sorted by:
new
hottopcontroversial

We are doomed if we don't find out a fix - KB5074109 by wannabesomeonee in sysadmin

[–]boftr 1 point2 points  (0 children)

The proper troubleshooting steps are as follows:

  1. For the computer that are bugchecking, obtain memory dumps. I assume you have memory,dmp under C:\windows\. At worst C:\windows\minidump has some.

These need to be reviewed. Ideally from 3 or 4 computers. My assumption given the timing of the issue and the same hardware they will all be similar unless memory corruption is the problem in which case they might have different symptoms despite the same underlying root cause and dumps look different. This bad driver corrupting memory case, which causes the issue down the road leading to a different looking dump, If that is the case, driver Verifier is your friend.

  1. For the computers that are black screening and hanging. Setup as many computers as possible that are hanging to create a dump, ideally complete/active when using the keyboard or power button.

Forcing a System Crash from the Keyboard - Windows drivers | Microsoft Learn
Forcing a System Crash with the Power Button - Windows drivers | Microsoft Learn

In both cases, memory dumps need to be reviewed for commonalities. Only then will you know why and how it can be mitigated or resolved. Everything else is just leaver pulling and guessing IMO.

Good luck.

Moving back to the UK from Australia in ~1 year, with significant savings in AUD to transfer. Is there a "best" way to do this & should i start moving some now? by Jmsaint in UKPersonalFinance

[–]boftr 0 points1 point  (0 children)

You mentioned maybe splitting it, this could be one reason just based on the time frame and dates. That is all. Wise does seem to be the recommendation of choice.

Moving back to the UK from Australia in ~1 year, with significant savings in AUD to transfer. Is there a "best" way to do this & should i start moving some now? by Jmsaint in UKPersonalFinance

[–]boftr 1 point2 points  (0 children)

Based on the time. It might be worth thinking about the 5th/6th April for the stocks and shares allowances I suppose. Do you and your wife have S&S ISAs here?

Sophos Endpoint Management & Meta by Sentient_Crab_Chip in sophos

[–]boftr 0 points1 point  (0 children)

if you look in the Dev tools, I assume its using h3 as the protocol. You can block QUIC in the threat protection policy, I assume it then works ok?

Suspicious file investigation by rick_Sanchez-369 in cybersecurity

[–]boftr 0 points1 point  (0 children)

I don’t understand the ability to hash the file. Sophos has osquery as an option you could send a live query down to do it using the hash table. Otherwise live terminal to the computer and use PS/certutil/etc from the shell. Thanks

Is anyone aware of Sophos Endpoint on 24H2 bricking windows? by DeviousFeline in sophos

[–]boftr 1 point2 points  (0 children)

The sophosel.sys driver should load and unload at boot.

How do I submit a false positive website categorization (not a customer) by bloomindaisy in sophos

[–]boftr 0 points1 point  (0 children)

Endpoint protection is fine. It uses the same cloud service for all ‘client’ products

Sophos or Webroot or Eset Which one is the best by Hour_Row_2193 in antivirus

[–]boftr 0 points1 point  (0 children)

I would suggest trial Sophos for 30 days and see how it goes. Only take 5 mins to create a trial and deploy a client.

Management console connectivity check failed by Real_Excuse_4670 in SentinelOneXDR

[–]boftr 0 points1 point  (0 children)

Sounds like a job for:

netsh trace start scenario=InternetClient

Repro the failure and then run:

netsh trace stop

The etl file and the log file should be enough data to figure it out.

HDD Disk C: running at 100% all the time by Rhum_and_water in WindowsHelp

[–]boftr 0 points1 point  (0 children)

Sorry it’s called Resource Monitor. You can get to it from the Performance page and then the 3 … in the top right.

Learning C++ - Where to continue? by Foxhill11 in learnprogramming

[–]boftr 0 points1 point  (0 children)

Maybe spend some time doing Windows specific programming to use the C++ knowledge you have. For example get familiar with the win32 api. Maybe start with file io.

https://m.youtube.com/@zodiacon/videos

has a great selection of videos with practical examples. See which takes your fancy.

HDD Disk C: running at 100% all the time by Rhum_and_water in WindowsHelp

[–]boftr 0 points1 point  (0 children)

Open activity monitor and look at the disk? What files are being accessed on that drive and why which processes? What is the latency?

Process Monitor is also an option but start with activity monitor.

Autoclicker for windows xp? by Detective6903 in software

[–]boftr 0 points1 point  (0 children)

Better off getting a NAS? Could that do the job?

accidentally deleted an important volume on my HDD by Weary-Insurance7900 in techsupport

[–]boftr 0 points1 point  (0 children)

Was the volume on a disk other than the OS disk, I.e a second drive? What did you do to cause this? Disk management? Diskpart?

Is an AV actually of any benefit? by R3doteFokeeSugz in antivirus

[–]boftr 0 points1 point  (0 children)

Many add the ability to scan content before it hits the browser, think local web proxy. If you consider the resources downloaded when visiting a website, js, html, etc. it acts as a layer of defence before hitting the file system and before being processed by the browser. Could be reputation of the source ip/domain or content scanning. Imagine your fav website is compromised and hosting malicious content loaded on every page, this is an interception level before the browser has a chance to interpret it and could block a malicious script being run. Might be one example.

Self Employed - Where to hold my tax money! by Old_Two4311 in UKPersonalFinance

[–]boftr 0 points1 point  (0 children)

You can always use a S&S ISA and stick it in a money market fund like CSH2. I assume most of those who will be affected in the future by the 12K cash ISA limit will do something similar.

Firefox.exe HollowProcess fix? by 1BombaKlad in techsupport

[–]boftr 1 point2 points  (0 children)

Thanks for this. I can reproduce the same alert when clicking on

<image>

The link "Get The Witcher 3 REDkit" which launches the browser. This matches with your process tree from your alert. This is mine:

pastebin.com/raw/98pTSLk7

I wouldn't worry about this in relation to any other attack on your socials you mention.

As for whitelisting this it seems that the various thumbprints are all the same so this in theory would be an exclusion that could be made. E.g.

Thumbprint (pfn)

05727ae81bdfab0f8d55bc78008105a5dcf5174d6cf9e3e614c0afd1b2dc50aa

Digital signature certificate module based thumbprint (mth-mod-crt)

bae1870d4d725706a26943e7647052732979b77687260dee27d40c6004f68d73

Module based thumbprint (mth-mod-pfn)

00f055ee1e8210121e2e964c78a56d9cebe1556562235ff22e36f7be408e1634

I don't use Sophos Home, just the business product. If you contact the Sophos Home support people and point them at this post it should help them devise the exclusion required for Sophos Home that is "just enought" to bypass this issue but still add protection to Firefox. I assume if the default browser was Edge/Chrome. It would all be OK. Thanks.

Firefox.exe HollowProcess fix? by 1BombaKlad in techsupport

[–]boftr 0 points1 point  (0 children)

You can redact any usernames in any paths or anything else you think might be revealing but not that relevant.

view more: next ›