Query on WSL
Hi, I want to install WSL on Windows Server 2019. I have checked the Microsoft documentation, but I am unclear since it mentions both WSL 1 and WSL 2. Which version should I choose? If I want to install WSL on a server without internet connectivity, is…
AxiosError: Request failed with status code 400
Hi, When we are trying to raise our secure score we encountered this problem: Something went wrong We have encountered an error loading this page, please try again later: AxiosError: Request failed with status code 400 Can someone explain why its having…
Microsoft XDR (Defender) - DeviceEvents - ShellLinkCreateFileEvent
Hi everyone, I've been trying to create a hunting query in the Defender portal to identify when a malicious .lnk file is created. I noticed that an interesting event to detect and analyze this is "DeviceEvents --> ShellLinkCreateFileEvent",…
Multiple failed access attempts
Recently my email account has about 20 failed login attempts every day. This has been occurring for the past month and I am constantly being logged out of my email because of the multiple log in attempts. I changed my password and downloaded the…
How to set "pws:html/phish.hc" on Windows on my Windows 11 pro PC?
Hello, Is anyone helping me with this threat? "pws:html/phish.hc" I always got this threat alert. I have even removed it, but it keeps coming back. So, what should I do about it? Thanks.
Query Windows Firewall
Hi All, I currently have Windows Firewall disabled in my environment, but I plan to enable it. If I enable Windows Firewall, what inbound and outbound traffic or ports are blocked or allowed by default?For example, let’s say I enable Windows Firewall on…
Unable to debug Stored Procedure
I get the following error: Unable to start the Transact-SQL debugger, could not connect to the Database Engine instance. Make sure you have enabled the debugging firewall exceptions and are using a login that is a member of the sysadmin fixed server…
Microsoft XDR (Defender) - How to export - Advanced Hunting - Custom Detection Rules
Hello everyone, Our team is trying to export the Custom Detection Rules. We have more than 50 rules, so we need an automated process that allows us to export and import the rules. Currently, we see that the API function that allows this is still in beta:…
My touchpad has some issues and i cant find the solution anywhere . When i want to move the cursor it just gets dissapeared and moves down towards the taskbar on its own and becomes a dot like structure and then when i try to mive it towards where i want
My touchpad has some issues and i cant find the solution anywhere . When i want to move the cursor it just gets dissapeared and moves down towards the taskbar on its own and becomes a dot like structure and then when i try to mive it towards where i want…
Schannel error on Windows Server 2022 backgroundTaskHost
I am seeing a lot of Schaneel Errors with event id 36871 "A fatal error occurred while creating a TLS client credential. The internal error state is 10013." The SSPI client process is backgroundTaskHost with different PIDs everytime. It is…
CVE-2013-3900 WinVerifyTrust Signature Validation Vulnerability
Hi All https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 To remediate the vulnerability CVE-2013-3900 is to add the below registry values. [HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config] …
Turn off Spotlight collection on Desktop
Hi All i have an ask to enable the below policy on windows servers. What benefit will i get by enabling this policy on windows servers. This is Personalization settings i believe. User Configuration\Policies\Administrative Templates\Windows…
Multi-Provider Router (MPR) notifications
I need help on two GPOs. If I disable the policy below, will there be any impact besides issues with mapped network drives? Policy: Enable MPR notifications for the system --> Disabled Location: Computer Configuration\Policies\Administrative…
Uruguay URCDP: Requesting letter from Microsoft?
We have Microsoft listed as a subprocessor as multiple Microsoft products process the personal data of our clients. We have a client in Uruguay that has asked us to request a letter from Microsoft with the following language: In accordance with URCDP…
WMI connection Problem on Windows10
Hello, In a VMware environment, I installed Windows Server 2016 as the Domain Controller. Additionally, I set up another Windows Server where I configured WMI permissions, granting WMI namespace access to a domain user. Afterward, I applied a GPO with…
Disable NTLM - Domain Join fails
we're trying to implement NTLM blocking (yes, this article is from 2009) and have enabled the relevant GPOs both on DCs and all member systems. surprisingly enough most things work just fine, which is good. but joining new computers to the…
Activating benefit of Azure Arc enabled Windows Server 2012 R2 failed
Activation failed Activation of Software Assurance benefits for 1 machines has failed with error 'Pay-As-You-Go Subscription for SoftwareAssurance is ineligible due to 'InvalidLicenseStatus'.'
Long login time via smart card
Hello. We are using smart card login via RDP. Login can be after entering pin code from 10 to 30 seconds. How to diagnose this ?
What is the autorenewal procedure for multiple certificates enrolled using the same certificate template?
Hi, At one of our customers, I think we might be running into a certificate autorenewal bug on our Windows server 2019 Webservers which are configured to use SSL certificates with autorenewal. Automatic rebinding of the certificate is enabled in IIS…
Licenses & Pre-requisites aren't clear for Security Management with Microsoft Defender for Endpoint
Hi, I would like to understand a few things from the perspective of Defender for Servers. Before that, let me tell you the scenario that made me ask these questions! Scenario: Built a couple of servers(Domain joined - 1 and Workgroup - 1) on-prem in…