file extensions Archives

Winsage

April 2, 2025

This third-party Windows tweaker finally lets you uninstall Edge and set a classic File Explorer style

The latest version of Wintoys, v2.0.81.0, allows Windows 11 users in the European Economic Area (EEA) to uninstall Microsoft Edge, a feature previously restricted to EU users due to regulatory requirements. Wintoys simulates the necessary conditions for this capability, enabling users to remove Edge through Microsoft-sanctioned processes. Additionally, Wintoys v2.0.81.0 includes enhancements such as a Classic File Explorer Theme, System Settings Restoration, Real-Time Updates for system properties, and improved File Explorer functionality. Wintoys is available for download from the Microsoft Store.

Tech Optimizer

February 8, 2025

New Attack Technique to Bypassing EDR as Low Privileged Standard User

A new cyberattack technique allows attackers to bypass Endpoint Detection and Response (EDR) systems while using low-privileged standard user accounts. This method utilizes masquerading and path obfuscation to disguise malicious payloads as legitimate processes, misleading detection systems and analysts. Process creation events are crucial for identifying threats, with tools like Sysmon logging detailed information about process execution. Attackers can manipulate file paths to evade restrictions on placing payloads in protected directories. They create folders that mimic legitimate antivirus software paths using Unicode characters to resemble spaces. For example, a folder may be named C:Program[U+2000]Files, allowing the attacker to introduce their payload (SuperJuicy.exe) without raising alarms. The execution of the payload results in logs that appear legitimate, complicating detection efforts. This technique poses challenges for EDR systems, including confusion in log analysis, deceptive attribution to legitimate software, and prolonged dwell time for malicious payloads. Defensive strategies include enhanced logging rules to flag Unicode characters, adjusting log viewers to display these characters, and restricting folder creation permissions for standard users.

Winsage

November 28, 2024

RomCom exploits Firefox and Windows zero days in the wild

ESET researchers discovered a critical vulnerability, CVE-2024-9680, in Mozilla products exploited by the Russia-aligned group RomCom. This vulnerability, with a CVSS score of 9.8, affects various versions of Firefox, Thunderbird, and the Tor Browser, allowing code execution within the browser's restricted context. When combined with another Windows vulnerability, CVE-2024-49039, attackers can execute arbitrary code in the context of the logged-in user. The exploit can be triggered simply by visiting a malicious web page, enabling the installation of RomCom's backdoor without user interaction. RomCom has been linked to the exploitation of significant zero-day vulnerabilities, including the earlier use of CVE-2023-36884 via Microsoft Word in June 2023. The newly identified vulnerability was reported to Mozilla on October 8th, 2024, and patched the following day. The vulnerability is a use-after-free bug in Firefox's animation timeline. Further investigation revealed CVE-2024-49039, a privilege escalation bug in Windows, which Microsoft patched on November 12th, 2024. RomCom has targeted various sectors in 2024, including governmental entities in Ukraine, the pharmaceutical sector in the US, and the legal sector in Germany, among others. The compromise chain begins with a fake website that redirects victims to a server hosting the exploit. ESET identified multiple command-and-control servers used by RomCom, employing deceptive naming schemes to obscure their intentions. The exploit utilizes shellcode that executes arbitrary code by manipulating animation objects in Firefox. The vulnerability was patched by Mozilla within a day of its discovery. The RomCom backdoor is capable of executing commands and downloading additional modules onto the victim's machine. Indicators of compromise include specific JavaScript files and DLLs associated with the exploit.

Winsage

November 25, 2024

How to install File Server Resource Manager on Windows Server

File Server Resource Manager (FSRM) is a tool for administrators to manage file storage on Windows servers. It allows for quota management, file type blocking, and space utilization reporting. FSRM must be installed on all servers where File Dynamics will manage quotas, including the Engine host. To install FSRM on a Windows server, follow these steps: 1. Open Server Manager, select Add Roles and Features, and proceed with a role-based installation. 2. Choose the target server and navigate to File and Storage Services to select File Server Resource Manager. 3. Optionally, install additional features like .NET Framework 4.7. 4. Click Install and verify successful installation through Server Manager. To configure quotas, navigate to Quota Management in FSRM, create a quota for a specific folder, and set notification thresholds. For file screening, create file groups to block or allow specific file types, and set up file screen templates. Additional features like Storage Reports can be configured to generate reports on file usage by scheduling report tasks and specifying parameters. The initial step to install a file server in Windows Server is to install the File Server role from Server Manager and configure the shared folder properties.

Winsage

November 5, 2024

How to install Paint 3D on Windows 10 and 11

Paint 3D is no longer available in the Microsoft Store but can still be installed on Windows 10 and Windows 11, including version 24H2. Users can download the necessary appx file from various sources, extract the files, and double-click the appx file to install it. Microsoft’s official ISO images for Windows 10 also include Paint 3D pre-installed for consumer installations.

Winsage

October 29, 2024

Microsoft’s AI Agents idea for Windows 11 is insane, it could change how you use PCs

Microsoft is developing a project called Windows Agent Arena, which aims to create AI agents that can perform tasks on Windows 11 PCs. This open-source framework allows developers to build and test AI agents capable of understanding screen content and executing commands. The AI agents can automate various tasks, such as adjusting privacy settings in Microsoft Edge, installing extensions in VSCode, and modifying settings in applications like VLC and Paint. Researchers have indicated that the initial model can manage up to 150 different tasks, with a specific AI agent named Navi achieving a 19.5% success rate in task completion. Microsoft has also open-sourced a screen-understanding model called "Omniparser" to assist developers in creating more effective agents.

Winsage

October 1, 2024

New Research Reveals Windows Event Logs Key to Identifying Ransomware Attacks

Recent investigations by cybersecurity experts have revealed that specific ransomware variants leave identifiable traces in Windows Event Logs, enhancing organizations' ability to detect human-operated ransomware attacks. JPCERT/CC confirmed that ransomware families such as Conti, Phobos, Midas, BadRabbit, and Bisamware exhibit unique signatures in event logs. Conti generates event IDs 10000 and 10001, Phobos leaves traces with event IDs 612, 524, and 753, Midas is marked by Event ID 7040, BadRabbit installs cscc.dat documented in Event ID 7045, and Bisamware is indicated by Event IDs 1040 and 1042. While event logs cannot prevent attacks, they are crucial for damage investigations and understanding attack methodologies. Experts recommend centralizing Event ID 7045 logs, implementing automated detection systems, and utilizing PowerShell scripts to monitor system logs for suspicious activities. Organizations should also develop comprehensive log collection systems, advanced hunting queries, and custom detection rules to improve ransomware detection capabilities.

Winsage

September 24, 2024

My essential Windows 11 tweaks: 22 Settings to change for a better experience

Windows 11 offers extensive customization options, with specific settings to adjust during new installations. Key areas to configure include: - Start Menu: - Show more pins by selecting the "More pins" option. - Show folders by choosing shortcuts next to the power button. - Disable account notifications by turning off the "Show account-related notifications" toggle. - Disable app recommendations by turning off the "Show recommendations for tips, app promotions, and more" toggle. - Taskbar: - Align icons to the left by selecting the "Left" option in Taskbar behaviors. - Remove Widgets and Search icons by choosing the Hide option and turning off the Widgets toggle. - Disable badge notifications by clearing the "Show badges on taskbar apps" option. - Notifications: - Enable "Do not disturb" by turning on the toggle in the Notifications settings. - Clock: - Enable automatic time and zone adjustments by turning on the relevant toggles in Date & time settings. - Apps: - Set default applications by selecting the desired app in Default apps settings. - Control startup apps by turning off the toggle for each app in Startup settings. - Display: - Change screen scaling and refresh rate in Display settings. - Enable Night light by adjusting the settings in the Display page. - Privacy: - Disable the "Find My Device" feature and Settings notifications in Privacy & security settings. - Connect Phone: - Use the Phone Link app or Mobile devices feature to connect an Android phone to Windows 11. - File Explorer: - Change the startup page to "This PC" and show file extensions in the View menu. - Mouse: - Change the mouse cursor and pointer style in Accessibility settings.

Winsage

August 23, 2024

How to change a file type or file extension in Windows 11

In Windows 11, users can change file extensions easily to correct mislabeling issues. File extensions, such as .png or .mp4, indicate how the operating system should handle files, while file types refer to the actual format of the file. To view file extensions in File Explorer, users can navigate to the folder, click on View, and select Show > File name extensions. To change a file extension, users highlight the file, rename it by deleting the old extension and adding a new one, and confirm the change. For changing multiple file extensions at once, users can use the Command Prompt by navigating to the folder, typing CMD in the address bar, and using the ren command. Changing file types or formats requires a conversion tool, such as iLoveIMG, where users can upload files and convert them to the desired format. It is advisable to review converted files before deleting the originals.

Winsage

July 8, 2024

Notepad finally gets spellcheck, autocorrect for all Windows 11 users

Microsoft has introduced spell check and autocorrect features to Notepad for Windows 11 users. The features have been tested by Windows Insiders since March and are now available to all users. Autocorrect has shown to be inconsistent in tests, but users can disable both features in the Notepad settings. Microsoft has been adding new features to Notepad since 2018 to modernize the application.