Q3. How can I disable the infection-reporting component of the tool so that the report is not sent back to Microsoft?
A3. An administrator can choose to disable the infection-reporting component of the tool by adding the following registry key value to computers. If this registry key value is set, the tool will not report infection information back to Microsoft.
Post by Locutus deBorg on Nov 2, 2015 11:30:45 GMT -6
since I never get infected, there is nothing for the to tool to report
what is funny about that tool is MS is still sending out new versions / updates to XP and Server 2003 both of which are supposed to be EOL
though it is fun to troll MSE with the EICAR Test keep a modified undetectable copy on the desktop and occasionally drop it in the detectable form with save as Aaaaaaaaaaaaaaahhhh!! MSE threat detected ...
I find the lack of configuration options disturbing !
I felt a great disturbance in the force.. as if millions of win 7 systems suddenly cried out in terror.
Likewise, the last infection detected in my house was my son's doing in 2004, when he was 12 years old and thought that downloading and running game hacks was fun.
I think it's funny that we have to bend over backwards to stop the "anti-spyware" components from checking in regularly with Microsoft's servers online.
Disabling Windows Defender entirely has averted the other regular online checks I was seeing as well, plus gained 15% speed in my Visual Studio builds (that's like going from a 3.5 GHz clock speed to 4 GHz). Since I have such an effective front-end strategy for avoiding malware I may consider just leaving it off, and rely on occasional MBAM scans to ensure nothing has sneaked past. I'll have to think about that change in strategy for a while...
Been using the MSRtool and the old safety scanner since forever. Don't recall it ever finding anything. If you have Blaster or DOOM on your system then your goose is already cooked anyway. Funny, All through the TechPreview builds i recommended it even though MS officially said it wasn't compatible. Always ran fine for me. Eventually the support engineers changed their minds and started suggesting it themselves to all the infested insider machines. Haha, was'nt that long ago that MBAM was quarantining the SvcHost proccess' LOL build9926 as i recall, Win NT reg keys for it were labled "Security HiJack"by Malwarebytes. Deleted 'em, Ran better without them
Post by Bayer A.User on Nov 6, 2015 8:00:33 GMT -6
Firewall strategy-seems to be getting the job done on 10Enterprise. Wu enabled(notify for dwnld) + outbound internet access only when i say so. Update agent checks,finds, but does not dwnld or install on its own. I.P's- 23.10.82.85-86, 23.78.197.231, 93.184.215.200, 191.234.72.188 more than likely AVG related.
It's "deny-by-default" for me from here forward too. So far it seems to work well enough, though I'm still a little concerned that one day Microsoft may decide that my systems should not longer be activated. I'm sure I'll be able to deal with it if the time comes.
I've finally decided that for me firewall reconfiguration will be required to even begin a Windows Update, which is normally disabled entirely.
This simplifies my "normal" configuration considerably. Trying to figure out all the addresses Microsoft contacts got to be more effort than I wanted to keep spending, and I started to run up against limitations of the Sphinx firewall software to define exceptions, so for my normal operations configuration there will now be no Microsoft Windows Update whitelist, and for my exceptional update configuration it will switch to "allow-by-default" but with a blacklist of addresses I've accumulated that I'm sure I don't want contacted.
I still have a couple of addresses on my Win 8.1 system I see repeatdly being blocked owing to connection attempts by some service to 23.1.117.231 and 23.73.5.231. Whether these are normal network type operations (e.g., certificate revocation list requests) or something else remains to be seen.
I knew the day would come when one couldn't trust one's own operating system vendor. It's sad we have to spend effort on this, but it's manageable so far.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Maybe it would be useful to discuss... What's a good strategy for determining why a particular address is being contacted by a particular service (or group of services)?
For some it's easy - reverse DNS gives clues, like 23.14.84.x being CDN delivery for crl.microsoft.com. For others I'm sure there are ways to gather more info. I've found sites like ipaddress.com, ip-lookup.net, and ipfingerprints.com are somewhat helpful, but the info only goes so far.
For example, for 23.1.117.231, here's what I know so far:
It's an Akamai CDN address, listed as hosted from Cambridge, MA. Reverse DNS shows: a23-1-117-231.deploy.static.akamaitechnologies.com
An outbound connection is being attempted by SvcHost impersonating me (using my login).
The connection is being attempted to port 80 (not encrypted) at a modest rate, 6 times in the last hour.
It doesn't seem regular, and may have something to do with the work I'm doing with the computer.
This particular SvcHost instance is started via "C:\Windows\system32\svchost.exe -k NetworkService" and is hosting these services:
I haven't tried looking at the content of the communications, but I somehow suspect it won't yield much. It could I suppose yield a URL that might help with deciphering the meaning (WireShark I guess).
Other ideas?
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Post by Bayer A.User on Nov 6, 2015 18:12:06 GMT -6
Absolutely disable DoSvc-Delivery Optimization. This is the infamous multiple source "Peer2Peer" update that Microsoft wants us to pretend doesn't do what we know it does. WU will still work fine. Branch cache is part of it,stores system files to be shared with "other" 10machines.
I have it configured for LAN only. Again, remembering that I run multiple machines on a LAN, it could actually be useful here (one day, maybe, if I ever choose to have more than one Win 10 system). And if somehow the setting doesn't do what it says, the firewall will keep my system(s) from being a data provider to anyone outside. The service is not actually running, not taking any resources.
I have a decent enough internet connection that it wouldn't be a necessity, but if I ever do adopt Win 10 on multiple systems in-house it would be nice not to have to download multi-gigabyte updates multiple times.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
The instructions are pretty terse, and they don't say to run the Remove-AppxPackage commands in another, different CMD window, which has been started elevated with your credentials, not SYSTEM, so that the packages are removed for your user ID.
Check this out - these are all I have left, most of which are still needed to run what parts of the system MUST be in XAML:
And - the good part: No more system errors are logged at startup by the system doing things like trying to start a half-missing Cortana!
Post by Bayer A.User on Nov 7, 2015 12:01:31 GMT -6
Hey Mike, Mods caught up with Chuck ? You are probably right about the "upgrade" un doing what changes have been made. Has been the case before. This is the only reason I'm still in the game. We all need to figure out how to prevent remote control of 10 (or any legacy windows). I plan on fightin' the good fight with this 10 for my own benefit. Happy to share the hacks when I find them. After all that's what we signed up for.
Disabling Windows Defender entirely has averted the other regular online checks I was seeing as well, plus gained 15% speed in my Visual Studio builds (that's like going from a 3.5 GHz clock speed to 4 GHz). Since I have such an effective front-end strategy for avoiding malware I may consider just leaving it off, and rely on occasional MBAM scans to ensure nothing has sneaked past. I'll have to think about that change in strategy for a while...
You can do it! That's the strategy I've been using for a long time now without issues.
Microsoft, is Windows 10 the best you could do? Really? After promising to listen to our feedback, what a letdown!
Been on the new strategy for 2 days now. Real-time protection off, I guess background scans are still on.
I have definitely felt the difference. My system actually feels more responsive, and that's saying something since it was already quite fast before.
It's not like the AV software ever actually blocked anything as far back as I can remember. An ongoing 15% performance penalty in hindsight seems a steep price to pay for no detections and a possible false sense of security.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Hey Mike, Mods caught up with Chuck ? You are probably right about the "upgrade" un doing what changes have been made. Has been the case before. This is the only reason I'm still in the game. We all need to figure out how to prevent remote control of 10 (or any legacy windows). I plan on fightin' the good fight with this 10 for my own benefit. Happy to share the hacks when I find them. After all that's what we signed up for.
No, just decided to retire Chuck here.
We wanted more granular installs, and got uncontrollable update full installs.
Try the IOBit Advanced Systemcare 9 beta and Malware fighter beta(Now with Bitdefender integrated into it) and you'll pretty quickly how fucking uninvolved Defender is in protecting you from anything.
Post by Bayer A.User on Nov 8, 2015 20:19:21 GMT -6
My meaning was how involved defender was in the upgrade process, since it is disabled now by AVG. Hey, i'm a tester. sometime before the 10Enterprise eval is up I might give IOBit a try. I know who to ask.
Post by Bayer A.User on Nov 10, 2015 9:40:21 GMT -6
10Enterprise falling apart on update Tuesday.
After enabling "upgrades" inWU (was deferred) restart, check for updates(none) this 11-10-2015 a.m.
After 2weeks stable day in/out use behind firewall suddenly multiple issues : Time is incorrect-an hour behind, Settings refuses to open ,time/date on CP refuses to run, Restart-manually set correct time/date OK , BSOD-autorestart-check event log , can't scroll window to
see latest events,online BSOD again-restart, run sfc /scannow- freezes at 17%verification-found some corrupt files,unable to fix some of them.
Third BSOD-restart, online IEX 11 stops running/closes multiple times. Evidently my machine had a fight with the Muthership.
EDIt- NOW AVG is finding threats in IEX11= INetCookies\BSKWOABO.txt\advertising.com
FYI, I have just learned that the Windows Firewall service has "secret, hidden" rules that don't show up in the UI, and that the firewall service continues to run and function even if one disables the Windows Firewall via the UI.
The bottom line is that, even with a 3rd party firewall in place, the Windows Firewall service still runs, and conceivably could facilitate connections that have not been explicitly allowed or denied.
-Noel
Author of the "How to Configure the 'To Work' Options" series of Windows books. Not feeling enough love to do one for Windows 10.
Noel, ya i kind of expected that. It only makes sense that [tangent=Shitty company that cant do fuck right]MSFT[/tangent] would do this in order to keep you from stopping it making connections.
<Rick> Good video. It's almost hard to believe that at one time Windows 98 was the resource hog, but even then, it still ran circles around what Windows 10 can do on today's modern hardware and look a heck of alot better doing it.
May 25, 2021 22:55:12 GMT -6
<Rick> As stated elsewhere, So much for the launch of Windows 11, "The Great Crash." Myself, I had a hard time getting into the site listed above, when I did get in, the video was partly done and then it crashed. There has been many other reports of crashing.
Jun 24, 2021 9:52:33 GMT -6
*
<Rick> I see Microsoft has been very quick to pull down reports of site crashing regarding the Launch of Windows 11 on the Microsoft Insiders forum.
Jun 24, 2021 9:57:31 GMT -6
*
<Rick> The rebroadcast is working okay.
Jun 24, 2021 11:00:25 GMT -6
<Rick> With reports of people being able to install the dev-edition of Windows 11 on machines not meeting spec, I thought I would give it a what-the-heck try. Lucky me, I'm caught in the downloading, doesn't meet spec, clearing, re-downloading loop on my machine!
Jul 2, 2021 7:08:46 GMT -6
<Rick> I've recently purchased a license for ArcaOS from www.arcanoae.com/ to play with. First impressions, it's still OS/2, but it now has a Linux twist to it.
Jul 2, 2021 7:32:53 GMT -6
*
<dozrguy> laptop shit out and am stuck buying a new one. os win11 as fucked as win10 was?
Oct 2, 2021 12:56:10 GMT -6
<Rick> Let's see ..., my impression of Windows 11 is that it is a spruced up version of Windows 10 requiring a 64-bit processor plus a piece of security hardware that is less than 4 years old in order for it to run.
Oct 4, 2021 18:25:49 GMT -6
*
<Rick> On the plus side, Microsoft is supposed to be supporting Windows 10 for some time to come for those of us still using systems with I7 or older processors.
Oct 4, 2021 18:44:35 GMT -6
*
<dozrguy> i tried installing win10 om the 'shitout' pc this morning usung media creation. EPIC FAIL! went into an endless bootloop. win7 reinstalled just fine
Oct 21, 2021 11:23:38 GMT -6
<dozrguy> STILL so much bullshit and so little time for the kiddie ideas from the hill. My new laptop (MSI GE 11-UH461) would be an awesome "10" machine but because of Winblows I can only give it a "2"......wasted $3500
Oct 27, 2021 9:36:47 GMT -6
<Rick> Hello. Just checking in.
Mar 17, 2022 10:46:54 GMT -6
<isidroco> Each new w10 update adds >100000 useless files to \Windows\Servicing\LCU\Package_for_RollupFix... folders. Even in a SSD takes time to delete that stuff. In each version they manage to worsen stuff.
Mar 27, 2022 16:14:51 GMT -6
*
<dozerguy> still traffic here?
Oct 9, 2022 17:32:44 GMT -6
<Rick> No, there does not seem to be very much traffic these days. I still check in from time to time.
Oct 9, 2022 20:08:58 GMT -6