One can also update the Intel GPU driver to 30.0.101.1190 or later to solve this problem. Microsoft writes in its support document:

 After installing update KB5019966 or later, you may experience apphelp.dll errors on Windows devices using Intel graphics drivers (versions 26.20.100.7463 through 30.0.101.1190). This issue may occur intermittently and affects a small percentage of enterprise applications that use DirectX or Direct3D to render some or all of their content. Windows devices using a newer version of the Intel graphics driver (version greater than 30.0.101.1190) are not affected by this issue and already have the Intel solution for this issue installed.

 Windows home users are less likely to experience this issue, as applications affected by this issue are more common in enterprise environments.

 Solution: To alleviate this issue, you can install an Intel graphics driver version higher than 30.0.101.1190. It is recommended that you check that your Windows device manufacturer supports the latest version of the Intel graphics driver for your device. If they do not provide a driver higher than 30.0.101.1190, you can check the Intel Graphics Drivers list for information on how to download and install the latest available Intel Graphics driver directly from Intel.

 Resolution: This issue is resolved in KB5029247.

 This update addresses an issue affecting applications that use DirectX on older versions of Intel graphics drivers. You may be receiving errors from apphelp.dll.

 The first few hours of a newly installed Windows could leave the system vulnerable due to a Microsoft Defender protection vulnerability. This is because OS installation images (WIM and VHD files) may contain outdated antimalware binaries.

 The Defender update also includes important performance fixes that improve the user experience. Devices that use antivirus software or other security solutions built into Windows can benefit from these updates.

This feature supports the following OS installation images:

• Windows 11
• Windows 10 (Enterprise, Professional, and Home)
• Windows Server 2019
• Windows Server 2016

Version Information:

• Defender Pack Version: 20230809.1
• Platform version: 4.18.23070.1004
• Engine version: 1.1.23070.1005
• Security Intelligence Version: 1.395.68.0

According to Microsoft’s security bulletin, we know that the 1.395.68.0 version released a few days ago has added detection of threats such as various Trojan horses, ransomware, and backdoor vulnerabilities, and has also added a new feature for Windows that blocks AutoKMS (Key Management Service). patch.

In addition to Windows, Microsoft has also rolled out security updates for Office such as Outlook, Excel, Word, etc., fixing issues such as spoofing and remote code execution (RCE).

The post Microsoft updates Microsoft Defender for Windows 11/10: improve performance appeared first on TechGoing.

The timetable of the LSA false positive problem as follows:

Microsoft released the KB5007651 update (version number 1.0.2302.21002) for Windows Defender in March this year, which will force users to install it.

Some users reported that after installing the update, Windows Security displayed “Local Security authority protection is off. Your device may be vulnerable” (Local Security authority protection is off. Your device may be vulnerable).

Microsoft released the KB5007651 update (version number 1.0.2303.27001) on April 19, claiming to fix the LSA false positive issue.

Microsoft subsequently withdrew the KB5007651 update (version number 1.0.2303.27001) on May 17, saying that the new patch brought other problems.

The post Microsoft resends KB5007651 update again to fix Defender LSA false positives in Windows 11 appeared first on TechGoing.

Users reported that after installing the new version, the load on Defender increased significantly. An in-depth investigation by the user found that it is related to the MsMpEng.exe program. This problem can be reproduced by executing the printing program in Word, Excel and other office software.

Note: The temporary solution is to find the MPCMDRUN.exe file in the system, and then add “RemoveDefinitions -All” to the signature to temporarily fix it.

The post Report says new version of Microsoft Defender has high CPU usage issue appeared first on TechGoing.

According to the test results, Microsoft Defender got a perfect score of 6 in terms of protection ability and usability, but only got 5 points in terms of performance, which is insufficient compared with Avast, Avira and other anti-software.

The performance evaluation content is as follows:

 Including Avast, Avira, Bitdefender, G DATA, K7 Computing, Kaspersky, Malwarebytes, PC Matic, Protected.net and Trend Micro, all scored 6 points.

 In our tests, software packages from AhnLab, AVG, ESET, F-Secure, McAfee, Microworld, and Norton produced a slight but measurable system load. The overall performance is good, 0.5 points are deducted, and the score of the above products is 5.5 points.

 The report pointed out that the system load of Microsoft Defender is higher than that of other competing products, so 1 point was deducted, and the final score was 5 points.

The post Microsoft Defender has a higher load than its competitors, the third from the bottom appeared first on TechGoing.

This update further enhances Microsoft Defender’s ability to detect malware in images in Windows Imaging Format (WIM) and Virtual Hard Disk (VHD) formats.

Microsoft stated that attackers can implant malware in the images of the above two formats. If users use these images to install, it will lead to risks such as theft of user information.

This update applies to the following versions:

 Windows 11

 Windows 10 (Enterprise, Professional, and Home)

 Windows Server 2019

 Windows Server 2016

After the user installs, the version number is as follows:

 Defender Pack Version: 20230503.1

 Platform version: 4.18.2304.8

 Engine version: 1.1.20300.3

 Security intelligence version: 1.389.44.0

The post Microsoft releases Defender updates for Windows 10 and Windows 11 appeared first on TechGoing.

System administrators have received a large number of erroneous email security alerts, and the Microsoft 365 Status official tweet has confirmed the issue, saying that the issue can be tracked on the Microsoft 365 Admin Center portal via “DZ534539”.

These high-risk alert emails say “Potentially malicious URL click detected”. Additionally, administrators may not be able to view alert details using the “View Alert” link in the email.

Microsoft is reviewing service monitoring data to determine the root cause of the issue and develop a solution.

This issue only affects administrators served through the affected infrastructure.

The post Microsoft Defender is malfunctioning again, mistaking normal URLs for malicious links appeared first on TechGoing.

The device isolation feature is still in public preview and can now be deployed to Windows devices within an organization. Microsoft said in an official blog post that “some attack scenarios require IT managers within an organization to block devices from accessing the internal network.

Microsoft continued: “IT administrators can take this approach to prevent attackers from accessing the internal network after discovering suspicious behavior on remote devices to avoid data breaches and other related incidents.

Microsoft said IT administrators remotely lock the device, the device can only run a limited number of processes to access the specified web pages. After removing suspicious factors, IT administrators can restore the device’s access to the internal network.

The post Microsoft tests new Defender for Endpoint feature that lets IT admins remotely lock down Linux devices appeared first on TechGoing.

Microsoft has identified steps that customers can take to recreate Start Menu links for a significant subset of the affected applications that were deleted,” Microsoft explained in support documentation. These actions have been integrated into the PowerShell script below to help enterprise administrators take recovery actions in their environments.”

If affected, you can use this PowerShell script shared on GitHub, which will scan HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ registry keys to check if 33 different programs are installed on your computer.

A list of application shortcuts that can be found and recovered by

Adobe Acrobat

Adobe Photoshop 2023

Adobe Illustrator 2023

Adobe Creative Cloud

Firefox Private Browsing

Firefox

Google Chrome

Microsoft Edge

Notepad++

Parallels Client

Remote Desktop

TeamViewer

Royal TS6

Elgato StreamDeck

Visual Studio 2022

Visual Studio Code

Camtasia Studio

Camtasia Recorder

Jabra Direct

7-Zip File Manager

Access

Excel

OneDrive

OneNote

Outlook

PowerPoint

Project

Publisher

Visio

Word

PowerShell 7 (x64)

SQL Server Management Studio

Azure Data Studio

The post Microsoft releases script to recover application shortcuts deleted by mistake in Defender update appeared first on TechGoing.

According to the release, the POC is called “Aikido,” or the essence of the eponymous martial art of “using softness to overcome strength” and “using force to make strength The POC is called “Aikido”, which is the essence of the eponymous martial art – “using softness to overcome strength” and “using force to make use of strength” to defeat the opponent’s attacks.

Microsoft has now acknowledged the existence of a vulnerability in Defender and announced that it has been patched.

However, several other major antivirus software, such as Avast, AVG and TrendMicro, have also been confirmed to be affected by the vulnerability, while products such as McAfee and BitDefender are not affected.

Yair explained that the POC is based on a time-to-check-to-use (TOCTOU) vulnerability.

When antivirus detects such a file, it identifies it as malicious and then deletes it. A POC using TOCTOU can import an alternate path after the antivirus detects malware, and then cause the computer to delete your legitimate files, not just the malicious ones, but even the Windows system files.

These steps are briefly described below.

" Create a special path with malicious files in C:\temp\Windows\System32\drivers\ndis.sys

Fix its path and force EDR or AV to postpone the deletion operation until the next reboot

Delete the C:\temp directory

Create a connection to C:\temp → C:\

Reboot                        
                               "

Interestingly, for Defender and Defender for Endpoint, Yair notes that Defender does not delete files but directly deletes folders, and Microsoft has assigned the ID “CVE-2022-37971” to this vulnerability, which has been fixed in the latest Microsoft Malware Protection Engine version 1.1.19700.2.

Meanwhile, TrendMicro, Avast and AVG have also released patches for their respective products.

"TrendMicro Apex One: Patch 23573 and Patch_b11136

Avast and AVG Antivirus: 22.10 "

The post Microsoft Defender, Avast, AVG Exposed to Vulnerabilities that Trick Windows into Permanently Deleting User Files appeared first on TechGoing.

These devices allow businesses and employees to install apps, unlike other enrollment models where companies manage every aspect of the device and control which apps are available and can be installed.

This update adds existing support for registered devices for AE Bring Your Own Device (BYOD), AE Fully Managed Mode, Legacy Device Administrator Mode, and Unregistered Mobile Application Management (MAM) devices.

This release further enhances MDE’s offering, along with recent updates, to secure mobile devices on Wi-Fi and isolate compromised Windows devices. It provides IT teams with a range of more effective Android mobile threat defense tools.

The COPE architecture allows containerized tools such as work profiles to separate personal and work data and the applications used for each, and gives administrators full control over work profiles with limited visibility into personal profiles.

This means that users of these devices can gain privacy of their personal data, while companies issuing the devices can take full advantage of what MDE has to offer and be able to properly enforce policies.

The post Microsoft Defender for Endpoint now supports Android enterprise COPE devices appeared first on TechGoing.