News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Speccy

    Forum Replies Created

    Viewing 15 posts - 1 through 15 (of 64 total)
    • Author
      Posts
    • in reply to: Privacy warning – O&O FileDirect #2297493
      Speccy
      AskWoody Lounger

      You’re welcome. 🙂

      TeamViewer’s File Transfer works well and is perfectly fine (encrypted, peer-to-peer secure communication) as long as you have a stable UDP connection to support transfer speeds of up to 200 MBps. Otherwise, it will fallback to TCP and can only reach 120 Kb/s (on slow network connections even SFTP might be considered a better alternative).

      I must say I haven’t used Send Anywhere thoroughly (only once, briefly) but it sure looked interesting and worth mentioning here as an alternative to try: if you do, please report back and let us know how that went. For the sake of transparency (in case anyone has a problem with that) it might be worth mentioning it comes from a South Korean start-up based in Seoul:

      https://send-anywhere.com/about

      in reply to: Privacy warning – O&O FileDirect #2297255
      Speccy
      AskWoody Lounger

      Interesting tool (and the concept loosely “right”) but for now it seems a bit half-baked at the moment and, more importantly, poorly documented (security through obscurity is definitely not on the wish list of privacy-minded folks).

      On an isolated VM I allowed the stub to download the 9.56Mb setup and then did a few quick, straightforward and simple offline experiments:

      oofd1

      oofd ?
      oofd /add C:Temptest.txt
      oofd /delete C:Temptest.txt
      oofd /settings
      

      oofd2

      Looking at the (hidden?) settings, both the default connection server address ( wss://signal.file.direct ) and the API server address ( https://api.file.direct, redirecting to https://www.oo-software.com/en/filedirect ) appear to confirm the assumption that the tool might be using WSS on HTTPS and standard secure encryption protocols (AES, Camellia, etc) to communicate with the O&O servers and support its core functionality (establish a securely encrypted point to point connection). The other setting suggests the (optional?) use of a STUN/TURN Server and WebRTC communication.

      Proper documentation, further analysis of the tool and closer inspection on its behavior and the network traffic it generates would be useful and enlightening. IMHO the response “tone” (short, abrupt) of the support email you received, added to the fact that this is a proprietary, closed (not opensource) software doesn’t help to build user trust on it, either.

      In regards to possible alternatives to O&O FileDirect, although also proprietary consider taking a look at Send Anywhere:

      https://send-anywhere.com/product

      The current version (product/file version 20.8.200955/20.8.4347, build 1253, digitally signed Aug 20, 2020)) is less lightweight both on size and memory usage but on the plus side it seems a more mature product (cross-platform, uses the Electron framework) with a few more, interesting options (check the settings), a User Guide and some available online documentation:

      Support (KB):
      https://support.send-anywhere.com/hc/en-us

      Notices:
      https://support.send-anywhere.com/hc/en-us/sections/201021268-Notice

      Attachments:
      1 user thanked author for this post.
      Speccy
      AskWoody Lounger

      Windows Defender Antimalware platform 4.18.2008.9 is available for manual download from the catalog (KB4052623). Additional help (KB) here.

      1 user thanked author for this post.
      mpw
      Speccy
      AskWoody Lounger

      Woody, the 0xc0000142 error code is listed as STATUS_DLL_INIT_FAILED:

      {DLL Initialization Failed}
      Initialization of the dynamic link library %hs failed. The process is terminating abnormally.

      Office programs attempt to load multiple libraries upon execution and may fail to start during the process if one of those libraries in the memory chain is unable to load.

      The “corrupted” library (“restored” by the sfc /scannow command) might be an older version (included in a botched update that incorrectly replaced a newer one) or a library tied to the online licensing verification mechanism (which would explain why an Office365 outage could cause the issue and then suddenly, out of the blue, everything starts to work again with no apparent reason).

      Your C:\Windows\Logs\CBS\CBS.log file contents (recorded after the sfc /scannow execution) might shed some light to identify the culprit and, eventually, the reason why that specific .dll file failed to load successfully.

      • This reply was modified 3 months ago by Speccy. Reason: Fixed bold tag
      1 user thanked author for this post.
      in reply to: Patch Lady – Defender not having a good week #2288749
      Speccy
      AskWoody Lounger

      Same as geekdom here (Win10Pro v1909 x64 Build 18363.959 (Baseline) / 18363.1016 (Beta Testing)),

      Antimalware Client Version: 4.18.2007.8
      Engine Version: 1.1.17300.4
      Antivirus Version: 1.321.1424.0
      Antispyware Version: 1.321.1424.0

      No Windows Defender errors.

      That new 4.18.2008.4 platform that Susan and others are talking about is likely a BETA being pushed through whatever preview/fast ring/insider initiatives are currently happening. It may or may not be the next engine to supersede the current one (4.18.2007.8).

      IMHO, hacking the Registry (by adding a few REG_DWORD keys) to “flag” the system as a candidate to automatically get a BETA engine to auto-install might not be the smartest move. I would just wait a few more days… When the next engine is “ready” it will be made available through the Catalog, at the usual location:
      https://www.catalog.update.microsoft.com/Search.aspx?q=KB4052623

      Ironically, the supporting KB article at
      https://support.microsoft.com/en-us/help/4052623
      is also slightly behind: it is still referring the previous engine (4.18.2005.5, made available at the Catalog on June 3rd, 2020).

      Regarding Redmond’s decision to began flagging some customized HOSTS files as “malicious” one may workaround the “issue” by manually defining an explicit exclusion rule:
      WindowsDefender-hosts_exclusionRule
      (it may also be viable doing that for multiple endpoints, through a script that ‘reg add”s the rule – although it is a bit tricky as it involves dealing with ownership and permissions, etc)

      Note however that, because this rule would also allow malware to silently add malicious entries as well, the HOSTS file should always be closely monitored for any unexpected changes.

      Attachments:
      in reply to: Windows Defender throwing error Events 7000, 7001 #2287346
      Speccy
      AskWoody Lounger

      Windows Defender Antimalware Client v4.18.2007.8 (1.1.17300.4 engine), v1.321.997.0 definitions, Core isolation OFF, no WD stuff here. Windows Defender Antivirus Network Inspection Service set to Manual, starts fine (normally it is NOT running, it is only triggered and started by the AV itself as needed), no Event Viewer log errors. My 2 cents:

      1. Core isolation is a device-dependent feature: it can only be enabled successfully if both the hardware and the Hyper-V configuration/usage requirements are met (see here)
      2. First simple thing to try is to update to the latest definitions (currently v1.321.997.0). They can be manually downloaded at https://www.microsoft.com/en-us/wdsi/defenderupdates (note that the links to download the definitions are often slightly behind the latest available definitions; as I write this, the webpage is still offering v1.321.990.0).
      3. If problems arise that can be pinpointed solely to the Network Real-Time Inspection component of the product, an alternative to try (instead of reinstalling or rebooting in recovery mode and resetting computers) might be just to scroll down to the bottom of the above mentioned webpage and download and (re)install the NIS updates
        NIS
        (nis_full.exe is rather old, digitally signed March 21, 2018; I haven’t tried or tested this approach at all, but eventually it might be worth trying – if anyone here wants to confirm that, it might be enough and do the trick of replacing the missing core element – library, whatever – that seems to be the root issue reported by some people)
      4. An even simpler, trustworthy and proved temporary workaround is simply to rollback to the previously used version (v4.18.2006.10-0).
      Attachments:
      in reply to: Win7 nag screens are up #2021150
      Speccy
      AskWoody Lounger

      Yes. We’re on Phase 5 now.

      in reply to: Windows Defender False Positives? #2020046
      Speccy
      AskWoody Lounger

      Can’t tell for sure, but it might be a false positive (bitstream scanning of a container format or the content of an object file being incorrectly flagged as a virus).

      in reply to: OK Google. Say where is the taxi stand in Portuguese. #2020039
      Speccy
      AskWoody Lounger

      Last time I checked, machine translation had a loooong way to go (…)

      LOL 🙂 I’ve seen a lot of that, too. Two enlightening and memorable examples of how blindly Google Translate is sometimes used as a lazy way to label consumer products were a permanent ink marker (“marcador de tinta permanente”) being described as “an ink pen with thick and permanent stroke” (badly translated to “caneta de tinta espessa e acidente vascular cerebral permanente”) or a power supply cable being translated to “cabo do poder” (lost in translation)…

      Edited for content.

      1 user thanked author for this post.
      in reply to: OK Google. Say where is the taxi stand in Portuguese. #2019898
      Speccy
      AskWoody Lounger

      The debate goes on whether technology is morally neutral or not but, IMHO, one reasonable middle way might just be that, in the end, albeit morally neutral in the end technology is used in service of people’s values – either in good or bad ways: warrenrumak’s concerns are as pertinent as Noel Carboni’s pragmatism is legitimate.

      Back to the topic, Anon is right: Google translates to Brazilian Portuguese rather than European Portuguese (probably because Portugal has a population of 10 million people while Brazil population is over 200 million people).

      As EyesOnWindows and OscarCP pointed out, subtle language differences between the two countries and back-and-forth translations often lead to confusing results (to make a comparison, consider the meaning of American English words and expressions such as “sneakers”,”second floor”,”in school” and the British English equivalents: “trainers”,”first floor”,”at school” – see where this is going?).

      One small example: shoelaces. The Portuguese (pt-PT) word for it (“atacadores”) is “cardaços” in Brazil (pt-BR). An European Portuguese asking a native Brazilian “Como se apertam os atacadores?” [How do you put your shoelaces on?] will get a weird, slightly afraid look from the Brazilian dude: to him, that question sounds a bit more like “How do you press an attacker?” because the Portuguese expression “um atacante” (an attacker) has the same meaning in both countries (someone who is physically threatening you) but whereas in Portugal, the word “atacador” has one single meaning (a shoelace) in Brazil, it could also be a synonym of “atacante” (an attacker)… thus, unless the Brazilian guy actually faced an angry burglar armed not with a gun but with a pair of big, heavy shoes 🙂 it is pretty obvious how silly the results are!

      Not only that, but also Google Translate often does a poor job translating Brazilian Portuguese to English. For e.g. the question “Como apertar os cadarços?” (pt-BR) translates to “How to tighten the shoelaces?” but the same question “como apertar os cadarços?” (pt-BR) all lowercase translates to “how to fasten the shoelaces?” (fasten the shoelaces? really? like, say, fasten your seat belt?)…

      There are a few, less-known alternatives to Google Translate – often with better results. DeepL is one such example of a tool providing rather decent results. I left as an exercise to our readers trying to translate the above Portuguese question (“Como se apertam os atacadores?”) into different languages – German, Italian, etc – and then those results back to English… and compare the Google Translate results with the DeepL results.

      Edited for content. Please stay on topic. The topic is machine translation of languages, not the merits of the countries of origin.

      • This reply was modified 11 months, 2 weeks ago by Bluetrix.
      • This reply was modified 11 months, 2 weeks ago by Bluetrix.
      • This reply was modified 11 months, 1 week ago by Speccy. Reason: Rephrased last sentence
      • This reply was modified 11 months, 1 week ago by PKCano.
      • This reply was modified 11 months, 1 week ago by PKCano.
      in reply to: MS-DEFCON 4: Time to get the November patches installed #2016006
      Speccy
      AskWoody Lounger

      First of all, a quick heads-up: Windows Defender got a new Antimalware Client (Version 4.18.1911.3, engine v1.1.16600.7) yesterday. Quick and Full scans appear to be working fine with current anti-malware definitions (v1.307.20.0 as I write this – more help about this specific subject in my previous post here).

      Second, if you haven’t donated yet (guilty! – my bad, sorry…) and have no access to Patch Lady Susan Bradley’s paywalled Patch Watch Column here goes yet another (adding to everyone else’s) additional feedback – reporting back (follow-up of my previous post) from a managed set of Win7/8.1/10 Virtual Machines (VMs) and physical systems: my previously mentioned “Stable BETA TEST” snapshots became the “Stable BASELINE” ones, and the current “Stable BETA TEST” snapshots are now as follows:

      Windows 10 x64 (Version 1803):

      [Nov 12, 2019] –KB4523203 (2019-11 SSU)
      [Nov 12, 2019] –KB4525237 (2019-11 Monthly Rollup) b1130

      No observable bugs so far, all working fine and normally. System integrity confirmed by executing the SFC /VERIFYONLY and DISM /Online /Cleanup-Image /CheckHealth commands (both successful, no errors returned).

      Windows 8.1 x64 (Group A):

      [Nov 12, 2019] –KB4524445 (2019-11 SSU)
      [Nov 12, 2019] –KB4525243 (2019-11 Monthly Rollup – includes KB4525106 [IE11 Rollup])

      SSU installed first (manually downloaded from the Catalog), then the Monthly Rollup (WU).
      MSRT (Microsoft Malicious Software Removal Tool) v5.77 [Nov 2019] installed successfully via WU, executed normally (no errors).
      No observable bugs so far, all working fine and normally. System integrity confirmed by executing the SFC /VERIFYONLY and DISM /Online /Cleanup-Image /CheckHealth commands (both successful, no errors returned).

      Windows 7 x64 SP1 (Group A):

      [Jul 09, 2019] –KB4507004 (.NET Framework 3.5.1, part of KB4507420 [2019-07 .NET Framework Rollup] => Re-released Oct 15, 2019)
      [Sep 23, 2019] –KB4474419 (2019-09 SHA-2 v3)
      [Nov 12, 2019] –KB4523206 (2019-11 SSU)
      [Nov 12, 2019] –KB4525235 (2019-11 Monthly Rollup – includes KB4525106 [IE11 Rollup])
      [Nov 12, 2019] –KB4524421 (.NET Framework 4.6.2, part of KB4524741 [2019-11 .NET Framework Rollup])

      Manually updated using the packages downloaded from Catalog.
      No observable bugs so far, all working fine and normally. System integrity confirmed by executing the SFC /VERIFYONLY command successfully (no errors returned).
      MSRT (Microsoft Malicious Software Removal Tool) v5.77 [Nov 2019] manually downloaded (before being pulled out from Catalog*) and successfully executed/installed (no errors)*.

      *Although the Catalog references for applicability of the tool for Windows 7/Server 2008/R2 systems have been pulled out, these were indeed the very same 32-bit/64-bit binaries that remained and are still being offered (currently, for Windows 8.1/10/Server 2012[R2]/2016 only) – more about that here, here, here, here, here and here.

      3 users thanked author for this post.
      in reply to: Patch Lady – watch out for banner ad scams #2014984
      Speccy
      AskWoody Lounger

      Shift+Ctrl+ESC takes you directly to Task Manager (sparing one click a day keeps the doctor [and wrist injuries] away). 😉

      2 users thanked author for this post.
      in reply to: Windows 1.0 turns 34 years old today #2009960
      Speccy
      AskWoody Lounger

      Windows 3.11 for Workgroups (~1994).

      • This reply was modified 1 year ago by PKCano.
      • This reply was modified 11 months, 1 week ago by Speccy. Reason: Edited (irrelevant, off-topic info removed)
      Speccy
      AskWoody Lounger

      “(…) I would say with a high degree of certainty that it is related to the WU agent not understanding the new signing mechanism for this update. It is likely that we will see either a new version of the WU agent released soon, or as an intermediate solution, a new release of the MSRT using the previous signing implementation.”

      I agree. It is also my understanding about what might have happened – you nailed it! 😉

      (emphasis above, on the possibility of an upcoming, new MSRT to be released soon: it has happened before [December 2008, August 2005] and, in fact, currently the Catalog is not “offering” KB890830 for Windows 7/Server 2008/R2 [that, basically, was the same unique binary currently being offered only for Windows 8.1/10/Server 2012/R2/Server 2016] anymore…)

      1 user thanked author for this post.
      Speccy
      AskWoody Lounger

      When manually executed, the KB890830 package will simply unpack MRT.exe to the %WINDIR%\System32 folder and exit the thread, transferring control to it.

      Then the %WINDIR%\System32\MRT.exe process will start executing, writing

      ---------------------------------------------------------------------------------------
      Microsoft Windows Malicious Software Removal Tool v5.77, November 2019 (build 5.77.16547.2)
      Started On Sat Nov 16 11:15:52 2019
      
      Engine: 1.1.16500.1
      Signatures: 1.305.993.0
      MpGear: 1.1.16330.1
      Run Mode: Interactive Graphical Mode
      

      into the %WINDIR%\debug\mrt.log file. Once you press the ‘Next’ button twice, the tool will start scanning (a Quick Scan, by default, if not otherwise selected).

      During the scanning process the ‘Version’ REG_SZ registry value remains unaltered: the GUID update in the Registry only happens near the end (when the scanning process finishes – either normally or, presumably, also through an exception catching mechanism if an error occurs and the application ends abnormally):
      MRT-monitoring
      Then the tool waits for the user input:
      MRT-execution
      Once the ‘Finish’ button is pressed, the %WINDIR%\debug\mrt.log file is appended with the collected results (and the heartbeat “phone home” attempt occurs – successfully or not, depending if you allow it or not to happen):

      Results Summary:
      ----------------
      No infection found.
      Failed to submit clean hearbeat MAPS report: 0x80072EE7
      Microsoft Windows Malicious Software Removal Tool Finished On Sat Nov 16 11:28:40 2019
      
      
      Return code: 0 (0x0)
      Attachments:
      1 user thanked author for this post.
    Viewing 15 posts - 1 through 15 (of 64 total)