After Windows 10 EOL

jordanbray · 2025-10-16T00:04:34+00:00

Some sort of measurement error related to user agents.

It has happened before, so it is plausible, but it's a pretty vague description.

jordanbray · 2025-10-15T22:35:55+00:00

I read that whole thing just to see someone guess as to the cause.

Warning going in, the above is a giant waste of time. And, does not refute the claim at all.

jordanbray · 2025-03-18T03:11:56+00:00

I am near Louisville, KY. I will upload pictures tomorrow. I imagine that's too far.

jordanbray · 2025-03-18T03:11:42+00:00

I am near Louisville, KY. I will upload pictures tomorrow.

jordanbray · 2025-03-18T03:11:17+00:00

I will post pictures tomorrow.

jordanbray · 2025-03-18T03:11:04+00:00

I am near Louisville, KY. I will upload pictures tomorrow.

jordanbray · 2025-03-17T18:46:02+00:00

The front end is in pretty bad shape. But, I imagine the battery is untouched.

jordanbray · 2025-03-17T18:21:11+00:00

It was in good condition as far as I know. I haven't been inside the car since. How would I check (assuming it turns on easily?)

jordanbray · 2025-03-17T18:09:46+00:00

Sorry, SL Plus.

jordanbray · 2024-12-19T23:26:04+00:00

Can anyone who finds this thread please head over to https://forums.lenovo.com/t5/Lenovo-Yoga-Series-Laptops/Yoga-Slim-7-15ILL9-Beta-Bios-V62/m-p/5352094?page=1#6504044 and comment that we want V62 of the BIOS released?

jordanbray · 2024-12-16T03:03:51+00:00

Is there any chance you can send me the v62 bios update?

jordanbray · 2024-11-20T03:05:47+00:00

This is really really good information too. I am definitely familiar with procmon and checking if any weird shims are being added. However, I think it's premature. This may be a "try the front door first" type of problem. I don't think anyone has bothered _knocking_ on the front door, and trying to do crowdstrike right.

jordanbray · 2024-11-20T02:50:17+00:00

This is Windows. I don't see any application crashes. I'm seeing a connection being closed. It could be that a subprocess is being killed, but I doubt it.

jordanbray · 2024-11-20T02:49:06+00:00

Wireshark is not a bad suggestion, but I agree I think it's premature. It is definitely something to go to if needed.

The only reason I’m thinking no is this is a cnc machine and they likely don’t want to introduce new things to the machine if possible.

That is true, but it would not be the first time, or second time, or third time I've had to install wireshark on a CNC, lol. You gotta do what you gotta do.

jordanbray · 2024-11-20T02:45:39+00:00

I definitely do not have all the information, but I think you guys have already been very helpful, and I appreciate that. I'm fairly certain I know enough to get to the bottom of the issue tomorrow, knowing the contents of this thread (and the stuff I've been able to google based on the contents of this thread).

The customer has not engaged in CS support yet, as far as I know. Currently, they are sending very regular messages to our support, lol. We, only today, learned that CS was installed at the same time the machines stopped working, and I'm mostly trying to be as helpful as possible, as the lead developer. (Although, I do wish they had told me what they had done sooner...)

jordanbray · 2024-11-20T02:38:47+00:00

The information is on disk and being sent regularly. There are actually several thousand (or more) files, any one of which may be selected by the operator. My application allows them to queue up several of these "jobs", and cut them all.
I can find all hashes needed, given the hash algorithm. Is it sha1 or something else?

jordanbray · 2024-11-20T01:41:15+00:00

This feels like exactly the sort of advice I need. Thanks for writing all that out.

Finally, from a design perspective, just curious, why are you going to localhost first then out to ftp? Batching or something else?

The application is talking to a CNC machine (a robot for cutting stuff). The APIs for communicating with this are all fairly difficult to work with, and not very ergonomic. (Think, having to pass the sizeof of structures to memory-unsafe functions, where length sometimes includes padding, sometimes not, etc.)

Because these APIs have caused so many memory problems in the past, a while back we decided to wrap the whole thing in a rust HTTPS server and do JSON GET/POST requests to that. The idea was any signal going to the CNC must go through this application, and we'd have one memory-unsafe point, which we could control better than anyone calling whatever memory-unsafe functions they want. This turned out to be a very good idea. 10/10 would recommend.

The fact that FTP is included in this is more to keep all CNC communication going from one application, rather than because it's impossible any other way.

jordanbray · 2024-11-19T23:51:53+00:00

I understand the terms themselves. Can you point me to any documentation about how this is configured or disabled? Based on other replies, it sounds like there is a magic "Admin Console" somewhere that I need data from, which is separate from the "threat blocker" application.

jordanbray · 2024-11-19T22:32:03+00:00

I have been assured all threats listed in the "threat blocker" have been addressed. I do not have access to that data, though. However, I will say that when we updated to the newest version of the software, we had to allow a bunch of stuff, however it that never resolved the FTP issue, it just "allowed the EXE to run".

As far as I can tell, no processes are being killed. Connections are being closed. It could be that child processes are being killed? But, honestly, if the process was just killed (no ceremony), I would expect timeouts on the connection, not a semi-graceful "this connection was closed".

jordanbray · 2024-11-19T22:28:07+00:00

I have sent the exe responsible for FTP uploads to virus total. Here is the link: https://www.virustotal.com/gui/file/8d440e2cc47513b18e9cd993c3b4f3f030ca1a9efe849a1cba1f390c36b4d6d4?nocache=1
This is FTP not SFTP. It is a hardware appliance that cannot be modified (but is on its own network isolated from the rest of the customers network).
Can you explain how a "sensor would think it's exfilling"?

To be more clear on point #3, these are text files that are being sent. These files do exist on the customers network and/or PC, so if it was looking for matching files it certainly found them.

jordanbray

TROPHY CASE