Latest posts of: x16wda - DonationCoder.com
Welcome Guest.   Make a donation to an author on the site July 03, 2015, 08:44:00 PM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Learn about the DonationCoder.com microdonation system (DonationCredits).
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: [1] 2 3 4 5 6 ... 23 Next
1  Main Area and Open Discussion / Living Room / Re: Be prepared against ransomware viruses.. on: June 27, 2015, 04:17:52 PM
Hey, you need to keep in mind that encrypting a file is a valid process. All you're doing is changing a file's contents. You could pull up a jpeg in an image editor and change it from a blue cast to a green cast, or edit your copy of the works of e e cummings and change it to ALL UPPER CASE or something. That's all that's happening. Heck, I encrypt files regularly -- the only difference is that I know the encryption key.

The more recent Cryptowall variants that I have seen are sneakier now - they don't always select every eligible file to encrypt. They also set the last-changed time stamp back to the file's original time stamp, so you can't tell from that what files were affected. Maybe that could be a clue to a/v software that something is amiss.
2  Main Area and Open Discussion / Living Room / Re: Be prepared against ransomware viruses.. on: June 27, 2015, 01:45:36 PM
Does anyone know of any mainstream security software that uses a "honeypot" approach of watching for certain files being modified?

Our largest client got hit several times with Cryptowall, and another one got hit on a large file server -- that took over 24 hours to encrypt. After I thought about that, I sprinkled several test files (jpg, doc & xls) with known checksums in various places in the shares, and wrote a script to look for flag files (HOW_DECRYPT etc) and compare the checksums. If it finds any flag files or modified honeypot files, it looks at the owner of the flag files (since that's whose box is doing it) and spits out emails to get the box pulled and start remediation.

Mainstream stuff ought to be watching file creation, and as soon as it sees a flag file created it should shut down the remote client and start ringing alarm bells.
3  Main Area and Open Discussion / Living Room / Re: Be prepared against ransomware viruses.. on: June 26, 2015, 06:51:33 PM
...and at today's prices, it's nice if you can rotate between an on site and off site copy (if you can, for example, leave a backup drive at the office or at your storage unit  tongue)
4  DonationCoder.com Software / Post New Requests Here / Re: IDEA: Utility to handle files/folders with illegal characters on: June 19, 2015, 05:09:19 AM
Would be interested in knowing if SetACL Studio will work for this. It has a 30 day trial that ought to give you enough time to try it.
5  Main Area and Open Discussion / General Software Discussion / Re: Nifty FREE Utility to do almost anything to a filename in Windows on: June 17, 2015, 06:43:55 PM
Very cool! I have used Bulk Rename Utility for this sort of thing, but I am always glad to find another!
6  Main Area and Open Discussion / General Software Discussion / Re: LastPass alternatives? (including premium LP) on: June 16, 2015, 08:52:00 PM
An online password manager provides a certain amount of convenience, and probably enough security for most casual use.  I just don't think I would trust one with anything really critical.

That's what I use Lastpass for. It remembers the forum passwords and fills them for me, but it also allows me to create "secure notes" that contain hints - useful only to me - about passwords for more sensitive sites (like banking).
7  News and Reviews / Mini-Reviews by Members / Re: AdGuard: the better Ad Muncher? on: June 10, 2015, 06:53:34 PM
For this method to work correctly, Adguard imports its own root certificate in certificate store that your browser uses. If https-connection filtering is enabled, Adguard automatically detects browsers installed on your computer and installs the root certificate in their stores.
However I installed Pale Moon for testing after Adguard was in place, and almost every site I go to triggers a warning. I have not yet seen a way to make it recheck for browsers to "fix"... there ought to be a button somewhere. Guess I will resort to looking it up. <grumble>  tongue
8  Main Area and Open Discussion / General Software Discussion / Re: Windows 10 Announced on: June 08, 2015, 05:44:37 PM
I've been trying to get my HP Stream7 to show me the option. I've left it plugged in and wifi'ed, installed updates... nothing yet.
9  Main Area and Open Discussion / General Software Discussion / Re: Scary Windows error: Failure to log in to profile, loading of temp profile on: June 07, 2015, 01:09:48 PM
How's the free space on the drive? I've seen that (on older boxes, anyway) when there's no space on C:. Of course that can be a temporary condition, but if you're on a comparatively small disk it's worth checking.
10  Main Area and Open Discussion / General Software Discussion / Re: Awesome software for kids on: June 04, 2015, 09:17:45 AM
It's not a game per se, but I have spent a fair amount of time with my boy running Stellarium. We'll go out and look at the sky and then come back in and figure out what we saw. For example, we figured out recently that we were seeing both Venus and Jupiter in the west in the evenings. And we always look for Cassiopeia. (Sam has always said W is his favorite letter!)
11  Main Area and Open Discussion / General Software Discussion / Re: Windows 10 Announced on: June 01, 2015, 08:09:02 PM
I have seen the offer on Windows 7 - but not on Windows 8.1, where I would actually consider updating...

Just popped up on my Win 8.1 box during the day. I went ahead and opted in, I have full image backups. :-)

Hm, may need them. The box popped back up and after digging in it says the AMD Radeon HD 7660D video is "not fully compatible - you'll experience problems with your display."

That is not good. That's the on-motherboard junk that is working well enough for my two monitor system, but I already tried to replace it with an add-in R7750 card and the box just squawked at me. I better look into this again...

12  Main Area and Open Discussion / Living Room / Re: Programming/Coder humor on: May 29, 2015, 08:00:12 PM
There are two sets of people in the world: one that can extrapolate from incomplete data,
13  Main Area and Open Discussion / General Software Discussion / Re: real time collaborative platform on: May 24, 2015, 01:45:13 PM
There are numerous videos online that might give you more info, such as this one or this one. Project Server runs inside Sharepoint, you create a new web app for it and you have Sharepoint facilities available. I'm not a Project or Project Server user so I can't comment on the comparative functionality, but I would hope that much of the work could be done in the Sharepoint interface.
14  Main Area and Open Discussion / General Software Discussion / Re: real time collaborative platform on: May 24, 2015, 08:15:02 AM
You know, of course, that MS Project Server has now been shoe-horned into is now an add-in to Sharepoint, right? Is that what you are using?
15  Main Area and Open Discussion / General Software Discussion / Re: how to delete this empty file? (problem solved) on: May 23, 2015, 05:05:27 PM
Good deal!! I like it when stuff works. :-)

I like the software as well and we bought a license. We have a customer with a live server whose permissions are... unusual... and we are using it to clean that up, plus the places where dfs copied the bad stuff to, and where robocopy copied the bad stiff to... very useful.
16  Main Area and Open Discussion / General Software Discussion / Re: how to delete this empty file? on: May 23, 2015, 09:01:42 AM
Maybe there is a permissions thing that is preventing you from seeing it? Try this - download SetACL Studio (which has a 30 day free trial) and navigate to the folder and see exactly what's there. This is useful software - it builds its display "from the dark side" tongue meaning that it doesn't ask for Windows's interpretation of what's on disk. You can see what is there even if you don't have rights to it. (The command line version is free and scriptable, but it's easier to use the GUI.)

Assuming something there is honked, change the owner and hit save, then change permissions and hit save, then see what you can do.

17  Main Area and Open Discussion / General Software Discussion / Re: how to delete this empty file? on: May 22, 2015, 07:10:55 PM
Did you try Move On Boot?
18  Main Area and Open Discussion / General Software Discussion / Re: Processes and/or folders to exclude from malware scanners for Exchange email on: May 22, 2015, 06:58:21 PM
Basically - what Stoic said, with caveats.

If you're going to run A/V on Exchange you should exclude the items I listed above so you don't honk your Exchange. The reason you might run it would be to stop some infected box from hitting some vector that your server's attack surface allows, or to satisfy some regulatory or company requirement checkbox. But A/V on the Exchange server isn't going to check inside the emails.

The Exchange server isn't going to open an infected email or follow a link anywhere. Users do that. Whatever you have on the users' boxes should handle that, or better, you should have a filter ahead of Exchange, like Stoic said, that WILL check the emails. Even something like GFI MailEssentials isn't that dear, especially when you think about how much your recent experience cost to recover from.
19  Main Area and Open Discussion / General Software Discussion / Re: Processes and/or folders to exclude from malware scanners for Exchange email on: May 21, 2015, 09:25:53 PM
Here are the relevant sections I set up for our Exchange environment. First section for file paths, next is extensions, then processes. Adjust as needed for your environment. Pardon the wrappings, this is for MS System Center Endpoint Protection. (Every bit as good as MSE, mmhm.)

Formatted for Text with the GeSHI Syntax Highlighter [copy or print]
  1.      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Paths" Disabled="false">
  2.        <AddValue Name="%windir%\SoftwareDistribution\Datastore\Datastore.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
  3.        <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs\Res*.log" Type="REG_DWORD" Disabled="false">0</AddValue>
  4.        <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs" Type="REG_DWORD" Disabled="false">0</AddValue>
  5.        <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk" Type="REG_DWORD" Disabled="false">0</AddValue>
  6.        <AddValue Name="%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
  7.        <AddValue Name="%windir%\Security\Database\*.edb" Type="REG_DWORD" Disabled="false">0</AddValue>
  8.        <AddValue Name="%windir%\Security\Database\*.sdb" Type="REG_DWORD" Disabled="false">0</AddValue>
  9.        <AddValue Name="%windir%\Security\Database\*.log" Type="REG_DWORD" Disabled="false">0</AddValue>
  10.        <AddValue Name="%windir%\Security\Database\*.chk" Type="REG_DWORD" Disabled="false">0</AddValue>
  11.        <AddValue Name="%windir%\Security\Database\*.jrs" Type="REG_DWORD" Disabled="false">0</AddValue>
  12.        <AddValue Name="%ALLUSERSPROFILE%\NTuser.pol" Type="REG_DWORD" Disabled="false">0</AddValue>
  13.        <AddValue Name="%SystemRoot%\System32\GroupPolicy\registry.pol" Type="REG_DWORD" Disabled="false">0</AddValue>
  14.        <AddValue Name="\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  15.        <AddValue Name="C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14" Type="REG_DWORD" Disabled="false">0</AddValue>
  16.        <AddValue Name="%ProgramData%\Microsoft\Search\Data\Applications\Windows" Type="REG_DWORD" Disabled="false">0</AddValue>
  17.        <AddValue Name="%systemdrive%\System Volume Information\DFSR" Type="REG_DWORD" Disabled="false">0</AddValue>
  18.        <AddValue Name="%systemroot%\System32\DHCP" Type="REG_DWORD" Disabled="false">0</AddValue>
  19.        <AddValue Name="%systemroot%\System32\dns" Type="REG_DWORD" Disabled="false">0</AddValue>
  20.        <AddValue Name="%systemroot%\System32\wins" Type="REG_DWORD" Disabled="false">0</AddValue>
  21.        <AddValue Name="%systemroot%\Sysvol\domain" Type="REG_DWORD" Disabled="false">0</AddValue>
  22.        <AddValue Name="%systemroot%\Sysvol\staging areas" Type="REG_DWORD" Disabled="false">0</AddValue>
  23.        <AddValue Name="%windir%\ntds" Type="REG_DWORD" Disabled="false">0</AddValue>
  24.        <AddValue Name="%windir%\ntfrs" Type="REG_DWORD" Disabled="false">0</AddValue>
  25.        <AddValue Name="%SystemDrive%\DAGFileShareWitnesses\*" Type="REG_DWORD" Disabled="false">0</AddValue>
  26.        <AddValue Name="%ExchangeInstallPath%\Mailbox" Type="REG_DWORD" Disabled="false">0</AddValue>
  27.        <AddValue Name="%ExchangeInstallPath%\GroupMetrics" Type="REG_DWORD" Disabled="false">0</AddValue>
  28.        <AddValue Name="%ExchangeInstallPath%\TransportRoles\Logs" Type="REG_DWORD" Disabled="false">0</AddValue>
  29.        <AddValue Name="%ExchangeInstallPath%\Logging" Type="REG_DWORD" Disabled="false">0</AddValue>
  30.        <AddValue Name="%ExchangeInstallPath%\ExchangeOAB" Type="REG_DWORD" Disabled="false">0</AddValue>
  31.        <AddValue Name="%ExchangeInstallPath%\Mailbox\MDBTEMP" Type="REG_DWORD" Disabled="false">0</AddValue>
  32.        <AddValue Name="%userprofile%\AppData\Local\Microsoft\Outlook" Type="REG_DWORD" Disabled="false">0</AddValue>
  33.        <AddValue Name="%userprofile%\Application Data\Microsoft\Outlook" Type="REG_DWORD" Disabled="false">0</AddValue>
  34.        <AddValue Name="D:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  35.        <AddValue Name="E:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  36.        <AddValue Name="F:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  37.        <AddValue Name="G:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  38.        <AddValue Name="H:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  39.        <AddValue Name="I:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  40.        <AddValue Name="J:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  41.        <AddValue Name="K:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  42.        <AddValue Name="L:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  43.        <AddValue Name="M:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  44.        <AddValue Name="N:\Program Files\Microsoft\Exchange Server" Type="REG_DWORD" Disabled="false">0</AddValue>
  45.        <AddValue Name="C:\Windows\Temp" Type="REG_DWORD" Disabled="false">0</AddValue>
  46.      </AddKey>
  47.      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Extensions" Disabled="false">
  48.        <AddValue Name=".db" Type="REG_DWORD" Disabled="false">0</AddValue>
  49.        <AddValue Name=".edb" Type="REG_DWORD" Disabled="false">0</AddValue>
  50.        <AddValue Name=".pst" Type="REG_DWORD" Disabled="false">0</AddValue>
  51.        <AddValue Name=".ost" Type="REG_DWORD" Disabled="false">0</AddValue>
  52.      </AddKey>
  53.      <AddKey Name="SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Processes" Disabled="false">
  54.        <AddValue Name="EdgeTransport.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  55.        <AddValue Name="Microsoft.Exchange.AddressBook.Service.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  56.        <AddValue Name="Microsoft.Exchange.Cluster.ReplayService.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  57.        <AddValue Name="Microsoft.Exchange.Monitoring.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  58.        <AddValue Name="Microsoft.Exchange.RpcClientAccess.Service.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  59.        <AddValue Name="Microsoft.Exchange.Search.ExSearch.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  60.        <AddValue Name="MSExchangeMailboxReplication.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  61.        <AddValue Name="MSExchangeMailSubmission.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  62.        <AddValue Name="MSExchangeRepl.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  63.        <AddValue Name="MSExchangeTransportLogSearch.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  64.        <AddValue Name="MSFTEFD.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  65.        <AddValue Name="msftesql.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  66.        <AddValue Name="Store.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  67.        <AddValue Name="MSExchangeFDS.exe" Type="REG_DWORD" Disabled="false">0</AddValue>
  68.      </AddKey>
20  Main Area and Open Discussion / General Software Discussion / Re: Dumb question but maybe somebody knows how. Probably a form of Sync. on: May 20, 2015, 09:25:20 PM
I think most of the copy/sync utilities I have seen need one consistent criterion for filtering selections. That said, it would be fairly straightforward to write in a scripting language [fill in your favorite here, my choice would be Rexx]. If I can scare up some time over the next week or two I'll have a go at it (although someone may beat me to it).
21  Main Area and Open Discussion / Living Room / Re: Http vs Https Universally on: May 16, 2015, 08:45:49 AM
If it were free... then that would be a different story.

$419 seems excessive when a RapidSSL cert through Servertastic is $15.95. (And I am sure there are less expensive alternatives, but we have used these for years. Actually we buy a block at a time as a "reseller" and that drops the price down to about $10/year.)
22  Main Area and Open Discussion / General Software Discussion / Re: Visualize pseudo code via flowcharts? on: May 14, 2015, 08:23:30 PM
That link looks like the Pencil I recall as well.
23  Main Area and Open Discussion / Living Room / Re: Programming/Coder humor on: May 14, 2015, 08:12:15 PM
2. Ads "related" to something describe what you are. If you code, then you are a car. Proof:
Yes, but where do fractions and Elvis impersonators fit in??
24  Main Area and Open Discussion / General Software Discussion / Re: Visualize pseudo code via flowcharts? on: May 14, 2015, 05:53:08 AM
Pencil and Dia come to mind as Visio alternatives. I played a little with both, they seemed reasonable; some types of operations seemed to be easier in one, some in the other. Links should be easy to find. There was another alternative mentioned in a thread here a year or two ago, don't recall it offhand.
25  Other Software / Found Deals and Discounts / Re: Judy's TenKey (10Key) award-winning calculator on: May 11, 2015, 09:23:13 PM
Actually I was using SpeQ for awhile on an old machine. It does all the normal stuff, calculations, plotting, etc but you type in the functions instead of clicking buttons. You can change a number up in the tape (or "sheet") and hit Enter to recalculate just that answer, or hit F5 to recalculate the whole sheet. Portable, or you can install it if you want a program item.
Pages: [1] 2 3 4 5 6 ... 23 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.056s | Server load: 0.13 ]


Share on Facebook
submit to reddit