Tag: computer

Disable .exe’s from running inside any user %appdata% directory – GPO

Posted on June 1, 2014 by Dexter

The Cryptolocker virus out there in the wild and I’ve seen it happen on a few computers and it’s certainly not pretty. The details are sorrid, but in a nutshell what happens is a crytolocker virus gets onto your computer, locks all your pertinent files and demands a ransom amount so you can get your files back. Those who pay the ones delivering the virus will become more bold and will start demanding more money.

What can you do to protect your company?
Create some Group Policies to lock down likely places for Malware / Spyware / Grayware / Cryptodefense and other likely .exe programs from running:

– Open up Group Policy and create new GPO
– Title this policy Disable .exe from %appdata% and click OK
– Right click on this policy and select Edit
– Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
– Right click on Software Restriction Policies and click on ‘New Software Restriction Policies’
– Right click on Additional Rules and click on ‘New Path rule’ and then enter the following
information and then click OK

Path: %localAppData%\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData (Win 7)

Path: %localAppData%\*\*.exe
Security Level: Disallowed
Description: Don’t allow executables from AppData subfolders (Win 7)

Path: %localAppData%\Temp\*.zip\*.exe
Security Level: Disallowed
Description: Prevent unarchived executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\7z*\*.exe
Security Level: Disallowed
Description: Prevent 7zipped executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\Rar*\*.exe
Security Level: Disallowed
Description: Prevent Rar executables in email attachments from running in the user space (Win 7)

Path: %localAppData%\Temp\wz*\*.exe
Security Level: Disallowed
Description: Prevent Winzip executables in email attachments from running in the user space (Win 7)

The following paths are for Windows XP machines (if you still have them; I put these in just in case with the same disallow security settings)
%AppData%\*.exe
%AppData%*\*\*.exe

Create your new path rules as seen above
Create your new path rules as seen above
GPO Selections
Your final selections should look like the above. Make sure to apply the GPO to the proper OU once done.

 

 

*Update Feb 02, 2016*

I spent some time on a conference call with some Malwarebytes reps, I’ve been test driving a beta version that’s now available to the public.

Introducing Malwarebytes Anti-Ransomware

As I understand, the good folks at MalwareBytes will be conglomerating all their products: Anti-Malware, Anti-Ransomware, Anti-Malware, and Anti-Exploit into one nice big runtime. (date not yet announced).

 

How to get Green ticks on Google Drive back

Posted on January 3, 2014 by Dexter

Google Drive no Syncy for you

I’ve been using Google Drive to sync files for some time now, because it’s great having 15GB of storage sitting in the cloud that I can access anytime.  I’m not here to point out the merits of having a google account that needlessly and continually asks me to come back to my google+ account, and yes I find it annoying that gmail now separates my mail into confusing tabs that really don’t have any meaning to me.  That little rant is for another article.  Today, I’m going to show you how to get the green tick marks back on your google drive to show that all your files are syncing.

When I had google drive, I found I needed more cloud storage, so I installed Skydrive and most recently installed the Synology Cloud Station product.  What this does is make my bottom toolbar look like it threw up as I have close to 20 icons sitting in the corner.  Call me OCD, but I need to see all my icons and having them hidden drives me bananas. The problem with Windows Explorer is that it only allows for 15 slots for icon overlays.  What does this mean?  When you put more changing icons (such as the aforementioned skydrive, google drive that requires icons change to green for synced, red for unsyncable, or yellow or whatever color) you’re using up that 15 slot overlay.  In my case, my Google Drive puked and turned all the folders and files inside into normal looking icons – which normally wouldn’t be a problem, but I couldn’t see if any files had problems getting up to the cloud.  Here, I’ve compiled an easy to follow fix should you encounter the same situation.

These instructions are for Windows 7, and I’ve heard they work on Windows 8 as well.

1. Run Regedit and navigate to HKEY\LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\

2.  Find these 3 entries: ‘GDriveSharedOverlay’, ‘GDriveSyncedOverlay’ and ‘GDriveSyncingOverlay’

Gdrive registry before
3. Add a prefix ahead of them: ‘0GDriveSharedOverlay’, ‘1GDriveSyncingOverlay’ and ‘2GDriveSyncedOverlay’, so it should look like this now:

Gdrive registry before-and after

4. Reboot your PC and take a look at your google drive icons – they should all re-appear with the green ticks:

folders after

You will have to repeat these steps over time, or whenever you overfill the 15 icon buffer limit on your Windows machine -so keep that in mind.

Handy App of the Day: SearchMyFiles

Posted on October 25, 2013 by Dexter

The other day I was tasked with finding all the duplicates in a large network share.  Large as in: 2TB worth of company data.  The previous IT company wasn’t so good at house cleaning so I was given the assignment of finding all the duplicate data that existed and archiving or deleting it to save space on backups.  After a little research, I found my answer in Nirsoft’s SearchMyFiles.

I’ve mentioned Nirsoft in the past with their export text software, and the SearchMyFiles app is another impressive tool they offer for free.

My first searches were for duplication software, it was only by pure luck that I stumbled across this gem as it was named a ‘search’ utility, and not a ‘duplicate’ utilty.  The functionality is right in the dropdown!

SearchMyFiles with Duplicates finder. No frills here, options are simple and easy to configure
SearchMyFiles with Duplicates finder. No frills here, options are simple and easy to configure

While the software isn’t the prettiest, it is by far the most powerful and menu friendly.  No need to look and bump around with file and options as it’s all laid out to see.  There’s no installer either, so it’s a small footprint and can be run directly from a USB stick.

After about an hour, I had search results I could export into a spreadsheet and pour over with a fine tooth comb.

As you would imagine, the regular search utility works awesomely fast as well – going through a network share was a breeze, and you can specify how many folders deep you can go (infinite is an option).

Well done NirSoft, you’ve saved my bacon again!

-Dexter

Handy App of the day: Space Sniffer

Posted on May 22, 2013 by Dexter

If you’ve been working on Windows based computers or servers, or Windows File Servers, a time will come when you have to figure out how much space you’re using and what type of files are taking up space.  I’ve used Tree Size Free, WinDirSTAT and Filemenu Tools many times in the past but always found that they take too much time, need to be installed or don’t have proper visualizations.

SpaceSniffer seems to be the near perfect solution: it’s free, runs portable (no installer necessary), has great visualizations and is FAST.

Color Coding comes in handy for types of media, file classes, and even free space.
Color Coding comes in handy for types of media, file classes, and even free space.

Compared to Filemenu tools or WinDirSTAT, Spacesniffer also does it’s calculations in real time; deletion of a file updates the entire diagram.  There’s also the ability to ‘Zoom’ into a directory or choose a network location.

Simply awesome freeware.

 

-Dexter

Windows 7 Wireless and Wired connections priority

Posted on May 10, 2013 by Dexter

I always thought that Windows 7 would automatically switch to the next fastest connection. I’d been trying to figure out why it seems to stick with a wireless connection even after connecting a network connection. Turns out, Windows 7 eschews speed for reliability.

I especially found this annoying when, after booting and automatically being connected to the wireless I plugged into CAT5 and tried transferring a file from my NAS only to see my wireless connection hitting the ceiling at 3.5MBps second. Luckily, I’ve found a solution that’s been covered in other places, but I like to put my own spin on things:

1. Goto Control Panel -> Network and Sharing Center, click on Change adapter settings

Image 000

2. From the adapter menu hit ‘alt’ to bring up the Windows File editing menu, and you’ll see the super-hidden ‘Advanced’ column that’s been evading you all these years.  Then to Advanced Settings…

Image 009

 

3.  This brings you to a listing of connections by priority.  Notice that Wireless is along the top, or first in priority.  Simply move the Local Area Connection to the top or just above the wireless connection.  Hit OK.

Image 003Image 002

4. All done!  Now the next time you boot up with wireless, and plug in a wired connection Windows 7 will automatically switch to the ‘fastest’ connection!

Exchange 2010 SP2 Automapping issue

Posted on May 10, 2013 by Dexter

There’s a slight bug with the Exchange 2010 server, in that it automatically remaps any shared mailboxes you’ve used when the client is either Outlook 2007 or 2010.

If you’re mapped a mailbox in the past, an automapping feature kicks in and puts the mailbox back on your profile, even if you’re starting out with a brand new profile. To disable this, you have to log into your exchange server and issue some commands from the Exchange Powershell:

Add-MailboxPermission "domain\user" -User "domain\user2" -AccessRights FullAccess -AutoMapping:$false

domain\user = user mailbox you no longer want to view
domain\user2 = the primary user, usually the one you’re setting up

This has been tested on Exchange 2010 SP2 and SP1 successfully

A love letter to Winamp

Posted on June 25, 2012 by Dexter

Winamp - Still Awesome

 

Digital media is difficult to manage on the best of days. Organizing it in whatever format you decide to store, be it a Windoze box, a linux distro, or even a Macintosh is all your choice.

But what I’m asking for is how you play your files? The new de-facto standard seems to be itunes. Now, itunes has become the standard for mainly one reason: ipods and iphones automatically open that particular application because they were designed to work together. And because the parent company Apple likes it when their hardware and software talk with each other.

What everyone doesn’t realize is this: itunes eats up memory. LOTS of memory. When you think it’s just playing your songs, it’s doing other stuff in the background: if you’re using a smart playlist, it’s categorizing all other songs that fit whatever particular mood music you’re listening to. It’s caching all itunes store information in the background, putting up banner ads suited for you, checking and re-checking DRM purchases. It’s doing all this even when you put it into mini-player mode.

Here’s a solution: Use Winamp.  I never stopped using this thing since my University days because it was free, and my ancient PC could still run it with little to no problems.  And I always like the small footprint, it could sit at the very top of my screen taking up only a few pixels, yet managed to place as much useful information as a good old fashioned CD player could – with some added bonuses when you put the playlist  beside it.

And there’s some really good content on the Winamp startup wizard; the store while lacking some features we’ve all grown accustomed to has the basic packages you’re looking for: including some podcast features!

So rage against the machine, find your old music roots in Winamp and take back that extra Gig of memory and play your music with something that’s small, easy to use and has more features today than most other crappy music players.

Here’s a quick handy pro/con list for anyone that doesn’t want to read the top 6 paragraphs:

 

  Itunes Winamp
Ipod / Iphone support Yes Some versions support it
Average memory usage 1.0 GB – 1.8 GB Less than 10 MB
Playlists Yes Yes
Works on mobile devices All IOS (naturally) *All Droid phones
Wide Range of codecs Yes (kinda) Check out the forums – almost unlimited
Customizable? Kinda You betcha – Themes ahoy!
Video playback Yes Yes
Size of installer 170 MB + growing each update 10MB for full features, < 5MB for most basic pack
Annoying update engine? Yes Yes
Still better than RealPlayer? Yes Yes

*too bad for us blackberry users.  Then again, RIM is in trouble anyway for missing the boat on every consumer front possible.