide it until Microsoft fixes it!

    • #2382539

      For those with Windows 10 Pro, GPEdit can also be used. Simply go to Computer Configuration>Windows Components>Windows Update>Windows Update for Business and select the setting labeled “Select when Quality Updates are received”. In that setting, enable it and set the number in the first box that shows in the bottom panel to a number of 14 or higher.

      Pro users don’t need any of these settings. The only setting needed is ‘notify..= 2’.
      Users get the list of updates and can decide what and when to download and install using WUmgr…

    Viewing 6 reply threads
    Reply To: MS-DEFCON 2: Get ready for battle stations

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.