Search the Community
Showing results for tags 'disable'.
Found 4 results
UpGrade posted a topic in Guides & TutorialsI IN NO WAY TAKE ANY CREDIT FOR THIS IT WAS TAKEN FROM MDL FORUM AND SOME POSTS BY MEMBERS ON THIS FORUM! Manual: Tools: Microsoft Telemetry Tools Bundle v1.77 Windows 10 Lite v9 Private WinTen v0.75b Blackbird v6 v18.104.22.168 [Works with Win 7/8/8/1/10] O&O ShutUp10 v1.8.1410 WPD - Windows Privacy Dashboard v1.3.1532 WindowsSpyBlocker v4.29.0 Spybot Anti-Beacon v3.5 [Works with Win 7/8/8/1/10] W10Privacy v22.214.171.124 SharpApp v0.44.20 Debotnet v0.7.8 Disable Windows 10 Tracking v3.2.3 Destroy Windows Spying v126.96.36.199 [Works with Win 7/8/8/1/10] [NOT RECOMMENDED AS NOT UPDATED ANYMORE]
duddy posted a topic in Security & Privacy NewsRansomware Uses Vulnerable, Signed Driver To Disable Endpoint Security Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed driver to deliver a malicious, unsigned one that allows them to kill processes and files belonging to Windows endpoint security products. Disabling security solutions The tactic, as described by Sophos researchers, is used by attackers to deliver the RobbinHood ransomware – infamous for hitting the City of Baltimore and many other local government and municipal targets. The vulnerable driver they are misusing was created by Taiwan-based motherboard manufacturer Gigabyte, found to be vulnerable in 2018 and later deprecated, but the signing certificate was never revoked (as other software was signed with it). Sophos does not say how the attackers gained access to the targeted Windows machines, but once on it, they dropped an executable (STEEL.EXE) that consists of several additional files, which are extracted into Windows’s TEMP folder. The STEEL.EXE application first deploys a driver installer (ROBNR.EXE), which deploys the benign, signed third-party driver (GDRV.SYS) and the criminals’ unsigned kernel driver (RBNL.SYS). “The properly signed third party GDRV.SYS driver contains a privilege escalation vulnerability as it allows reading and writing of arbitrary memory. The malware authors abuse this vulnerability in order to (temporarily) disable driver signature enforcement in Windows – on-the-fly, in kernel memory. Once driver signature enforcement is disabled, the attackers are able to load their unsigned malicious driver,” the researchers explained. “Once this driver is installed, STEEL.EXE reads the PLIST.TXT file and instructs the driver to delete any application listed in PLIST.TXT, then killing their associated processes. If the process was running as a service, the service can no longer automatically restart as the associated file has been deleted. Once the STEEL.EXE process exits, the ransomware program can perform its encryption attack without being hindered by the security applications that have been taken out decisively.” Attack prevention advice The benign but vulnerable Gigabyte driver was obviously not blacklisted by Microsoft when it was deprecated and the attackers decided to take advantage of this decision. “There are many other vulnerable drivers (with a similar vulnerability) in addition to the Gigabyte driver that these or other attackers may choose to abuse later, such as ones from VirtualBox (CVE-2008-3431), Novell (CVE-2013-3956), CPU-Z (CVE-2017-15302), or ASUS (CVE-2018-18537),” the researchers worry. Hopefully, Microsoft will re-consider its current policy for revoking its trust in software that has been deprecated because of security vulnerabilities. In the meantime, users/organizations should focus on disrupting as many stages in any ransomware attack as possible by deploying a range of technologies, the researchers advised. Use MFA, complex passwords, limit access rights, make regular backups (and keep them offline), lock down your RDP if you don’t need it, and ensure tamper protection for endpoint protection is enabled. Source
Reefa posted a topic in Guides & TutorialsYou hate it as much as I do: that little box that appears whenever you visit a news site or blog, asking for permission to bug you with notification boxes for stuff you don’t care about. Instead of throwing up your hands in defeat and learning to live with the annoyance, you can stop sites from bothering you altogether. Here’s how. Chrome Hit the Menu icon in Chrome (the three vertical dots) and select Settings. Scroll down to the bottom of your Settings page and open the Advanced section, where you can further modify how Chrome behaves. Scroll down and select the Content Settings tab in the Privacy and Security section. Select Notifications to see which sites are allowed or barred from intruding into your life. Disabling the feature altogether will stop sites from poking their nose into your browser, asking to show you notifications about whatever it is they want. Unfortunately, that means notifications you do want will be a no-show unless you decide to individually toggle the notification settings for each site you find yourself visiting. To turn the feature off entirely, toggle the “Ask before sending” setting to “off,” and rejoice. Firefox If you’ve already given sites permission to send you notifications, you can revoke that permission in your security settings. Hit the menu icon and select Options, then select Privacy & Security. Scroll down to the Permissions section and select Notifications Settings icon. There you can revoke notification permissions from sites either individually or all at once. Disabling notifications entirely requires a small modification to Firefox’s configuration page. In your address bar, enter “about:config” and search for “dom.webnotifications.enabled”. Right-click the entry and select Toggle to set its value to “false” and prevent notifications from showing up ever again. Safari Disabling notifications in Safari is pretty easy. Select Safari in your Mac’s menu bar, then select Preferences. Hit the Notifications tab and deselect the “Allow websites to ask for permission to send push notifications” box. Microsoft Edge You can’t disable notifications from the browser itself, but you can remove sites that already have access to your notification service in Microsoft Edge. Hit the menu icon in the top right and select Settings. Scroll down to Advanced Settings, then select Website permissions. There you can toggle on or off permissions for sites, including notifications. Disabling notifications entirely in Microsoft Edge means you’ll need to edit your system settings, specifically what permissions Microsoft Edge has in terms of popping up unannounced. Hit the Start menu and select the Settings icon. Select System, then “Notifications & actions” where you can edit which apps will show up in your action center. Just scroll down to Microsoft Edge and toggle it off. source
hey.. there's been a huge stink over the App Store leaking sensitive data even if you have it disabled.. so i have been snooping around trying to figure out how to completely disable it.. First.. you have to familiarize yourself w/taking ownership of files: Right click > "Properties"click "Advanced"click "Change" (Owner)click "Advanced"click "Find Now"highlight "Administrators" without black ? down arrow ?click "OK"click "OK" againclick "OK" againyou should be back at the "Security" tabhighlight Administrators > click "Edit"highlight Administrators > check all boxes under "Allow"press "OK"an alert will appear > click "Yes"click "OK" to closenow you can delete or rename ...Second.. you have to either rename following files w/.bak suffix or completely delete. System32: AppxAllUserStore.dllAppxApplicabilityEngine.dllAppXDeploymentClient.dllAppXDeploymentExtensions.dllAppXDeploymentServer.dllAppxPackaging.dllAppxSip.dllAppxStreamingDataSourcePS.dllAppxSysprep.dllWSReset.exeWSService.dllWSShared.dllWSSync.dllWSTPagerSysWOW64: AppxAllUserStore.dllAppxApplicabilityEngine.dllAppXDeploymentClient.dllAppxPackaging.dllAppxSip.dllWSShared.dllWSSync.dllLastly.. launch Autoruns and you'll notice services, task schedules, and startup entries relating to the App Store are now missing. Go ahead and disable in Autoruns. Obviously.. only proceed if you don't use the App Store. I've had this applied since last week.. i have yet to encounter any issues.. if any issues are experienced.. let me know.. im also curious ... FYI: this can also be applied to other services that Windows 8 forbid disabling.. simply take ownership.. and delete/rename the associated DLL or EXE. Update: January 5, 2014 - Found a way to disable TimeBroker service, a known memory hog, and only needed for Metro apps. - Take ownership and either rename by adding .bak suffix or completely delete following files. System32: TimeBrokerClient.dllTimeBrokerServer.dllSysWOW64: TimeBrokerClient.dllThen launch Autoruns and you'll notice TimeBroker service can be disabled.