Fast Microsoft recommended driver block rules update with automatic scheduled task
Microsoft recommended driver block rules in Windows are automatically updated starting with Windows 11 22H2, twice per year, but the list itself is updated more often. Microsoft provides ways to update them faster and out of the schedule. I've created a PowerShell script that does this automatically and you only need to run the script once, then it will create a scheduled task in Windows that runs every 7 days and renews the recommended drivers block list. # create a scheduled task that runs every 7 days if (-NOT (Get-ScheduledTask -TaskName "MSFT Driver Block list update" -ErrorAction SilentlyContinue)) { $action = New-ScheduledTaskAction -Execute 'Powershell.exe' ` -Argument '-NoProfile -WindowStyle Hidden -command "& {Invoke-WebRequest -Uri "https://aka.ms/VulnerableDriverBlockList" -OutFile VulnerableDriverBlockList.zip;Expand-Archive .\VulnerableDriverBlockList.zip -DestinationPath "VulnerableDriverBlockList" -Force;Rename-Item .\VulnerableDriverBlockList\SiPolicy_Enforced.p7b -NewName "SiPolicy.p7b" -Force;Copy-Item .\VulnerableDriverBlockList\SiPolicy.p7b -Destination "C:\Windows\System32\CodeIntegrity";$job = Start-Job -Name "Job1" -ScriptBlock { CiTool.exe -r };Start-Sleep -s 15;Stop-Job $job;Remove-Item .\VulnerableDriverBlockList -Recurse -Force;Remove-Item .\VulnerableDriverBlockList.zip -Force;}"' $TaskPrincipal = New-ScheduledTaskPrincipal -LogonType S4U -UserId $env:USERNAME -RunLevel Highest # trigger $Time = New-ScheduledTaskTrigger ` -Once -At (Get-Date).AddHours(3) ` -RepetitionInterval (New-TimeSpan -Days 7) ` # register the task Register-ScheduledTask -Action $action -Trigger $Time -Principal $TaskPrincipal -TaskPath "MSFT Driver Block list update" -TaskName "MSFT Driver Block list update" -Description "Microsoft Recommended Driver Block List update" # define advanced settings for the task $TaskSettings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Compatibility Win8 -StartWhenAvailable -ExecutionTimeLimit (New-TimeSpan -Minutes 3) # add advanced settings we defined to the task Set-ScheduledTask -TaskPath "MSFT Driver Block list update" -TaskName "MSFT Driver Block list update" -Settings $TaskSettings } https://github.com/HotCakeX/Harden-Windows-Security/wiki/Fast-and-Automatic-Microsoft-Recommended-Driver-Block-Rules-updates
BITS Downloading App updates from unknown endpoint
Hi, Our IDS started freaking out today because a large number of our endpoints started initiating BITS downloads to an unknown endpoint. My initial reaction was ransomware, but after further investigation it appears that these BITS downloads are updates for Windows Store Apps. I am making this post to confirm that these endpoints are actually indeed official Microsoft endpoints. The BITS requests I had seen were all for the Limelight Networks CDN (llnwd[.]net), which I have heard hosts content for a lot of MSPs, one of which being Microsoft. Checking the logs, it appears that our workstations have never made BITS requests to this CDN. All previous BITS updates were carried out using official microsoft.com endpoints. The following are some examples of the domains seen in the BITS requests: ic-c39e4900-0f7065-msftstoretlu19.s.loris.llnwd[.]net ic-c39e4900-0d5ab5-msftstore19.s.loris.llnwd[.]net ic-c39e4900-08b3f9-msftstore19.s.loris.llnwd[.]net ic-c39e4900-0700f8-msftstore19.s.loris.llnwd[.]net Although all my investigations point to these being official Microsoft endpoints, I am worried that a CDN is being used because a malicious actor could easily mangle the URLs to make them look like official Microsoft ones. Is this the correct place to confirm that the above sub-domains are official Microsoft, and if not where should I ask this question instead? ThanksWorking with multiple work accounts on a windows 10 device
Hello everyone I think it's time for me to vent my frustration about working with multiple work/education accounts on a windows 10 device... First of all, I have 3 Microsoft Accounts (1x Personal; 1x Work; 1x Education) and oh boy, it's very very frustrating to get all these 3 Accounts work together on the same windows 10 device with one Userprofile. Working with my Personal and Work (or Education) account on the same device works fine, no problems, but as soon as I add additionally either my Work or Education Account in the Windows 10 settings under "Account > Email & accounts" things starting to get complicated. Sync issues across every app that uses one of these work/education accounts (classic Office Apps, ToDo, Edge, OneNote) Upload blocks in the office apps (Word, Excel...) & Credential Errors 4x/day a notification toast that my work accounts need to fix... blabla -> I click okay, now fix it -> Accounts fixed -> later in the day, same error occurs... I just want to use all my accounts on the same device with the same Userprofile, I really love the Microsoft 365 Platform but these things driving me crazy. I had a time, in there I worked completely online, but yeah, we all know how cool it is to work with the online versions of Office Apps. I also tried multi-bootable windows installations or multiple Userprofiles and it worked, but I often need to access files/services that are stored in the OneDrive from my Education Account or vise versa, so it's really impracticable. Then I tried to link my accounts just in these apps where I need it, but Windows 10 really have fun on it to write in my accounts under the named windows 10 settings location. Has anyone a best practice, tips/tricks etc. everything helps... Thanks.Cumulative update KB5001391 fails to Install
Hello Guys ! A expected ONCE AGAIN Microsoft Cumulative update KB5001391 fails to install on #Windows 20H2 , as this has been the 3rd failed update like previously two KB5000842 and KB5001330. Am I the alone on this planet ? The error message I have received is 0x800f0922. I got a new Laptop HP 8th generation. What is happening inside Microsoft these days ? Shout out loud If you're having the pain like I have these days ? Please Please Please
Dual Boot issue
I had Dual Booted Windows 10 and 11! For 3 days, it worked fine, but from the fourth day, whether I restarted, or started after a shut down, the boot manager didn't lit up only! The screen is dark and I literally have to assume with just a pointer visible where the OS name is written and continue with it! Plz anyone help! Windows11 Pernille-Eskebo
Remove a device from Microsoft account
Hello, When I access to microsoft.com and clicking on my Microsoft account, the screen like the picture below is displayed. On Devices part, it showed my laptop info though I removed this device several times by this link Remove a device from your Microsoft account. I hope this issue can be fixed. Thank you.
To go crazy or not to go crazy, I think that is the question.
Hi there, I bought an MSI (GT72S Dominator Pro G 6QE) laptop in 2015. It came with 2 ssds on the laptop with "raid 0" mode applied. The 2 ssds on the laptop came as a single disk (C:) with "raid 0" mode set, and after changing the "raid 0" mode so that the disks would appear separately (C: + D:), the recovery I created earlier I did a reinstall with the "usb disk". i started getting activation error after i finished installing with recovery usb drive. Did you make a hardware change in the error it gave in the activation section? After answering "yes" to the question, I ran the activation troubleshooter and informed that the problem was resolved and the system was successfully activated. Then I restored many programs and backups I've been using, I don't remember exactly, but I used it for a while without any problems. After a short while I was surprised to see the "enable windows" warning in the lower right corner. I tried all kinds of solutions mentioned in the comments on various web pages and Microsoft help pages, but no matter what I did, I was unsuccessful. We had a phone call with a Microsoft Turkey official, and after connecting to the laptop remotely and applying a few codes using the command prompt, he asked if there was no digital license embedded in the bios, if I had taken the device to a service for any malfunction or maintenance, and I told him "I did not take it". I gave. I think upon this answer, he thought that I was lying, that I was trying to activate the system through hacking ways, and ended the conversation by stating that I needed to talk to an MSI representative. After completing the installation with the recovery usb drive, I started getting an activation error. Did you make a hardware change in the error it gave in the activation section? After answering "yes" to the question, I ran the activation troubleshooter and informed that the problem was resolved and the system was successfully activated. Then I restored many programs and backups I've been using, I don't remember exactly, but I used it for a while without any problems. After a short while I was surprised to see the "enable windows" warning in the lower right corner. I tried all kinds of solutions mentioned in the comments on various web pages and Microsoft help pages, but no matter what I did, I was unsuccessful. We had a phone call with a Microsoft Turkey official, and after connecting to the laptop remotely and applying a few codes using the command prompt, he asked if there was no digital license embedded in the bios, if I had taken the device to a service for any malfunction or maintenance, and I told him "I did not take it". I gave. I think upon this answer, he thought that I was lying, that I was trying to activate the system through hacking ways, and ended the conversation by stating that I needed to talk to an MSI representative. I tried to explain the situation by talking to the MSI representative on the phone as it said there was no license key in the system bios and asked him to find out what my original license key was on my computer when I bought it. and email it to me. Shortly after, I received an email with the license key and enthusiastically logged into the system with the specified license key. I don't remember the exact order now, but the first time I tried it or the day after I entered the key, when I booted the system, the "activate windows" warning popped up again and I was getting really pissed off. Warnings stating that my license is not genuine, that I need to activate it by purchasing a new license key, etc. Tired of the story? Really? 🙂 I think it will be more fun from now on... Although I got error messages, I finally got the original license from MSI authority. I couldn't stand the wait and stopped talking to the attendant and went back to searching the various web pages. By the way, I have a company serving in the renewable energy sector. I bought this computer in 2015 to use in my business after founding my company. (Even the invoice and e-mail of the online shopping site I bought while ordering remain.) Recently, my work started to get busy, I think I lost a lot of time with this frustrating experience, I was going to go. get an activation key again, but that's the case now. It has been a matter of stubbornness for me. It is much more difficult for me to get a license key again with money on top of the time I spend unnecessarily and I still believe that I will get through this situation somehow. Anyway, let's continue where we left off. I decided to follow the advice on various web pages, "If the methods you've tried don't work, you should do a clean install". After downloading the "Windows 10 Home" version with the "Recovery Media Creation Tool" that I downloaded from Microsoft's web page, I started to follow the other steps mentioned and at this point I made the mistake of my life. After the application told me to start the installation by inserting a usb drive into my computer to create the recovery media, I did exactly as it said and deleted the only copy I had, the original recovery copy that came with the system. , the recovery media inside was also deleted, the only copy was on the usb drive I used for the clean install and applied formatting... Thus; On my way to Midyat to buy rice, I ate bulgur at home. (A general term.) I would like to thank Microsoft for giving me the experience of living together emotions such as anger, sadness and depression. Thanks, stay tuned, glorious Microsoft. I guess I can't buy this experience you gave me with money.. 🙂 Where we were? Did you think it's over huh.. 🙂 To do a clean install, I installed it with the Windows 10 Home version that I downloaded and installed on the usb memory, which caused the single copy to be deleted and I set the ssd drivers back to "Raid 0" before doing it. ", just like when I bought the system for the first time. After the installation, I could not activate it with the license key I got from the MSI authorized service. I checked whether there is an oem license key in the bios with various tools, because the Microsoft official told me that there is no oem license key embedded in the bios. When I checked this time, there was a license key, but it was a different key than the one given by MSI authorized service. I think I started researching again due to an error warning like "Core Version" that appeared in my activation attempts with the original key given to me. This time, after downloading the "Windows 10 Home Single Language" version and installing with the necessary usb driver, the activation took place, but after a while (for example, when I go from home to work, when I connect to the wifi internet at my workplace, the "Activate Windows" error warning is displayed in the lower right corner. From the very beginning, when I checked my Microsoft Account, which I used to log in to the system, it was strange that at the end of each reboot/run of the system, my laptop with the same user and device name would appear in my account multiple times, as if it were different computers. , the same user, at least 20+ devices with the same user and system name appear in my microsoft account.This may be a clue. I think I did a lot of reinstallation after formatting to do what I described, but I could not find a solution to the problem. In summary, right now; -Win 10 Home Single Language version is installed, sometimes the activation warning message disappears by itself, after a while it comes back again. - I have the original windows activation key that the MSI official gave me. - When I first purchased the system, the Windows version that came with it may have been 8 or 8.1, unfortunately I do not remember. - I don't know which version of the product key I have. - I've been signing in with the same Microsoft account (even multiple accounts I've used for years) from the very beginning (the day I bought it). "Normally, shouldn't Microsoft recognize me?" - My brain stopped again, I don't know what else I have... What can I do in this situation? There can be any Professor who can help me or a Candidate who will treat this situation as a "Graduation Thesis" topic, someone who can help me?, Microsoft Official ? Is not there? It's like a joke.. Make up your mind and don't get involved in things you don't know like me! Apply after obtaining the opinion and approval of authorized persons, including the slightest hardware change request. Otherwise, you'll end up with life like me. Lastly, the dialogues between me and the person I talked to. https://answers.microsoft.com/en-us/windows/forum/windows_10-win
