Microsoft

How to submit malware / virus to antivirus and malware companies

So you got yourself infected with a virus and hopefully you got rid of it before it did any serious damage.  If it had you may wish you had something like “CrashPlan” to get your files back.

And while a backup solution is always the best tool to recovery today we are going to talk about what to do once you have identified a suspected virus  or malware component that you want to share so others are free from such an issue.

This fight isn’t just on you, there is a large community made up of experts and everyday people who wan’t to help one another get rid of malware and computer viruses.

Here are a few sites I often submit the little bugs to for review:

For additional tools in scanning and verifying an infected file I often use VirSCAN.org

VirSCAN.org is a FREE on-line scan service, which checks uploaded files for malware, using antivirus engines, indicated in the VirSCAN list. On uploading files you want to be checked, you can see the result of scanning and how dangerous and harmful/harmless for your computer those files are.

Another Online Scan Tool: https://www.virustotal.com/
By the way VirusTotal is owned by Google

Best of luck to you all, and stay safe

 

Set SharePoint Content Database in Read-Only Mode

This weekend I am working on a SharePoint 2010 to 2013 upgrade.

One of the steps; the beginning steps I will do is set the databases I am upgrading into read only mode to prevent users or automated process from upgrading the database during the upgrade window.

Now I could have taken the system offline for this; but that would be simple and inconvenient for anyone looking for information.  And in IT its all about the Information now isn’t it. You can find my steps below.

SharePoint Application Server

  • I first logged into my central administration of my SharePoint Server (SharePoint 2010).
  • Under Application Management, Select Manage content databases
  • Chose your web application  and select the database
  • You will notice that there isn’t a location to set this database into read only mode; however you do see that its status indicates its not in read only mode.
  • Keep this page open, as we will reload it later.

SharePoing SQL Database Server

  • Log into your Microsoft SQL Database Server (Or use SSMS).
  • Launch SQL Server Management Studio (SSMS)
  • Connect to the SQL Database Server instance
  • Select the database in question
  • Right click and select Properties
  • Under properties select Options
  • Scroll down to the area that reads “State”
  • You will see Database Read-Only
  • Change the value from False to True, then click OK
  • You will see a notification that it will momentary kick active users.
  • Click OK to continue.

Now you can revisit the SharePoint Application Server and reload the page and you will now notice that the status has changed and is in read only mode.

Congrats, if you followed these steps you did it right.

Possible solution to the lsass Issue – event 1000 application error

Back in July of 2013 I faced an issue with my Exchange 2013 Server running on Microsoft Server 2012.

Our server would unexpectedly reboot ( — chuckles  — aren’t all reboots without notice unexpected).

The message I kept running into was regarding a faulting application which caused the reboot was the local security authority subsystem service (LSASS).

What’s known about the lsass.exe is that if it is stopped it will result in causing your system to reboot. LSASS also handles the validation of user logins on a Windows Computer / Server.

As I mentioned in my previous blog post:

There was an event message in the system event log of: 

The process wininit.exe has initiated the restart of computer EXSERVER on behalf of user for the following reason: No title for this reason could be found

Reason Code: 0×50006
Shutdown Type: restart

Comment: The system process ‘C:Windows\system32\lsass.exe‘ terminated unexpectedly with status code 255. The system will now shut down and restart.

 Later I found in the application log event 1000 application error:

Faulting application name: lsass.exe, version: 6.2.9200.16384, time stamp: 0x50108ab2
Faulting module name: schannel.DLL, version: 6.2.9200.16384, time stamp: 0x5010892c
Exception code: 0xc0000409
Fault offset: 0x000000000001a73a
Faulting process id: 0×224
Faulting application start time: 0x01ce7f8a27d7e7ff
Faulting application path: C:Windowssystem32lsass.exe
Faulting module path: C:Windowssystem32schannel.DLL
Report Id: c2142447-f4f2-11e2-9404-000c299625b9
Faulting package full name:
Faulting package-relative application ID:

The Exception code: 0xc0000409 only tells me that the application experienced an event it could not handle and crashed causing windows to reboot.

Months of searching forums and discussing this with systems administrators from all over the word we all determined that there was no clear regarding how to handle this issue.

Today I got an email regarding a solution for this problem:

There seems to be a solution in the form of roll-up update from Microsoft to address this along with other issues which are also listed in the following KB articles:

2732840 Tasklist.exe tool displays no process information on a computer that is running Windows
2785146 Data is corrupted when there is insufficient memory on a Windows-based computer

2789397 Data corruption and network issues when you run a WFP-based application on a computer that is running Windows

2792867 Virtual switch extension cannot send packets over different network adapters in Windows Server 2012

2793908 Memory leak occurs in the Wmimgmt.exe process on a computer that is running Windows Server 2012

2796620 Application that uses the DirectComposition API does not work correctly in Windows RT, Windows 8, or Windows Server 2012

2798040 You cannot stop a process by using the Taskkill.exe utility in Windows

2800086 Windows Store apps can’t connect to the Internet over PPPoE in Windows 8

2800185 Windows Error Reporting reports a crash when you shut down a computer that is running Windows RT, Windows 8, or Windows Server 2012

2809153 Sound is not playing from the paired Bluetooth audio device after you reconnect the device to a Windows 8-based or Windows RT-based computer

This update roll-up also includes the following performance and reliability improvements:

  • Increased power efficiency to extend battery life
  • Performance improvements in Win 8 applications and Start screen
  • Improved audio and video playback in many scenarios
  • Improved application and driver compatibility with Windows 8

Here are two links to articles to  send you on your way.  I will follow up soon on my findings after this has been applied.

http://support.microsoft.com/kb/2756872
http://support.microsoft.com/kb/2811660

I would like to thank all of you who have commented about this issue via Email, Twitter, Google+ and Facebook

 

 

 

Installing Cumulative Updates for Exchange Server 2013

Tonight’s “home work” Assignment:
Update  Companies Exchange 2013 to Cumulative Update 3

Purpose

  • Address many of the issues that existed in Cumulative Update 2.
  • Bring additional value to the company

Oh and some of the newly introduced features / enhancements should help also:

  • Usability improvements when adding members to distribution groups in the Exchange Administration Console (EAC)
  • Windows Azure AD Rights Management available for use for IRM protection in on-premises Exchange deployments
  • Improved administrator audit logging experience
  • Windows 8.1/IE 11 no longer require the use of OWA Light

To get the Exchange 2013 Cumulative Update 3 just click here

Here are some steps to keep in mind when / if you are preforming this update yourself.

Preparation Tasks

Like that of installing any updates get ready. Read about what your installing and know why you are installing it.

  • Download the Cumulative Update 3 Install – here is a link hope it still works, if not just go to the download center and download it to each exchange server.
  • Backup Active Directory – Exchange CU3  will modify your schema
  • Backup you existing Exchange  2013 server(s)
  • Backup your existing Exchange databases (data/log volumes)
  • Have documented info on anything that you may have customized; such as configurations.
  • If you use 3rd party add-on to exchange (GOD HELP YOU)
  • And if you have no idea of what your doing and not 100% confident then you should not proceed further – my advice

Preforming the update

Locate your downloaded package containing the Cumulative Update 3 and extract it.  Once completed run the Setup.exe

If your server is connected to the internet you will be asked if you can check for updates. It’s a good idea to do this.

 

When the update had completed its check click Next to continue. The setup will being to cop files. This will take some time. Once completed the setup will detect that you are installing an update to Exchange 2013

You will presented with the normal license agreement, and as always you will accept them so you can proceed with the install. Once you have done so the installer will check for existing and new prerequisites it needs to continue the installation

After the readiness checks have completed the setup process continues and this my friend will take a very long time. In my case it was about 1 hour and 30 minutes to complete.

 

The setup process saves the exchange configuration and removes all the previous exchange installation

It then copies the new installation files to the server, in addition to other files such a languages etc..

Closer to the end of the update it configures your services again

And when the setup has completed you are prompted to restart the server if required.  *please* restart your server as you would want to test to ensure all services start up as expected.

Congratulations you have just updated to Exchange 2013 Cumulative Update 3

Post Install Tasks

  • Review windows event logs on your Exchange server(s)
  • Review services
  • Review connectivity to Exchange – Outlook Web Access, Outlook Clients, Mobile Device Connectivity
  • Write up a summery of what you did to share with team members are supervising management types – I included my actual report at the end of this post.

 

My Summery:

I have completed the work on Exchange.
Completion time was 12:30 AM Saturday, January 18, 2014

Tasks Preformed before Update Process
• Exchange Server was shutdown to adjust memory resources
• Exchange Data & Log Volumes moved  to Volume Collection
• Volume Collection of Exchanges Data & Log Volumes were made into a full snapshot as part of a backup / rollback plan
• Exchange Server was also made into a snapshot for backup / rollback plan

Update Process
• After exchange was restarted, began the verification of  files
•  Started update process,  monitored resources during the upgrade
• Update ran for 2 hours from start to finish.
• Once update was completed, restarted exchange
• Upon resuming, verified services were started automatically and storage volumes were attached
• Inspected event logs for any errors.
• Tested connectivity with OWA, Mobile and Outlook access

 

Microsoft CEO Steve Ballmer to retire

“There is never a perfect time for this type of transition, but now is the right time,” Ballmer said. “We have embarked on a new strategy with a new organization and we have an amazing Senior Leadership Team. My original thoughts on timing would have had my retirement happen in the middle of our company’s transformation to a devices and services company. We need a CEO who will be here longer term for this new direction.”

This is part of the announcement made this week regarding Ballmer‘s stepping down and retiring as the Chief Executive Officer (CEO) of Microsoft.

In an internal emails labeled Moving forward you can read more on this recent announcement.

Internet Explorer 11 Developer Preview: Windows 7 and Windows Server 2008 R2

Let’s fall in love with Windows 7 all over again, with Internet Explorer 11. Internet Explorer 11 Developer Preview is fast and fluid, and lets your websites shine and perform just like native applications on your PC.

Highlights:

Internet Explorer 11. Fast and fluid for Windows 7.

  • Fast: Internet Explorer 11 harnesses the untapped power of your PC, delivering pages full of vivid graphics, smoother video, and interactive content.
  • Easy: Experience the web the way you want to with pinned sites, built-in Spell-check  and seamless integration with your PC running Windows 7.
  • Safer: Improved features like Smart-screen Filter and Tracking Protection let you be more aware of threats to your PC and your privacy.

Message to my developer types; get it, get it now. And make sure your awesome websites work with it.

Download it herehttp://www.microsoft.com/en-us/download/details.aspx?id=39677

 

Outlook Web Access (OWA) app for iPhone and iPad

I now have another real use for my iPad.

 

Microsoft has released an Outlook Web Access (OWA) app for iPhone and iPad, providing those with Exchange OWA and 365 subscriptions access to their email, calendar, and contacts. Hello again to productivity.

Via their official blog they write “… we are excited to announce the availability of OWA for iPhone and OWA for iPad, which provide even more value to organizations on any Office 365 subscription that includes Exchange Online. OWA for iPhone and OWA for iPad are mobile apps that offer the same email, calendar and contact functionality you get in Outlook Web App on the browser, but with additional capabilities that are only possible through native integration of the app with mobile devices”

I’ve read that you need to be a 365 customer, however found out via my attempt to log in, that I could set my Exchange OWA settings manually and I had the access to my account.

Head over to the App Store and grab yourself a copy

Windows Azure Infrastructure Services Poster

Check out the updated poster depicting the common use scenarios for Windows Azure Infrastructure Services Today. You can also download this poster via the link provided below.

Download the PDF Here

Windows 8.1 Preview ISO files now available

When the announcement of the preview was made the bits were not yet available for download; They are now. Head over to http://windows.microsoft.com/en-us/windows-8/preview-iso and grab yourself a copy.

Product Key: NTTX3-RV7VB-T7X7F-WQYYY-9Y92F
Important: Windows 8.1 Preview isn’t currently supported on some tablets and PCs with newer 32-bit Atom processors. Get the details here

The Windows 8.1 Preview is here!

There has been some buzz about it and it seems as if its finally Windows 8.1 is here as an preview. Now you can take a first-hand look at many of the new features and improvements with the Windows 8.1 Preview.


For a more complete look at all the features in Windows 8.1, check out the Product Guide.

Before you install the Windows 8.1 Preview, it is also highly recommended you backup any files you have on your PC or tablet first. Please see the Windows 8.1 Preview FAQ before installing, which includes information on how to go back to Windows 8 if you need to. There are certain cases in which you will not be able to go back to Windows 8 after installing the Windows 8.1 Preview so please read the FAQ before proceeding.

So head over to the Windows 8.1 Preview page on Windows.com. The Windows 8.1 Preview will be installed through the Windows Store. Please see the Windows 8.1 Preview FAQ for the minimum requirements needed to install the Windows 8.1 Preview.

Here is the Download Preview Page: http://windows.microsoft.com/en-us/windows-8/download-preview

ISO file Download (no yet available **** Its aviable now): http://windows.microsoft.com/en-us/windows-8/iso-preview