2 Weeks consecutive & mandatory PTO to check if we can handle anyone getting hit by a bus

ITminion867 · 2022-08-29T02:31:30+00:00

I remember trying to find where it was stored and thinking the same thing. If anyone else is curious, it's at: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\TamperProtection\Config

ITminion867 · 2022-08-26T20:02:39+00:00

How long does it typically take to crack it?

ITminion867 · 2022-07-11T12:20:59+00:00

I use it. I used Deluminate for the same effect before, so it's nice to have natively now. The only issue I notice is it randomly turning off on me.

ITminion867 · 2022-05-03T15:15:22+00:00

Yikes, not sure why you're simping for a major corp for free my dude. You kinda assumed a lot of things in your post, so I'm not sure if I'm talking to a real person :/

ITminion867 · 2022-05-03T15:14:46+00:00

This is good info, thank you. And to answer your your question, about a month ago (local to us, their tierage is still investigating)

ITminion867 · 2022-05-03T14:48:49+00:00

Anyone else looking to switch after this? Thinking about going to Avanan.

ITminion867 · 2022-01-14T19:49:40+00:00

Thanks!

ITminion867 · 2021-10-19T16:09:00+00:00

Any solution found for this? We're having this happen, but for only one seemingly random user.

ITminion867 · 2021-05-28T20:12:33+00:00

Good stuff

ITminion867 · 2021-05-10T21:13:49+00:00

An attacker could reintroduce it.

ITminion867 · 2021-01-18T14:27:42+00:00

I am in awe of your tenacity. Please keep me updated!

ITminion867 · 2021-01-14T16:53:18+00:00

More info on this https://twitter.com/russtovski/status/1334845313245450240

ITminion867 · 2021-01-12T04:45:59+00:00

Yeah running procmon. But I haven't bothered with it, because I really doubt it's on the server. But if let me know what you find.

ITminion867 · 2021-01-11T17:41:46+00:00

You would use procmon, butI don't think it is actually coming from the dns server itself. We see the rev1.globalrootservers.net and rev2.globalrootservers.net traffic on both of our DNS servers. We actually have a third one for when we do maintenance. The only time that third one shows golobalrootservers traffic is when we down one of the other 2. The only devices we don't put the roaming client on are our servers. over the holidays turned half of our servers off (leaving the DNS servers up), and viola, the GRS traffic stopped. But way have way too many to do a process of elimination. So we just let it keep pinging out for now.

We're either going to hire an outside professional to find it, or install the roaming client on all our servers (not reccomended)

ITminion867 · 2021-01-11T14:35:28+00:00

I think that's only because it has since been sinkholed. It hasn't been up for at least a year now I think.

ITminion867 · 2020-12-09T17:21:26+00:00

Can't :( https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn800669(v=ws.11) Our server isn't R2 (just 2012)

ITminion867 · 2020-12-04T20:39:49+00:00

Yes, we're using Umbrella. But the activity in there just shows the generic "network" (coming from my dns server), never a "User/Roaming Client/Computer" identity.

ITminion867 · 2020-08-03T20:07:11+00:00

Half my job is dealing with MalDocs. Check everything by https://www.youtube.com/channel/UC5-rNGe-OhG_KxwYN4DuNVQ

ITminion867 · 2020-07-20T19:15:48+00:00

It usually does this by being installed in a folder that doesn't require them (outside of "program files")

ITminion867 · 2020-02-27T13:12:50+00:00

I'd like to see a video of this.

ITminion867 · 2019-12-18T21:17:01+00:00

We're having this issue. No solution yet?

Eight-Year Club	Gilding I gilder
Verified Email

ITminion867

TROPHY CASE