Thursday, September 1, 2016
PowerShell script to test hardware for Device and Credential Guard readiness
A PowerShell script is available at the link below to check a Windows 10 or Server 2016-based computer for readiness for Device and Credential Guard. The script has the following options:
- Check if the device can run Device Guard or Credential Guard
- Check if the device is compatible with the Hardware Lab Kit tests that are ran by partners
- Enable and disable Device Guard or Credential Guard
- Check the status of Device Guard or Credential Guard on the device
- Integrate with System Center Configuration Manager or any other deployment mechanism to configure registry settings that reflect the device capabilities
- Use an embedded ConfigCI policy in audit mode that can be used by default to enable Device Guard when a custom policy is not provided
https://www.microsoft.com/en-us/download/details.aspx?id=53337
DriverBackup!
DriverBackup! is a free utility for Windows for drivers' backup, restoration and removal with command line options, and automatic restoration from CD\DVD.
Using Process Hacker to view non-signed processes
Process Hacker is an open-source process utility for Windows that is similar to the Sysinternals application Process Explorer. The utility can be found at:
http://processhacker.sourceforge.net/
To view the services “behind” a svchost.exe entry, hover the cursor over the entry and a small dialog box should appear.
The majority of the time, malware is not digitally signed. To view non-signed processes, first add the two columns by right-clicking on an existing column under the Processes tab and selecting the “Choose columns” option.
Select “Verification status” and “Verified signer”, and add both to the active columns list.
To view only non-signed processes, use the menu option View –> Hide signed processes.
An error dialog box may appear:
Under Options –> Advanced, enable the selection for “Check images for digital signatures and packing”. A restart of the application will probably be required.
A process entry can be submitted to VirusTotal by using the right-click –> Send to –> virustotal.com option.
Reclaim Disk Space After the Windows 10 Anniversary Update
To reclaim some disk space after the Windows 10 Anniversary update, access Settings, System, Storage and then This PC (C:). Scroll down to Temporary files and click on it.
Check the Previous version of Windows option and then click Remove Files.
How to reset network settings within Windows 10 Anniversary edition
Within the Windows 10 Anniversary edition, an option is available to reset all network settings. Windows will forget your Ethernet network including all Wi-Fi networks and passwords. Resetting will disable and then reinstall all network adapters and set other networking components back to their original settings.
To access this feature, access Settings and then Network and Internet.Click on the Status link in the left column and then on the Network reset link.
Another dialog box will appear confirming the action; use the Reset now button.
Limited Periodic Scanning in the Windows 10 Anniversary Edition
When a third party anti-virus/malware solution is installed with Windows 10, Windows Defender normally is disabled to avoid any conflicts. With the Anniversary Edition of Windows 10, a new option is available to allow Defender to perform a background scan.
To enable Limited Periodic Scanning, open Windows Settings and Update & Security. Access the Windows Defender section. If Windows Defender is currently the default security client, the following menu option will not be present.
A system tray notification will appear if the feature is enabled.
Additional details on this feature can be found at https://blogs.technet.microsoft.com/mmpc/2016/05/26/limited-periodic-scanning-in-windows-10-to-provide-additional-malware-protection/
How to enable the Dark App Mode with Windows 10
Within Windows 10 Anniversary edition, a dark app mode is available. To enable it, open Windows Settings and then select Personalization. Click on the Colors option within the left column and then change the app mode on the right to dark.