Category: Windows 11

Microsoft releases new APIs for managing Windows Update

New Microsoft Graph APIs released today in public preview allow developers and IT professionals to manage Windows 10 updates and expedite Windows 10 security updates in enterprise environments.

Microsoft Graph is an API platform that helps developers create apps capable of accessing Microsoft 365, Windows 10, and Enterprise Mobility + Security data.

Access to deployment service update management capabilities

“By connecting deployment service capabilities with Microsoft Graph, app developers can easily build rich update management tools and extend these experiences with contextual user data (such as leveraging a user’s calendar data when scheduling an update),” Microsoft Principal Program Manager David Mebane explained.

The deployment service Mebane refers to is the Windows Update for Business deployment service, a cloud service announced by Microsoft in March and providing control over the approval, scheduling, monitoring, and safeguarding of Windows Update controls.

With its release, Microsoft has expanded Windows Update device management features available to IT pros, making it possible to:• Schedule update deployments to begin on a specific date (ex: deploy 20H2 to these devices on March 14, 2021)
• Stage deployments over a period of days or weeks using rich expressions (ex: deploy 20H2 to 500 devices per day, beginning on March 14, 2021)
• Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization when emergencies arise
• Ensure coverage of hardware and software in your organization through deployments that are tailored to your unique device population through automatic piloting
• Leverage Microsoft ML to automatically identify and pause deployments to devices that are likely to be impacted by a safeguard hold
• Manage driver and firmware updates just like feature updates and quality updates

The Microsoft Graph API released today in public preview further extend these fine-grained controls, allowing customers to interact with the deployment service via apps that can help them:• Approve and schedule specific feature updates to be delivered from Windows Update on a specific date – including skipping or not taking feature updates.
• Stage deployments over a period of days or weeks using rich expressions (ex: deploy 20H2 to 500 devices per day, beginning on May 11, 2021)
• Bypass pre-configured Windows Update for Business policies to immediately deploy a security update across your organization.
• Deliver safer update results by leveraging automatic pilots for any deployment.

Microsoft-Graph-API-Windows-Updates
Deployment service interaction via Microsoft Graph Explorer (Microsoft)

Available starting today

Customers with supported Windows or Microsoft 365 subscriptions can access the deployment services through the new APIs starting today.

To start using the new Microsoft Graph APIs today, you need one of the following subscriptions: 

  • Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows Virtual Desktop Access E3 or E5
  • Microsoft 365 Business Premium

Devices compatible with the deployment service must be Azure AD joined or Hybrid AD joined, and run Pro, Enterprise, Education, or Pro Education editions of Windows 10, version 1709 or later.

Further information on enrolling devices for management, managing feature updates, and expediting security updates is available here.

Source :
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-new-apis-for-managing-windows-update/

Microsoft: Windows needs at least 8 hours online to update reliably

Microsoft says that Windows devices need to be online for at least eight hours to get the latest updates and have them correctly installed after they’re released through Windows Update.

The amount of time devices running Windows are powered on and connected to Windows Update is tracked by Microsoft as ‘Update Connectivity.’ 

This measurement correlates the systems’ lack of enough connected time with why they’re not up to date while also making it easier to understand why some devices are unlikely to get recently released updates successfully.

According to David Guyer, a Microsoft Program Manager for Windows Updates in MEM, Windows devices need at least 8 hours online to get the latest updates and successfully install them.

“One of the most impactful things we explored was how much time a device needs to be powered on and connected to Windows Update to be able to successfully install quality and feature updates,” said Guyer.

“What we found is that devices that don’t meet a certain amount of connected time are very unlikely to successfully update. Specifically, data shows that devices need a minimum of two continuous connected hours, and six total connected hours after an update is released to reliably update.

“This allows for a successful download and background installations that are able to restart or resume once a device is active and connected.”

You can track devices with insufficient Update Connectivity via Microsoft Intune by navigating to Devices > Monitor and selecting either the Feature update failures or the Windows Expedited update failures report.

Insufficient Update Connectivity alerts can also be found via the Summary report in Intune by going to Reports > Windows updates > Reports > Windows Expedited update report.

Microsoft Intune Update Connectivity alerts
Microsoft Intune Update Connectivity alerts (Microsoft)

When looking at Windows 10 devices that are not fully updated and not meeting minimum connectivity requirements, Microsoft saw that:

  • Approximately 50% of devices not on a serviced build of Windows 10 do not meet the minimum Update Connectivity measurement.
  • Approximately 25% of Windows 10 devices on a serviced build but have security updates that are more than 60 days out of date have less than the minimum Update Connectivity.

“When troubleshooting update issues, we have found it is best to select devices that have sufficient Update Connectivity,” Guyer added.

“If a device has insufficient Update Connectivity, then investigating other update issues is complicated because the low Update Connectivity can create new issues that go away once there’s enough connectivity.”

In related news, Microsoft began testing a smarter delivery method for Windows update improvements dubbed ‘Update Stack Package,’ which would deliver improvements to the update experience outside of major OS updates before monthly or feature Windows updates.

The company also redesigned cumulative updates in Windows 11 to allow security and quality updates to install faster as they are approximately 40% smaller than their Windows 10 counterparts.

Last year, Redmond released new APIs for managing Windows Update that enable devs and IT professionals to expedite Windows 10 security updates in enterprise environments.

Source :
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-needs-at-least-8-hours-online-to-update-reliably/

How to install the Microsoft Visual C++ 2015 Runtime

If you start a program and receive an error stating that the program you are trying to run needs the Microsoft Visual C++ 2015 Runtime, you can use this tutorial to install the package so that your program works again.

When developers create a Windows program using Microsoft Visual Studio 2015, there are specific dynamic link libraries (DLLs) that their programs are linked to work correctly.

These DLLs are distributed through the Microsoft Visual C++ 2015 Runtime, and if the package is not installed, users will encounter errors stating that DLLs are missing or you need to install the runtime.

As an example, the video game Valorant released an update today that did not include the Microsoft Visual C++ 2015 Runtime, causing the game not to work after the update was installed.

When users launch Valorant, they are instead greeted with the following error.

Missing Microsoft Visual C++ 2015 Runtime error
Missing Microsoft Visual C++ 2015 Runtime error

“The following component(s) are required to run this program: Microsoft Visual C++ 2015 Runtime”

The good news is that it is really easy to fix this problem by downloading and install the runtime from Microsoft’s website.

To install the Microsoft Visual C++ 2015 Runtime, please follow these steps:

  1. Go to the Microsoft Visual C++ 2015 Redistributable page from Microsoft and click on the Download button.
  2. You will be brought to a page where it asks you to select whether you want to download the 32-bit or 64-bit version of Windows. Select the version you need and click the Next button. If you are unsure what version you need, you can use this tutorial to determine what you need.

    BleepingComputer suggests that you download and install both the x86 AND x64 versions of the runtime to not run into issues in the future.
  3. The files will now be download to your computer. Once downloaded, double-click on the downloaded vc_redist.x64.exe file. 
  4. The Microsoft Visual C++-2015 Redistributable screen will be displayed and ask you to agree to the license terms and conditions. Put a checkmark in the “I agree” box and then click on the Install button.Microsoft Visual C++-2015 RedistributableMicrosoft Visual C++-2015 Redistributable
  5. If Windows prompts you to allow the program to make changes or continue, click on the Yes or Allow button.
  6. When done, the program will display a message stating that it was successfully installed.Redistributable InstalledRedistributable Installed
  7. Now perform the same steps to install the vc_redist.x86.exe runtime.
  8. You can now close the installer.

If you already had the Visual C++ 2015 Runtime installed, you can run the above redistributables and perform a repair.

Perform a Repair
Perform a Repair

You can now try to run the program that previously gave the missing runtime error, and it should work again.

Source :
https://www.bleepingcomputer.com/tutorials/how-to-install-the-microsoft-visual-c-2015-runtime/

How to make the Start menu full screen in Microsoft Windows 10

By default, the Windows 10 Start menu will open up in a size that accommodates all of the pinned items. For those who wish to use a larger Start screen, making the Start menu open in a full-screen mode is possible.

When the full-screen mode is enabled, the Start screen will overlay the entire desktop and provide a more generous amount of space to pin applications, and your live tiles will be larger.

If you wish to enable the Start full-screen mode, please follow these steps:

  1. Click on the Start menu and then click on the Settings cog ( Settings Cog ) to open the Windows 10 Settings.
  2. When the Settings open, click on Personalization and then Start.
  3. In the Start settings, look for a setting named ‘Use Start full screen‘ and click on the toggle to enable the feature, as shown below.Enable Start full screenEnable Start full screen
  4. You can now close the Start settings screen.

Now that you have enabled Start full screen mode, when you click on the Start button, the Start menu will be shown in full screen and overlay the entire desktop.

Start full screen
Start full screen

When using Start in full screen mode, you can close the Start menu at any time by pressing the Escape key on your keyboard or by clicking on another program or screen.

To disable Start full screen mode, just follow these steps again, but this time disable the ‘Use Start full screen’ setting.

Source :
https://www.bleepingcomputer.com/tutorials/how-to-make-the-start-menu-full-screen-in-windows-10/

How to Disable Bing Search in the Windows 10 Start Menu

One of the Windows 10 Start Menu features is a built-in Bing search when a local search fails to find anything. Whether it be due to privacy reasons, bugs, or just personal dislike, this article will explain how to disable Bing search in the Start Menu.

When you perform a search in the Windows 10 Start Menu, Windows will first look for local search results such as settings, files, or programs and display any that are found.

If there are no local results, Windows will then perform a Bing search for the search keyword and list the results in the Start Menu as shown below.

Blank search results in Start Menu
Blank search results in Start Menu

When logged into a Microsoft Account, these searches will be uploaded to Microsoft, who will then list them in your account’s Privacy Dashboard. This is a privacy concern for fear that Microsoft is using this data to track your browsing habits.

There have also been bugs in the Bing search component in the past that have caused the Windows 10 Start menu to appear completely blank. If you do not utilize the Bing search feature, disabling it could prevent those bugs in the future.

Below we have outlined two methods that can be used to disable Bing search in the Windows 10 Start Menu.

How to disable Bing search in the Windows 10 Start Menu

Unfortunately, for those who want to disable Bing search in the Start Menu, Microsoft does not provide an easy method.

Instead, Windows users need to modify the Registry so that it is using the following Registry values.

[HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer]
“DisableSearchBoxSuggestions”=dword:00000001

For those who feel comfortable modifying the Registry, we have instructions on setting the proper values using the Registry Editor.

For those who are not comfortable with Registry modifications, please see method two that contains an easy to use premade Registry file that makes the settings for you.

METHOD 1: DISABLE BING SEARCH RESULTS VIA THE GROUP POLICY EDITOR

Windows 10 Pro comes with the Group Policy editor, which you can use to disable Bing search in the Start Menu.

To disable Bing Search, follow these steps:

  1. Search in the Start Menu for ‘gpedit.msc‘ and select it when the result appears.
  2. When the Group Policy Editor opens, navigate to the following path: User Configuration\Administrative Templates\Windows Components\File Explorer
  3. Under the File Explorer section, you will see a policy called ‘Turn off display of recent search entries in the File Explorer search box’ as shown below. Double-click on the policy to open it.Group Policy
  4. To disable Bing search, set this policy to ‘Enabled.’Editor
  5. When done, click on the Apply and then OK button to save the policy.
  6. You can now close the Group Policy Editor and restart Windows Explorer or restart your computer.

Once restarted, Bing searches will no longer appear in the Start Menu.

METHOD 2: USE THE REGISTRY EDITOR TO DISABLE BING INTEGRATION

If you are using Windows 10 Home and are comfortable using the Windows Registry, you can disable Bing’s integration in Windows Search using the Registry editor.

  1. First, open the Windows Registry Editor by pressing the Windows key + the R key at the same time. This will open the Run: dialog and then type regedit and press the OK button.Starting Registry EditorStarting Registry Editor
  2. Windows will display a UAC prompt asking if you wish to allow the Registry Editor to make changes to the system. Press the Yes button to continue.
  3. Navigate to the HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer key. If the key does not exist, create the necessary folders until you are in the Explorer key.
  4. Right-click on Explorer and select New and then DWORD (32-bit) Value, as shown below.New DWORD valueNew DWORD value
  5. You will be prompted to enter the name of the new value. Type DisableSearchBoxSuggestions and press Enter on the keyboard. A new value will be created that should automatically be set to 0. Now double-click on BingSearchEnabled and set the value to 1 and then press the OK button.
  6. When done, you should have the BingSearchEnabled value created and set to 1.DisableSearchBoxSuggestions value enabled
  7. You can now close the Registry Editor and restart Windows Explorer or restart your computer.

Once restarted, Bing search will no longer work in the Windows 10 Start Menu.

Bing Search disabled
Bing Search disabled

Enable Bing integration again

To enable Bing integration again, simply disable the group policy or edit the Registry and delete the DisableSearchBoxSuggestions value under the HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Explorer Registry key.

Once again, restart the Explorer process or the computer, and Bing integration will work again.
 

Update 10/5/20: Added updated instructions on how to disable Bing search.

Source :
https://www.bleepingcomputer.com/tutorials/how-to-disable-bing-search-in-the-windows-10-start-menu/

What is a Keylogger and How to Detect One

What is a keylogger?

A keylogger, which is also known as a keystroke logger or a keyboard capturer, is a piece of software or hardware developed to monitor and record everything you type on a keyboard. In this article, we dive into everything you need to know about them and teach you how to protect yourself from them!

Is a keystroke logger a virus?

It depends. Keyloggers were designed for legitimate purposes. They were originally used for computer troubleshooting, employee activity monitoring, and as a way to discover how users interact with programs so their user experience could be enhanced. However, they’ve since been used by hackers and criminals as a tool for stealing sensitive data such as usernames, passwords, bank account information, and other confidential information.

Generally, a keylogger is insidiously installed alongside an otherwise legitimate program. As a result, users are almost always unaware that their keystrokes a being monitored. Oftentimes, when a user’s computer is infected with a keylogger trojan, the malicious software will keep track of their keystrokes and save the information to their computer’s local drive. Later the hacker will retrieve the stored data. For this reason, keyloggers pose a serious threat to computer security and data privacy.

Keyloggers are separated into the following categories, based on how they work:

API-based

These keyloggers Application programming interfaces (APIs) allow software to communicate with hardware. API-based keyloggers intercept every keyboard input sent to the program you’re typing into.. This type of keylogger registers keystroke events as if it was a normal aspect of the application instead of malware. Each time a user presses or releases a key it is recorded.

Form grabbing-based

Form grabbing-based keyloggers log web form submissions by recording the inputted data when they are submitted. When a user submits a completed form, usually by clicking a button or pressing enter, their data is recorded even before it is passed over the Internet.

Kernel-based

These keyloggers work their way into a system’s core, allowing them access to admin-level permissions. These loggers have unrestricted access to everything entered into a computer system.

Javascript-based

A malicious script tag is injected into a targeted web page and it listens for keyboard events. Scripts can be injected using a variety of methods, including cross-site scripting, man-in-the-browser, and man-in-the-middle attacks, or when a website’s security is compromised.

How do keyloggers get on computers?

Most of the time, they infect computers with outdated antivirus software and ones without any antivirus software at all.

There are several scenarios that you need to be aware of:

  1. Keyloggers can be installed through web page scripts. Hackers utilize web browser vulnerabilities and embed malicious code on a webpage that silently executes the installation or data hijacking.
  2. Phishing. Keyloggers can be installed after users click on a nefarious link or open a malicious attachment in a phishing email.
  3. Social engineering. Some criminals use psychological manipulation to fool unsuspecting people into installing a keylogger by invoking urgency, fear, or anxiety in them.
  4. Unidentified software downloaded from the internet. Sometimes cracked software or applications from unidentified developers will secretly install a keylogger on a computer system.

How to detect a keylogger on my computer?

At this point, you might be interested in learning how you can detect a keylogger on your computer. The truth is, keyloggers are not easy to detect without the help of security software. Running a virus scan is necessary to detect them.

Trend Micro Housecall is an online security scanner that detects and removes viruses, worms, spyware, and other malicious threats such as keyloggers for free.

Keylogger_HouseCall

How to prevent keystroke logging malware?

Keyloggers are dangerous. Preventing them from ever being installed on your computer is a top priority. It is necessary to be proactive in protecting your computer to ensure that your data doesn’t get stolen.

Here are several tips to follow:

  • Carefully inspect user agreements for software before agreeing to them. There should always be a section covering how your data is used.
  • Install a trusted antivirus app such as TrendMicro Maximum Security. Always keep your antivirus on and regularly run scheduled scans of your device.
  • Make sure your security software is up to date.
  • Make sure your operating system is up to date and all the security patches are installed.
  • Avoid visiting suspicious websites and don’t click on any unusual links or e-mail attachments from unknown senders.
  • Only download and install software from trusted developers and sources.

    Source :
    https://news.trendmicro.com/2021/12/28/what-is-a-keylogger-and-how-to-detect-one/

How to block the Windows 11 update from being installed on your PC

Microsoft finally pulled back the curtain on Windows 11 last month. The company once said that Windows 10 would be the last ever version of the desktop operating system, but plans changed. Windows 11 will roll out to the general public later this year. As long as you’ve got a compatible device, you’ll be able to upgrade and take advantage of all the new features. But what if you’d prefer to stay on Windows 10 for the time being? Thankfully, if you want to block Windows 11, you can do so with relative ease. Read on to find out how.

Microsoft already made it clear that the Windows 11 update won’t be forced upon Windows 10 users at launch. If you want to upgrade, you will have to do so manually by heading to Settings > Update & Security > Windows Update. Simply avoid that menu once Windows 11 launches and you should not have to worry about the update trying to install itself any time soon.

As Ghacks notes in an extensive guide, you can go even further to block Windows 11. If you Windows 10 Pro, Education, or Enterprise, it is possible to delay feature update installations. You can do so with the Group Policy Editor and Windows Registry, but you might not want to take action yet. Windows 10 version 21H2 is also in the works, and you will block it as well if you disable feature updates.

It might be best to hold off, but here’s what you need to do to block Windows 11:

Block Windows 11 with Group Policy Editor

  1. Open the Start Menu.
  2. Type gpedit.msc and load the Group Policy Editor once it is displayed in the search results.
  3. Go to Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business
  4. Double-click on “Select the target feature update version”.
  5. Set the policy to Enabled.
  6. Type 21H1 into the field.
  7. Close the Group Policy Editor.

Block Windows 11 with Registry Editor

  1. Open the Start Menu.
  2. Type regedit.exe and select the Registry Editor search result.
  3. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate.
  4. Set the Dword TargetReleaseVersion to 1. If the value does not exist, right-click on Windows Update, and select New > Dword (32-bit) Value.
  5. Set the value of TargetReleaseVersionInfo to 21H1. If the value does not exist, right-click on Windows Update, and select New > String Value.
  6. Restart the PC.

Once Windows 10 21H2 appears on Microsoft’s website, you can switch over to it instead.

There are sure to be some bugs and issues in Windows 11 at launch. The new features and refreshed design should be enough to convince most users to update, but now you know how to block it. Microsoft plans to support Windows 10 through 2025. In other words, there’s no rush to update if you’re happy with what Windows 10 currently offers.

Source :
https://bgr.com/tech/how-to-block-the-windows-11-update-from-being-installed-on-your-pc/