Discover the six endpoint security measures that can help mitigate the risk of a ransomware attack.
With 66% of organizations hit by attacks last year, ransomware remains one of greatest cyber threats to organizations across the globe.
The barrier to entry for would-be ransomware actors is now lower than ever, largely due to the seismic shift to the ‘as-a-service’ model that has put advanced threat tactics into the hands of nearly any criminal that wants them. Furthermore, as cyber defenses continue to get stronger, ransomware operators have evolved their approaches in an attempt to bypass today’s advanced protection technologies, abusing legitimate IT tools and even learning new programming languages to evade detection.
Endpoint protection remains one of the most effective ways to defend your devices from ransomware, but it must configured properly to deliver optimum protection. In our recently updated report Endpoint Best Practices to Block Ransomware, and in this article, we share practical endpoint security tips to help elevate your ransomware defenses.
1.Turn on all policies and ensure all features are enabled
Policies are designed to stop specific threats. Regularly checking that all protection options are enabled ensures your endpoints are protected against current and emerging ransomware.
Sophos customers managing their endpoint protection through Sophos Central benefit from the “Account Health Check” tool, which automatically assesses your account configuration to identify potential security gaps and guides you in how to optimize protection. You can learn more about this feature here.
2.Regularly review your exclusions
Exclusions prevent trustworthy directories and file types from being scanned for malware. They are sometimes used to reduce system delays and minimize the risk of false-positive security alerts. Over time, a growing list of excluded directories and file types can impact many people across a network. Malware that manages to make its way into excluded directories — perhaps accidentally moved by a user — will likely succeed. Regularly check your list of exclusions within your threat protection settings and limit the number of exclusions.
3.Enable multi-factor authentication (MFA)
MFA provides an additional layer of security after the first factor, which is often a password. Enabling MFA across your applications is critical for all users who have access to your security console. Doing so ensures access to your endpoint protection solution is secure and not prone to accidental or deliberate attempts to change your settings that can otherwise leave your endpoint devices vulnerable to attacks. MFA is also critical to secure RDP.
4.Ensure every endpoint is protected and up to date
Check your devices regularly to find out if they’re protected and up to date. A device not functioning correctly may not be protected and could be vulnerable to a ransomware attack. Endpoint security tools often provide this telemetry. An IT hygiene maintenance program is also helpful for regularly checking for any potential IT issues.
5.Maintain good IT hygiene
Regularly evaluating your IT hygiene ensures your endpoints and the software installed on them run at peak efficiency. It also mitigates your cybersecurity risk and can save you time when you remediate future incidents.
6.Proactively hunt for active adversaries across your network
In today’s threat landscape, malicious actors are more cunning than ever, often deploying legitimate tools and stolen credentials to avoid detection. To identify and stop these attacks, it’s essential to proactively hunt for advanced threats and active adversaries. Once found, you also need to be able to take appropriate actions to quickly stop them. Tools such as extended detection and response (XDR) enable security analysts to conduct threat hunting and neutralization. Organizations with these technologies should take full advantage of them.
Many organizations struggle to maintain round-the-clock coverage to defend against advanced ransomware attacks — that’s why managed detection and response (MDR) services are key. MDR services provide 24/7 threat hunting delivered by experts who specialize in detecting and responding to cyberattacks that technology solutions alone cannot prevent. They also provide the highest level of protection against advanced, human-led ransomware attacks. To learn more on the benefits of MDR, read our article here.
To explore these best practices in greater detail and to learn how Sophos security solutions elevate your ransomware protection, download our whitepaper here.
Learn More
Sophos Endpoint reduces the attack surface and prevents attacks from running. It combines anti-exploit, anti-ransomware, deep learning AI, and control technology to stop attacks before they impact your systems. It integrates powerful extended detection and response (XDR) with automated detections and investigations, so you can minimize the time to detect and respond to threats.
Weighing the lessons of Sun Tzu and how they apply to cybersecurity.
Sun Tzu sought to revolutionize the way war was fought. That’s saying quite a bit, since he was born in 544 BCE and lived during an era when most wars were little more than gruesome bludgeoning events between one or more groups armed with axes, clubs and sharp sticks.
While not much information about Sun Tzu’s life has survived, we know he was employed by the then-ruler of the Kingdom of Wei in what is now the northeastern heart of China. He was a Chinese general and philosopher who envisioned the psychological aspects of war, which was a completely original approach to armed conflict in ancient China.
Many historians believe Sun Tzu’s book was intended to help his colleagues engage in the many regional conflicts they faced. Today, Sun Tzu’s the Art of War is a bestseller that has transcended 2,000 years and hundreds of wars. The book has become a kind of Rosetta Stone of military theory, cited by theorists and translated well beyond the battlefield to gain prevalence in business schools worldwide and now cybersecurity.
The Art of Cyberwar: preparation.
Adapting Sun Tzu’s many well-known quotes to cybersecurity is pretty straightforward. We looked for three that could best describe important aspects of cybersecurity: preparation, planning and knowledge. For preparation, we settled on a re-quote of this well-known warning:
Cyber warfare is of vital importance to any company. It is a matter of life and death, a road to safety or ruin.
Despite his military background, Sun Tzu claimed that direct fighting was not the best way to win battles. But when fighting was necessary, it was wise to carefully prepare for every possibility. That’s the lesson commonly ignored by companies who, after a severe breach, found themselves fined, shamed and scorned because they neglected their network security and failed to protect themselves from attackers. To prepare, we not only need the most advanced technology possible, but we must also train the workforce and make cybersecurity everyone’s business.
The Art of Cyberwar: planning.
In the realm of planning, we considered how the “art” is also a source of wisdom for attackers:
Where we intend to fight must not be made known. Force the enemy to prepare against possible attacks from several different points and cause them to spread their defenses in many directions; the numbers we shall have to face at any given moment will be proportionately few.
This re-quote relates to other stratagems where Sun Tzu urges his generals to never underestimate their enemies and to plan for all possibilities. The same goes for cyber attackers. They will pick the easy battles to ensure they have the upper-hand. Therefore, as we engage our defense, it is wise to plan our defenses as though we are already targeted and have been breached.
The Art of Cyberwar: knowledge.
Sun Tzu guides us away from making rash emotional decisions by emphasizing the importance of knowledge. He suggested that leaders gain as much knowledge as possible when preparing for battle, but not to limit themselves to the enemy’s strengths and weaknesses.
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
This bit of advice is a direct quote and accurately describes how cybersecurity should operate. Businesses must maximize the power of threat intelligence by giving IT teams the means to analyze real-time analytics and transform every scrap of data into actionable insights. IT teams should also be empowered to consider everything that could happen and assess the best course of action before, during and after a breach.
Explore and learn about the Art of Cyber War.
War theorists have long-standing debates about categorizing military activity preparations and execution. General Carl von Clausewitz stands next to Sun Tzu as one of the best-known and most respected thinkers on the subject. Paraphrasing from Clausewitz’s book Von Kriege (On War) published in 1832), he observes that the preparation for war is scientific, but the conduct of battle is artistic. As a science, we study logistics, technology and other elements depending on need. As an art, we rely on individual talent and grit to exploit opportunities that increase the likelihood of victory. Clausewitz also believed that war belonged to the province of social life, as are all conflicts of great human interest.
Cyberwar also fits these definitions. For instance, consider business activity as a combination of science, art and social life. As businesses compete in the marketplace, they carefully analyze the competition, create ways to appeal to audiences and press for social engagement and interaction. Shouldn’t we apply the same level of attention and resources for our cybersecurity? We think Sun Tzu would rub his beard and nod profoundly.
Cyberattacks for this year already eclipse the full-year totals from 2017, 2018 and 2019, according to the mid-year update to the 2022 SonicWall Cyber Threat Report. And new attack vectors are coming online every day. Without adequate preparation, planning and knowledge, companies and their customers are at a high risk of falling victim to devastating cyberattacks.
Summary: Dell EMC PowerScale OneFS remediation is available for multiple vulnerabilities that may potentially be exploited by malicious users to compromise the affected system.
Article Content
Impact
Critical
Overview
Proprietary Code CVEs
Description
CVSS Base Score
CVSS Vector String
CVE-2022-24411
Dell PowerScale OneFS 8.2.2 and later contain an elevation of privilege vulnerability. A local attacker with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE may potentially exploit this vulnerability, leading to elevation of privilege. This may potentially allow users to circumvent PowerScale Compliance Mode guarantees.
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-24412
Dell EMC PowerScale OneFS 8.2.x – 9.3.0.x contain an improper handling of value vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability, leading to denial-of-service.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-23161
Dell PowerScale OneFS versions 8.2.x – 9.3.0.x contain a denial-of-service vulnerability in SmartConnect. An unprivileged network attacker may potentially exploit this vulnerability, leading to denial-of-service.
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-23160
Dell PowerScale OneFS 8.2.x – 9.3.0 contain an Improper Handling of Insufficient Permissions vulnerability. An remote malicious user may potentially exploit this vulnerability, leading to gaining write permissions on read-only files.
5.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CVE-2022-23159
Dell PowerScale OneFS 8.2.x – 9.3.0.x contain a missing release of memory after effective lifetime vulnerability. An authenticated user with ISI_PRIV_LOGIN_SSH and/or ISI_PRIV_LOGIN_CONSOLE and ISI_PRIV_AUTH_PROVIDERS privileges may potentially exploit this vulnerability, leading to a Denial-Of-Service. This can also impact a cluster in Compliance mode. Dell recommends to update at the earliest opportunity.
4.8
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H
CVE-2022-23163
Dell PowerScale OneFS 8.2.x – 9.3.0.x contain a denial of service vulnerability. A local attacker with minimal privileges may potentially exploit this vulnerability, leading to denial of service/data unavailability.
4.7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE-2022-24413
Dell PowerScale OneFS 8.2.2-9.3.x contain a time-of-check-to-time-of-use vulnerability. A local user with access to the filesystem may potentially exploit this vulnerability, leading to data loss.
Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.
Disable netbios support if enabled (default setting: disabled):Open an SSH connection on any node in the cluster and log on using the “root” account.Run the following command:#isi smb settings global modify –support-netbios noTo verify that the service is disabled, run the following command:#isi smb settings global view | grep NetBIOSIf the service is disabled, the following output is displayed:#Support NetBIOS: No
CVE-2022-23161
Configure a valid FQDN in the SmartConnect service name field for every SmartConnect subnet on the cluster:#isi network subnets modify <subnet> –sc-service-name cluster-sc.example.com
CVE-2017-12613
none
CVE-2022-23160
Configure SMB share permissions of any SyncIQ target directory to prevent writes.
The information in this Dell Technologies Security Advisory should be read and used to assist in avoiding situations that may arise from the problems described herein. Dell Technologies distributes Security Advisories to bring important security information to the attention of users of the affected product(s). Dell Technologies assesses the risk based on an average of risks across a diverse set of installed systems and may not represent the actual risk to your local installation and individual environment. It is recommended that all users determine the applicability of this information to their individual environments and take appropriate actions. The information set forth herein is provided “as is” without warranty of any kind. Dell Technologies expressly disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Dell Technologies, its affiliates or suppliers, be liable for any damages whatsoever arising from or related to the information contained herein or actions that you decide to take based thereon, including any direct, indirect, incidental, consequential, loss of business profits or special damages, even if Dell Technologies, its affiliates or suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation shall apply to the extent permissible under law.
In this final installation of our three-part blog series, we lay out countermeasures that enterprises can do to protect their machines. We’ll also discuss our responsible disclosure as well as the feedback we got from the vendors we evaluated.
Countermeasures
We found that only two of the four vendors analyzed support authentication. Neither of them has authentication enabled by default, which leaves the machines vulnerable to attacks by malicious users. Enabling authentication is essential for protecting Industry 4.0 features from abuse.
Resource access control systems are important for reducing the impact of attacks. Many technologies allow access to all a controller’s resources, which can be dangerous. A correct approach is to adopt resource access control systems that grant limited access. This will help to ensure that only authorized users have access to the controller’s resources and that these resources are protected from unauthorized access.
When it comes to integrators and end users, we suggest these countermeasures:
Context-aware industrial intrusion prevention and detection systems (IPS/IDSs): These devices, which have recently seen a surge in popularity in the catalogues of security vendors, are equipped with network engines that can capture real-time traffic associated with industrial protocols to detect attacks.
Network segmentation: Correct network architecting is of great importance. As our research has revealed, all the tested machines expose interfaces that could be abused by miscreants.
Correct patching: Modern CNC machines are equipped with full-fledged operating systems and complex software, which might inevitably contain security vulnerabilities. This was indeed the case with the machines that we tested.
Responsible Disclosure
We contacted the affected vendors while tackling controllers sequentially, with our first contact in November 2021 and the last one in March 2022. The Industrial Control Systems Cyber Emergency Response Team (ICS CERT) at Cybersecurity & Infrastructure Security Agency extended invaluable help during the discussion which we are grateful for.
Table 1. A summary of our responsible disclosure process
As of this writing, all four vendors have replied to our concerns and most of them have addressed, to varying degrees, our findings in a reasonable time frame. More importantly, all of them have expressed interest in our research and have decided to improve either their documentation or their communication efforts with their machine manufacturers, with the final effort of offering end users more secure solutions.
In part one, we discussed what numerical control machines do and their basic concepts. These concepts are important to understand the machines better, offering a wider view of their operations. We also laid out how we evaluated the chosen vendors for our research.
For this blog, we will continue discussing our evaluated vendors and highlighting findings that we discovered during our research.
Haas
Figure 1. The Haas simulator we used for preliminary testing (left) and the Haas CNC machine (Super Mini Mill 2) by Celada we used for verification (right)
Haas was the first vendor we focused on because of the fast availability of its controller. We began our analysis by conducting port scanning on the controller simulator and identifying the protocols exposed by the controller. After that, we evaluated the options with which an attacker could abuse the protocols to perform attacks aimed at the security of the machine and verified these attacks in practice on a real-world machine installation.
Okuma
Figure 2. The Okuma simulator we used for the development of the malicious application and during the initial testing
Okuma stands out in the market of CNC controllers for one interesting feature: the modularity of its controller. While the vendor offers in the device’s simplest form a tiny controller, it also provides a mechanism, called THINC API, to highly customize the functionalities of the controller. With this technology, any developer can implement a program that, once installed, runs in the context of the controller, in the form of an extension. This approach is very similar to how a mobile application, once installed, can extend a smartphone’s functionalities.
Heidenhain
Figure 3. The Hartford 5A-65E machine, running on a Heidenhain TNC 640 controller, that we used in our experiments at Celada
In the spirit of the Industry 4.0 paradigm, Heidenhain offers the Heidenhain DNC interface to integrate machines on modern, digital shop floors. Among the many scenarios, Heidenhain DNC enables the automatic exchange of data with machine and production data acquisition (MDA/PDA) systems, higher level enterprise resource planning (ERP) and manufacturing execution systems (MESs), inventory management systems, computer-aided design and manufacturing (CAD/CAM) systems, production activity control systems, simulation tools, and tool management systems
In our evaluation, we had access to the library provided by Heidenhain to the integrators to develop interfaces for the controller. The manufacturer provides this library, called RemoTools SDK,35 to selected partners only.
Fanuc
Figure 4. The Yasuda YMC 430 + RT10 machine, running on a Fanuc controller, that we used in our experiments at the Polytechnic University of Milan
Like Heidenhain, Fanuc offers an interface, called FOCAS,36 for the integration of CNC machines in smart network environments. Even though this technology offers a restricted set of remote-call possibilities compared with the other vendors’ (that is, a limited number of management features), our experiments showed that a miscreant could potentially conduct attacks like damage, DoS, and hijacking.
What we found
As our evaluation identified 18 different attacks (or variations), we grouped them into five classes: compromise, damage, and denial of service (DoS):
Table 1. A summary of the attacks we identified in our research
Controller manufacturers like Haas, Okuma, and Heidenhain have been found to have a similar number of issues, around 15. Fanuc had 10 confirmed attacks. Unfortunately, our research shows that this domain lacks awareness concerning security and privacy. This creates serious and compelling problems.
The need for automation-facing features like remote configuration of tool geometry or parametric programming with values determined by networked resources is becoming more common in manufacturing.
With these findings, we determined countermeasures that enterprises can do to mitigate such risks, which we’ll discuss in our final installation. In the last part, we’ll also discuss our responsible disclosure process.
Computer numerical controls (CNCs) are machines used to produce products in a factory setting. They have been in use for many years, and in the last decade, their use has become more widespread due to increased connectivity. This increased connectivity has made them more software-dependent and therefore more vulnerable to attacks. This vulnerability is due to the heterogeneity of technologies used in factories and the lack of awareness among users of how to best secure these systems.
This three-part blog series explores the risks associated with CNC machines. We performed a security evaluation on four representative vendors and analyzed technological developments that satisfy the Industry 4 .0 paradigm while conducting practical attacks against real-world installations.
For our research, we picked vendors that are:
Are geographically distributed (that is, with headquarters and subsidiaries spread across the world) and resell on a global scale.
Have been on the market for decades.
Have a large, estimated size, for example, with a total annual revenue of at least a billion US dollars.
Use technologies widely adopted in the domain and present in different manufacturing sectors.
Understanding numerical control machines
A machine tool is a device that uses cutting tools to remove material from a workpiece. This process, called machining, results in the desired geometry of the workpiece. Machining is a subtractive process, meaning that the material is removed from the original geometry to create the desired shape.
Numerical control (NC) is a technology that allows machines to be controlled by computers. This technology has revolutionized machine tools, making them more accurate and allowing for greater flexibility in their use. NC machine tools are now widely used in production systems and can be used on other types of machines, such as lasers and bending machines.
Basic concepts
To facilitate the understanding of what we discovered in our research, we introduce some basic concepts related to the use of machine tools:
Figure 1. Parts of a CNC machine
Numerical control. The NC is the most critical element of the machine, as it controls the entire process. This system includes visual programming functions to speed up the setup of production cycles. Additionally, the NC is always equipped with a human-machine interface (HMI) to facilitate operator interaction with control.
Programming. Initially developed in the 1950s, G-code (aka RS-274) is the predominant programming language in the world of machine tools. It is presented as a series of instructions initialized by a letter address, which follow one another on successive lines separated by paragraph breaks; each of these lines is called a “block.” Each letter address specifies the type of movement or function called by the user in that part of the program.
Parametric programming. Parametric programming is a way to make programs that are adjustable to different values. This is done by using variables that the user can input, and then the program will change based on those values. This is used in machine tools to help with things like feedback and closed-loop controls between production systems.
Single step. This allows for running the work program one line of code at a time. In this way, the operator can check the correspondence of executed code to the best possible working conditions and determine if intervention by modification is necessary.
Feed hold. The “feed hold” function is mainly used to check the correct execution of complex features by inspecting the work area before proceeding with further steps in the process. In fact, chips coming from the removal of the material being processed could be deposited in work areas or on measuring probes, potentially invalidating the measurements, or inducing defects downstream of the machining if they are not removed.
Tools. The machining process is a manufacturing technique that uses an element called a tool to remove excess material from a raw piece. The tool cutting is made possible by the relative speed between the manufacturing part and the cutting tool edge, also known as the cutting speed or surface speed. In addition to this parameter, the feed rate (speed of tool moving along workpiece) also affects chip removal process. Many types of tools are available depending on the type of processing needed.
Evaluating vendors
For all vendors that we included in our research scope, we conducted an equal evaluation of their machines:
The “Industry 4.0–ready” technologies are interfaces and related protocols used by machines in smart environments to transmit information outwards, towards centralized systems like production data for better management or cost reduction; they also enable remote management such that an operator can change the executed program without needing local access.
We identified potential vulnerabilities in the exposed services using automated scanners like Nessus. These included known or misconfigurations that could pose as dangerous, which we ignored to focus on domain-specific abuse cases for CNC interfaces instead.
We then went deep into the CNC-specific technologies previously identified, by analyzing the risks of abuses and conducting practical attacks on the controllers. For this, we developed attack tools that exploited the weaknesses we identified in the domain-specific interfaces with the aid of proprietary APIs we got access to.
We collected evidence of our concerns and collaborated with vendors to suggest mitigations. All evidence came from tests we conducted on real-world installations, but we also used simulators for preliminary testing or when the machines were not immediately available.
Now that we have established a better understanding of numerical control machines and their basic concepts, we will further explore the vendors we chose for this research in part two of the series. There, we’ll discuss how we evaluated vendors and what we discovered during our research.
When the headlines focus on breaches of large enterprises like the Optus breach, it’s easy for smaller businesses to think they’re not a target for hackers. Surely, they’re not worth the time or effort?
Unfortunately, when it comes to cyber security, size doesn’t matter.
Assuming you’re not a target leads to lax security practices in many SMBs who lack the knowledge or expertise to put simple security steps in place. Few small businesses prioritise cybersecurity, and hackers know it. According to Verizon, the number of smaller businesses being hit has climbed steadily in the last few years – 46% of cyber breaches in 2021 impacted businesses with fewer than 1,000 employees.
Securing any business doesn’t need to be complex or come with a hefty price tag. Here are seven simple tips to help the smaller business secure their systems, people and data.
Every organisation has anti-virus on their systems and devices, right? Unfortunately, business systems such as web servers get overlooked all too often. It’s important for SMBs to consider all entry points into their network and have anti-virus deployed on every server, as well as on employees’ personal devices.
Hackers will find weak entry points to install malware, and anti-virus software can serve as a good last-resort backstop, but it’s not a silver bullet. Through continuous monitoring and penetration testing you can identify weaknesses and vulnerabilities before hackers do, because it’s easier to stop a burglar at the front door than once they’re in your home.
Your perimeter is exposed to remote attacks because it’s available 24/7. Hackers constantly scan the internet looking for weaknesses, so you should scan your own perimeter too. The longer a vulnerability goes unfixed, the more likely an attack is to occur. With tools like Autosploit and Shodan readily available, it’s easier than ever for attackers to discover internet facing weaknesses and exploit them.
Even organisations that cannot afford a full-time, in-house security specialist can use online services like Intruder to run vulnerability scans to uncover weaknesses.
Intruder is a powerful vulnerability scanner that provides a continuous security review of your systems. With over 11,000 security checks, Intruder makes enterprise-grade scanning easy and accessible to SMBs.
Intruder will promptly identify high-impact flaws, changes in the attack surface, and rapidly scan your infrastructure for emerging threats.
Your attack surface is made up of all the systems and services exposed to the internet. The larger the attack surface, the bigger the risk. This means exposed services like Microsoft Exchange for email, or content management systems like WordPress can be vulnerable to brute-forcing or credential-stuffing, and new vulnerabilities are discovered almost daily in such software systems. By removing public access to sensitive systems and interfaces which don’t need to be accessible to the public, and ensuring 2FA is enabled where they do, you can limit your exposure and greatly reduce risk.
A simple first step in reducing your attack surface is by using a secure virtual private network (VPN). By using a VPN, you can avoid exposing sensitive systems directly to the internet whilst maintaining their availability to employees working remotely. When it comes to risk, prevention is better than cure – don’t expose anything to the internet unless it’s absolutely necessary!
New vulnerabilities are discovered daily in all kinds of software, from web browsers to business applications. Just one unpatched weakness could lead to full compromise of a system and a breach of customer data; as TalkTalk discovered when 150,000 of its private data records were stolen.
According to a Cyber Security Breaches Survey, businesses that hold electronic personal data of their customers are more likely than average to have had breaches. Patch management is an essential component of good cyber hygiene, and there are tools and services to help you check your software for any missing security patches.
Ransomware is on the increase. In 2021, 37% of businesses and organisations were hit by ransomware according to research by Sophos. Ransomware encrypts any data it can access, rendering it unusable, and can’t be reversed without a key to decrypt the data.
Data loss is a key risk to any business either through malicious intent or a technical mishap such as hard disk failure, so backing up data is always recommended. If you back up your data, you can counter attackers by recovering your data without needing to pay the ransom, as systems affected by ransomware can be wiped and restored from an unaffected backup without the attacker’s key.
Cyber attackers often rely on human error, so it’s vital that staff are trained in cyber hygiene so they recognise risks and respond appropriately. The Cyber Security Breaches Survey 2022 revealed that the most common types of breaches were staff receiving fraudulent emails or phishing attacks (73%), followed by people impersonating the organisation in emails or online (27%), viruses, spyware and malware (12%), and ransomware (4%).
Increasing awareness of the benefits of using complex passwords and training staff to spot common attacks such as phishing emails and malicious links, will ensure your people are a strength rather than a vulnerability.
Cyber security measures should always be appropriate to the organisation. For example, a small business which handles banking transactions or has access to sensitive information such as healthcare data should employ far more stringent security processes and practices than a pet shop.
That’s not to say a pet shop doesn’t have a duty to protect customer data, but it’s less likely to be a target. Hackers are motivated by money, so the bigger the prize the more time and effort will be invested to achieve their gains. By identifying your threats and vulnerabilities with a tool like Intruder, you can take appropriate steps to mitigate and prioritize which risks need to be addressed and in which order.
Attacks on large companies dominate the news, which feeds the perception that SMBs are safe, when the opposite is true. Attacks are increasingly automated, so SMBs are just as vulnerable targets as larger enterprises, more so if they don’t have adequate security processes in place. And hackers will always follow the path of least resistance. Fortunately, that’s the part Intruder made easy…
Intruder is a cyber security company that helps organisations reduce their attack surface by providing continuous vulnerability scanning and penetration testing services. Intruder’s powerful scanner is designed to promptly identify high-impact flaws, changes in the attack surface, and rapidly scan the infrastructure for emerging threats. Running thousands of checks, which include identifying misconfigurations, missing patches, and web layer issues, Intruder makes enterprise-grade vulnerability scanning easy and accessible to everyone. Intruder’s high-quality reports are perfect to pass on to prospective customers or comply with security regulations, such as ISO 27001 and SOC 2.
Intruder offers a 14-day free trial of its vulnerability assessment platform. Visit their website today to take it for a spin!
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Wordfence 7.8.0 is out! A huge thanks to our quality assurance team, our team of developers and our ops team for planning, implementing and releasing Wordfence 7.8.0. This release has several fixes to make Wordfence even more robust, and includes a fundamental change in the way our signup works.
Since our launch in 2012, the signup flow for Wordfence has not required you to leave your own WordPress installation and come to our website. We briefly required this, but removed it 10 days after launch.
Wordfence has grown to a community of over 4 million active websites and a very large number of paying customers. Wordfence is now downloaded over 30,000 times every day. Today we spend a huge amount of money on providing the services that our free and paid community needs to stay secure. Privacy laws have also changed profoundly since 2012.
Scaling up our operations has required us to get better at capacity planning, which means knowing how many installations we’re getting, how many are bots or spam, who is communicating with our servers during a scan, and whether it is a real website running Wordfence, a nulled plugin or someone simply using our resources to power something unrelated to Wordfence.
Privacy laws have also added the need for us to be able to communicate with our free customers to alert them to privacy policy and terms of use changes.
This has required us to adjust our signup flow to match other popular plugins out there, like Akismet. Many customers may find this is a clearer signup workflow because we no longer need to shoehorn a complex user experience into a set of modals on a site where we don’t control presentation.
This change will not disrupt any of our existing free or paid customers. If you have a free API key that Wordfence automatically fetched when you installed it, that key will remain valid and your site will continue uninterrupted. If you have a paid Wordfence API key, your key will continue to work without disruption. We are not requiring any existing customers to visit our site to install a new key.
The only users this affects are new free Wordfence installations. The installation process is quite simple. You install Wordfence and are directed to our site. You can choose a paid or free option. If you choose the paid option, you’ll go through our checkout process as usual. If you choose free, we’ll email you your key. The email includes a button that you can click to automatically take you back to your site where your key will be automatically installed. The email also includes your Wordfence key in case you need to manually install it.
A side benefit of this new process is that our free customers will now have a record of their API key in their email inbox for future reference.
We’re including the full changelog for Wordfence 7.8.0 below. You’ll notice that we’ve mentioned that additional WooCommerce support is on its way, so keep an eye out for that.
Thanks for choosing Wordfence!
Mark Maunder – Wordfence Founder & CEO.
Wordfence 7.8.0 Changelog
Change: Updated Wordfence registration workflow
For new installations of Wordfence, registering for a new license key now occurs on wordfence.com instead of within the plugin interface. Allows us to provide a more complete signup experience for our free and paid customers. Also allows us to do better capacity planning.
Improvement: Added feedback when login form is submitted with 2FA
When logging in with two-factor authentication, the “Log In” button is now disabled during processing, so that it is clear the button was clicked. Sometimes on slower sites, it was hard to tell whether the login was going through, leading users to click more than once.
Fix: Restored click support on login button when using 2FA with WooCommerce
Clicking the “Log In” button after entering a 2FA code on a WooCommerce site was no longer working, while pressing “Enter” still worked. Both methods now work as expected. Additional support for WooCommerce is coming in the near future.
Fix: Corrected display issue with reCAPTCHA score history graph
The reCAPTCHA score history graph was sometimes displayed larger than intended when switching tabs. It now has a set size, so that it does not become unusually large.
Fix: Prevented errors on PHP caused by corrupted login timestamps
One Wordfence user reported an error on PHP 8, and upon investigation, we found that a timestamp for some user records contained invalid data instead of the expected timestamp. We don’t expect this to occur on other sites, but in case another plugin had modified the value, we now check the value before formatting it as a timestamp.
Fix: Prevented deprecation notices on PHP 8.2 related to dynamic properties
Future versions of PHP will no longer allow use of variables on an object unless they are previously declared. This is still allowed even in PHP 8.2, but PHP 8.2 can log a warning about the upcoming change, so Wordfence has been updated to declare a few variables where necessary, before using them.
Microsoft Hyper-V Server is a free version of Windows hypervisor that can be used to run virtual machines. In this guide, we’ll look at how to install and configure Microsoft Hyper-V Server 2019 (this guide also applies to Hyper-V Server 2016).
Microsoft announced that they won’t not be releasing a Hyper-V Server 2022 version. This is because they are currently focusing on another strategic product, Azure Stack HCI.
Hyper-V Server 2019 is suitable for those who don’t want to pay for a hardware virtualization operating system. The Hyper-V has no restrictions and is completely free. Key benefits of Microsoft Hyper-V Server:
Support of all popular OSs. There are no compatibility problems. All Windows and modern Linux and FreeBSD operating systems support Hyper-V;
A lot of different ways to backup virtual machines: simple scripts, open-source software, free and commercial versions of popular backup programs;
Although Hyper-V Server doesn’t have a Windows Server GUI (graphical management interface), you can manage it remotely using a standard Hyper-V Manager console or Windows Admin Center web interface;
Hyper-V Server is based on a popular Windows Server platform, familiar and easy to work with;
You can install Hyper-V on a pseudoRAID, for example, Inter RAID controller, or Windows software RAID;
You do not need to license your hypervisor, it is suitable for VDI or Linux VMs;
Low hardware requirements. Your processor must support software virtualization (Intel-VT or VMX by Intel, AMD-V/ SVM by AMD) and second-level address translation (SLAT) (Intel EPT or AMD RV). These processor options must be enabled in BIOS/UEFI/nested host. You can find full system requirements on the Microsoft website;
It is recommended to install Hyper-V on hosts with at least 4 GB RAM.
Do not confuse a Windows Server 2022/2019/2016 (Full GUI or Server Core edition) with the Hyper-V role installed with Free Microsoft Hyper-V Server 2019/2016. These are different products.
It is worth to note that if you are using a free hypervisor, you are still responsible for licensing your virtual machines. You can run any number of VMs running any open-source OS, like Linux, but you have to license your Windows virtual machines. If you are using Windows Server as a guest OS, you must license it by the number of physical cores on your Hyper-V host. See more details on Windows Server licensing in a virtual environment here.
What’s New in Microsoft Hyper-V Server 2019?
Let’s consider the new Hyper-V Server 2019 features in brief:
Added support for Shielded Virtual Machines for Linux;
VM configuration version 9.0 (with hibernation support);
ReFS deduplication support;
Core App Compatibility: the ability to run additional graphic management panels in the Hyper-V server console;
After clicking on the “Continue” button, a short registration form will appear. Fill in your data and select the language of the OS to be installed. Wait till the Hyper-V image download is over. The .iso file size is about 3 GB.
Installing Microsoft Hyper-V Server is identical to installing Windows 10/11 on a desktop computer. Just boot your server (computer) from the bootable USB flash drive with the Microsoft Hyper-V Server installation image (the easiest way to burn the ISO image to a USB drive is to use the Rufus tool). Then follow the instructions of the Windows setup wizard.
Manage Hyper-V Server Basic Settings Using Sconfig
After the installation, the system will prompt you to change the administrator password. Change it, and you will get to the hypervisor console.
Please note that Hyper-V Server does not have a familiar Windows GUI. You will have to configure most settings through the command line.
There are two windows on the desktop — the standard command prompt and the sconfig.cmd script window. You can use this script to perform the initial configuration of your Hyper-V server. Enter the number of the menu item you are going to work with in the “Enter number to select an option:” line.
The first menu item allows you to join your server to an AD domain or a workgroup;
Set a hostname for your Hyper-V Server;
Create a local administrator user (another account, besides the built-in administrator account). I’d like to note that when you enter the local administrator password, the cursor stays in the same place. However, the password and its confirmation are successfully entered;
Enable remote access to your server. Thus, you will be able to manage it using Server Manager, MMC consoles, and PowerShell, connect via RDP, check its availability using ping or tracert;
Configure Windows Update. Select one of the three modes:
Automatic (automatic update download and installation)
DownloadOnly (only download without installation)
Manual (the administrator decides whether to download or install the updates)
Download and install the latest Windows security updates.
Configure your network adapter settings. By default, your server receives the IP address from the DHCP server. It is better to configure the static IP address here;
Set the date and time of your system.
Configure the telemetry. The Hyper-V won’t allow you to disable it completely. Select the mode you want.
You can also configure the date, time, and time zone using the following command:
control timedate.cpl
Regional settings:
control intl.cpl
These commands will open standard Windows consoles.
Note! If you accidentally close all windows and see the black Hyper-V screen, press Ctrl+Shift+Esc to start the Task Manager (this keyboard shortcut works in an RDP session as well). You can use Task Manager to start the command prompt or the Hyper-V configuration tool (click File -> Run Task -> cmd.exe or sconfig.cmd).
How to Remotely Manage Hyper-V Server 2019?
To conveniently manage Free Hyper-V Server 2019 from the graphic interface, you can use:
Windows Admin Center – a web-based console;
Hyper-V Manager — can be installed both on Windows Server and Windows 10/11 desktop computers.
To manage the Hyper-V Server 2016/2019, you will need a computer running x64 Windows 10/11 Pro or Enterprise edition.
Remotely Manage a Non-Domain Hyper-V Server with Hyper-V Manager
Let’s look at how to remotely connect to a Hyper-V Server host from another Windows computer using the Hyper-V Manager console. In this article, we assume that you have a Hyper-V Server and a Windows 10 computer in the same workgroup.
First, make settings on the Hyper-V Server. Start the PowerShell console (powershell.exe) and run the following commands:
Enable-PSRemoting Enable-WSManCredSSP -Role server
Answer YES to all questions. Thus you will configure the automatic startup of the WinRM service and enable remote management rules in your firewall.
Now let’s move on to setting up the Windows 10 or 11 client computer that you will use to manage your Hyper-V Server host.
The Hyper-V server must be accessible by its hostname. In the domain network, it must correspond to the A-record on the DNS server. In a workgroup environment, you will have to create the A record manually on your local DNS or add it to the hosts file (C:\Windows\System32\drivers\etc\hosts) on a client computer. In our case, it looks like this:
192.168.13.55 HV19
You can add an entry to the hosts file using PowerShell:
If the account you are using on a client computer differs from the Hyper-V administrator account (and it should be so), you will have to explicitly save your credentials used to connect to the Hyper-V server to the Windows Credential Manager. To do it, run this command:
Now you need to install the Hyper-V Manager console in Windows. Open the Programs and Features snap-in and go to Turn Windows Features on or off. In the next window, find Hyper-V, and check Hyper-V GUI Management Tools to install it.
Also, you can install the Hyper-V Manager snap-in on Windows 10/11 using PowerShell:
Run the Hyper-V Manager snap-in (virtmgmt.msc), right-click Hyper-V Manager and select Connect to Server. Specify the name of your Hyper-V Server.
Now you can manage Hyper-V Server settings, and create and manage virtual machines from the graphical console.
Managing Hyper-V Server with Windows Admin Center
You can use the Windows Admin Center (WAC) to remotely manage a Hyper-V Server host. WAC is a web-based console and dashboard to manage Windows Server, Server Core, and Hyper-V Server hosts.
Enable the rules to allow SMB connections in Windows Defender Firewall on the Hyper-V Server:
Set-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Enabled true -PassThru
Now you need to download (https://aka.ms/WACDownload) and install the Windows Admin Center agent on your Hyper-V host. Download WindowsAdminCenter2110.2.msi on any Windows computer. You can copy the installation MSI file to the Hyper-V Server using a remote SMB connection to the administrative share C$. Run the following command on your Windows client device:
Win+R -> \\192.168.13.55\C$ and enter the Hyper-V administrator password. Create a folder and copy the MSI file to the Hyper-V Server host.
Now run the WAC installation from the Hyper-V console:
Next, I will look at some ways to manage Hyper-V Server settings using PowerShell
Configuring Hyper-V Server 2019 Host with PowerShell
You can configure Hyper-V Server settings using PowerShell. There are over 238 cmdlets available in the Hyper-V module for managing Hyper-V hosts and VMs.
Get-Command –Module Hyper-V | Measure-Object
Configure the automatic start of the PowerShell console (instead of cmd.exe) after logon.
Now, when you log into the server, a PowerShell prompt will appear.
How to Configure Hyper-V Server 2019 Network Settings with PowerShell?
If you have not set the network settings using sconfig.cmd, you configure them through PowerShell. Using Get-NetIPConfiguration cmdlet, you can view the current IP configuration of network interfaces.
Use PowerShell to assign a static IP address, netmask, default gateway, and DNS server addresses. You can get the network adapter index (InterfaceIndex) from the output of the previous cmdlet.
We will use a separate partition on a physical disk to store Hyper-V files (virtual machine files and iso files). View the list of physical disks on your server.
Get-Disk
Create a new partition of the largest possible size on the drive and assign the drive letter D: to it. Use the DiskNumber from Get-Disk results.
New-Partition -DiskNumber 0 -DriveLetter D –UseMaximumSize
Then format the partition to NTFS and specify its label:
Format-Volume -DriveLetter D -FileSystem NTFS -NewFileSystemLabel "VMStorage"
Create a directory where you will store virtual machine settings and vhdx files using the New-Item cmdlet:
New-Item -Path "D:\HyperV\VHD" -Type Directory
Create D:\ISO folder to store OS installation ISO images (distros):
New-Item -Path D:\ISO -ItemType Directory
In order to create a shared network folder, use the New-SmbShare cmdlet. Grant full access permissions to the local server administrators group:
New-SmbShare -Path D:\ISO -Name ISO -Description "OS Distributives" -FullAccess "BUILTIN\Administrators"
For more information on the basic configuration of Hyper-V Server and Windows Server Core from the command line, see this article.
Configure Hyper-V Server Host Settings with PowerShell
List current Hyper-V Server host settings using this command:
Get-VMHost | Format-List
By default, Hyper-V stores virtual machine configuration files and virtual disks on the same partition where your operating system is installed. It is recommended to store VM files on a separate drive (partition). You can change the default VM folder path with this command:
Create an external switch connected to the physical NIC of the Hyper-V server. Your virtual machines will access the physical network through this network adapter.
Check the SR-IOV (Single-Root Input/Output (I/O) Virtualization) support:
Get-NetAdapterSriov
Get the list of connected network adapters:
Get-NetAdapter | where {$_.status -eq "up"}
Bind your virtual switch to the network adapter and enable SR-IOV support if it is available.
Hint. You won’t be able to enable or disable SR-IOV support after creating the vswitch. You will have to recreate the switch to change this parameter.
In this article, I will show you how to enable Hibernate mode in Windows 11 using different methods. We will explore different methods to turn on hibernate mode which includes Intune, Registry, Group Policy, Command Prompt and Control Panel.
In Windows, the Hibernate mode allows you to completely shut down your computer while conserving your work, allowing you to immediately resume where you left off the next time you turn on your computer.
Hibernate mode is similar to Sleep mode in Windows. The primary difference is that in Hibernate mode, the documents, and apps that are currently open are saved to a file on your hard disk rather than in RAM as in Sleep mode. Hibernate mode consumes less power than Sleep mode which is a big advantage. However, it can use gigabytes of disk space.
When you use Hibernate mode, your work is saved in a hidden file named hiberfil.sys. This hiberfil.sys file is responsible for managing computer hibernation, helping your computer restart from the hibernate power state. Although hiberfil.sys is a hidden and protected system file, it is safe to delete it if you do not wish to employ Windows’ power-saving capabilities.
According to Microsoft, use hibernation when you know that you won’t use your laptop or tablet for an extended period and won’t have an opportunity to charge the battery during that time. Windows 11 doesn’t come with hibernate mode enabled by default. You have to manually enable it from Windows settings.
Why is the Hibernate option missing on Windows 11 PC?
When you install Windows 11 or upgrade from Windows 10 to Windows 11, you’ll notice that the Hibernate option is missing from the Power options menu. This is by design and Microsoft allows users to use the Sleep option instead of Hibernate. Although, the hibernate option is not enabled on your Windows 11 PC, you can turn it on or off when required.
There are multiple ways that you can use to turn on the hibernate mode in Windows 11. Some of these methods include:
Turn on the hibernate mode using Control Panel.
Activate the hibernate mode using Command Prompt.
Use Windows Registry to enable the hibernate mode in Windows 11.
Enable Hibernate option using Intune on Windows 11 endpoints.
Deploy GPO to enable or disable the Hibernate option.
I will cover all the methods in this post that will help you turn on the hibernate mode in Windows 11.
Method 1: Turn on Hibernate Mode in Windows 11 from Control Panel
The method is easiest and recommended way to enable the hibernate option in Windows 11 is using control panel. Select Search on the taskbar, type ‘control panel‘, and select it from the results. When the control panel launches, select System and Security.
Control Panel – System and Security
In the Power Options section, select Change what the power buttons do.
Select Power Button options
By default, the option to enable Hibernate is greyed out because the changes that you make here applies to all your power plans. Select Change settings that are currently unavailable.
Turn on Hibernate Mode in Windows 11 from Control Panel
In the Shutdown settings section, select Hibernate. This allows the Hibernate Mode to show up on the Power Menu. Click on Save changes to complete the process.
Turn on Hibernate Mode in Windows 11 from Control Panel
To verify if the hibernate option is enabled, click on Start and select the Power button. The option for hibernate mode should be available.
Windows 11 Hibernate Option in Power Menu
To disable the hibernate option, click start and launch the control panel. Click System and Security and in the Power Options section, select Change what the power buttons do. Select Change settings that are currently unavailable. In the Shutdown settings section, uncheck the Hibernate option and click Save changes. This will immediately disable the hibernate option from Windows 11 power options.
Method 2: Use Command Prompt to Turn on Hibernate mode in Windows 11
Command Prompt in Windows lets you run manage Windows Power plans on a Windows PC. You can also use Windows Terminal instead of command prompt to perform the same tasks. Enabling the Hibernate mode using command prompt is effortless.
In the Windows Start Menu, type Command Prompt in the text box and hit enter.
From the search results, run Command Prompt as administrator.
Run the command “powercfg.exe /hibernate on” to enable the Hibernate mode on Windows 11.
Use Command Prompt to Turn on Hibernate mode in Windows 11
To disable the hibernate mode using command prompt, run the command “powercfg.exe /hibernate off” and this will turn off the Hibernate mode on Windows 11.
Note: You cannot enable Hibernation on a VM when the firmware doesn’t support it. You will encounter the following error. Hibernation failed with the following error: The request is not supported. The following items are preventing hibernation on this system. The system firmware does not support hibernation.
You can also use Windows Registry to enable the hibernate mode on Windows devices if the previous methods don’t have the desired results. Press the Windows+R key to bring up the Run dialog box. Type in Regedit and press OK to open the Windows Registry Editor.
In the Registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power. Here you should find the HibernateEnabled registry setting and the value of the setting lets you enable or disable the hibernate mode in Windows 11.
HibernateEnabled = 1 – The value 1 indicates the Hibernate option is enabled.
HibernateEnabled = 0 – The value 0 indicates the Hibernate option is disabled.
Use Windows Registry to Enable Hibernate Mode
On the right panel, double-click on HibernateEnabled. This will bring up the Edit DWORD Value box. Change the value to 1 to enable hibernate mode and click OK.
Enable Hibernate Mode in Windows 11 using Registry
After making the above modifications to the registry, restart the computer. Once restarted, you will find that hibernate mode is enabled on your system when you access the Start Menu.
Method 4: Enable Hibernate Mode using Intune via Settings Catalog
The Intune Settings Catalog policy makes it easier for MEM Admins to add, configure, customize and manage device and user policy settings. With Intune, you can deploy a policy setting to Show hibernate in the power options menu. You can also configure power options using Intune.
Create a new Intune Configuration profile and define the settings to turn on hibernate mode.
On Windows ConfigurationProfiles window, select Create Profile. On the Create a Profile window, select Platform as Windows 10 and later. Select profile type as Settings Catalog. Click Create. On the Basics tab, specify the name of the profile to Enable Hibernate Mode on Windows Devices, and you may add a profile description. Click Next.
Enable Hibernate Mode using Intune
On the Configuration Settings section, under Settings Catalog, click Add Settings.
Enable Hibernate Mode using Intune
On the Settings picker window, type “Hibernate” in the search box and click on Search. From the search results, select Power. Enable the option “Allow Hibernate“. This policy setting decides if hibernate on the machine is allowed or not. Supported values: 0 – Disable hibernate. 1 (default) – Allow hibernate.
Turn on Allow Hibernate
Next, on the same page, select Administrative Templates\Windows Components\File Explorer. Now enable the setting “Show hibernate in the power options menu“.
Show hibernate in the power options menu: Shows or hides hibernate from the power options menu. If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine’s hardware). If you disable this policy setting, the hibernate option will never be shown in the Power Options menu. If you do not configure this policy setting, users will be able to choose whether they want hibernate mode to show through the Power Options Control Panel.
Enable Hibernate Mode using Intune
On the Configuration Settings tab, ensure the following two settings are enabled:
Show hibernate in the power options menu
Allow hibernate
Click Next to continue.
Turn on hibernate mode using Intune
In Intune, Scope tags determine which objects admins can see. On the Scope tags section, you specify scope tags. Click Next. On the Assignments tab, specify the groups to which you want to target this policy. Click Next.
On the Review+Create tab, review all the settings defined to enable hibernate on Windows 11 and select Create. After you create a device configuration policy in Intune, a notification appears “Policy created successfully“.
You must wait for the Intune Policy to apply to the targeted groups and once the devices check-in with the Intune service they will receive your profile settings. You can also force sync Intune policies on your computers. Once the policy applies to the devices, you can verify if the hibernate option shows by clicking the start menu and selecting the power button. This completes the steps to enable hibernate mode in Windows 11 using Intune.
Turn on hibernate mode using Intune
Method 5: Enable or Disable Hibernate Mode using Group Policy
Group Policy is a fast and effective way to configure Hibernate on multiple PCs. When you want to turn on hibernate mode for multiple Windows 11 PCs, GPO is the best choice for administrators.
With GPO, you enable the hibernate mode and even disable it when it’s not required. Here are the steps to enable hibernate option in Group Policy:
On your domain controller, launch the Group Policy Management console.
Create a new Group Policy Object and name it “Enable Hibernate Mode“
Right-click on “Enable Hibernate Mode” and select Edit. This will bring up Group Policy Management Editor.
Navigate to Computer Configuration > Administrator Templates > Windows Components > File Explorer.
On the right pane, double-click the setting “Show hibernate in the power options menu” and set it to Enabled.
Enable or Disable Hibernate Mode using Group Policy
Ensure the GPO is linked to a OU or you may link it to entire domain to apply the settings for all computers. Wait for the GPO to refresh on the remote computers. Alternatively, you can force a GP Update through Command Prompt by running the command GPUpdate /force. The hibernate option show now show up on Power options menu.
To disable the hibernate mode in Windows 11, double-click the setting “Show hibernate in the power options menu” and set it to Disabled.
