Microsoft RAP as a Service
RAP as a Service (RaaS) Prerequisites
This download is meant for Microsoft Premier Support customers only. This page contains prerequisites documents for the various RAP as a Service programs offered by Microsoft Premier Support.
Download RAP as a Service Prerequisites – Microsoft Download Center – Download Details
Viewed 47357 times by 3189 viewers
Microsoft Message Analyzer Beta
Message Analyzer is the successor of Network Monitor but does much more than a network sniffer or packet tracing tool.
Key capabilities include:
- Integrated “live” event and message capture at various system levels and endpoints
- Parsing and validationof protocol messages and sequences
- Automatic parsing of event messages described by ETW manifests
- Summarized grid display – top level is “operations”, (requests matched with responses)
- User controlled “on the fly” grouping by message attributes
- Ability to browse for logs of different types (.cap, .etl, .txt) and import them together
- Automatic re-assembly and ability to render payloads
- Ability to import text logs, parsing them into key element/value pairs
- Support for “Trace Scenarios” (one or more message providers, filters, and views)
Microsoft has released a beta and is working to a drive towards a mid-2013 RTM.
There is also a new blog here: http://blogs.technet.com/messageanalyzer.
(To capture at the NDIS and Firewall layers without running as admin, you must log off and back on after installation to pick up the necessary credentials. )
Sign up for the beta: https://connect.microsoft.com/site216
Viewed 44877 times by 3161 viewers
Categories: Microsoft Tags: Facebook, Firewalls, Hotmail, Instant messaging, Message, Microsoft, Skype, Windows Live ID
How to : Identify and Delete Malware Autostarts
Malware persists on an infected computer by configuring itself to run when Windows starts, or when a user logs in. The System Configuration utility (Msconfig.exe, sometimes called “Msconfig”) that ships with Windows displays a list of programs that load at startup, among other information. While this can be useful for general troubleshooting purposes, Msconfig is often inadequate for dealing with a malware infection: it doesn’t check all of the autostart extensibility points (ASEPs), or places processes can automatically start from, and it doesn’t provide certain information that can be useful when investigating an infection. To track down malware more effectively, use another Sysinternals tool, Autoruns.
Autoruns shows which programs run when Windows starts
Click on the Image to Enlarge.
Using Autoruns
When you launch Autoruns, it immediately begins filling its display with entries collected from known ASEPs. Each shaded row represents an ASEP location in either the file system or the registry. The rows underneath a shaded row indicated entries configured in that ASEP. Each row shows the item’s description, publisher, and path. Click a row to display more information about the item at the bottom of the Autoruns window, including file size, version number, and any command line arguments used to launch the item. Double-clicking an item in the list displays the item in either Regedit or an Explorer window, depending on whether the item is a registry entry or a file on disk. For registry entries, you can also open the folder containing the file associated with the selected entry by clicking the Entry menu and then clicking Jump to.
On most computers, Autoruns is likely to display hundreds of entries for startup items. To reduce the number of items you have to investigate, enable the Hide Microsoft and Windows Entries and Verify Code Signatures items in the Options menu, and then click Refresh on the toolbar. This filters out items published by Microsoft.
Autoruns can also be used to display autostart entries for other profiles, and for offline computers (for example, an offline virtual machine, or a physical computer booted into a preloader environment with Autoruns installed). To display entries for another profile, click the User menu, and then click the user account you want to check. To check an offline computer, click the File menu, and then click Analyze Offline System.
The Autoruns download package includes a command-line version of the tool, Autorunsc.exe. See technet.microsoft.com/sysinternals/bb963902 for usage instructions.
Identifying Malware Autostarts
Suspicious autostart items can often be identified by many of the same characteristics listed on page 3: look for files with no icon, entries with blank Description and Publisher fields, files with unusual or random-seeming names, files that can’t be verified, and files in unexpected locations, among others. To quickly search for information about a filename online, click the Entry menu and then click Search Online, or press Ctrl+M.
The following figure shows a malicious autostart entry created by a variant of Win32/FakePAV, a rogue security software program. This entry has blank Description and Publisher fields, a random-seeming name with no obvious meaning, and comes from a location in the registry that usually points to Explorer.exe.
A malicious entry in Autoruns
Click on the Image to Enlarge.
Deleting Autostarts
To delete a selected autostart entry, click the Entry menu and then click Delete, or press Ctrl+D. To disable an entry without deleting it, clear the check box at the left end of the row. Before deleting any entries, record the full path to each malicious file, so you can remove them later.
After deleting or disabling suspicious autostarts, refresh the list by clicking the Refresh button on the toolbar or pressing F5. If you’ve overlooked any malicious processes, they may monitor the autostart list and recreate any entries you delete. If this happens, return to step 2 and use Process Explorer and Process Monitor to find and eliminate the responsible processes.
Viewed 44599 times by 3074 viewers
Categories: Microsoft Tags: Autoruns, File menu, Malware, Microsoft Windows, Msconfig, Process Explorer, Windows, Windows Registry
Security and Internet Explorer
While the Internet is an amazing resource in terms of the information you can find and things you can do today, it’s important to also be smart about how you browse. A browser can be a great tool in helping you stay safe when you go online.
Most online attacks fall into one of the three situations:
1. Malware that relies on social engineering to spread
2. Attacks directed against your browser or your operating system
3. Attacks directed towards the websites you visit
Let me spend some time describing what I mean by each of these, and also how Internet Explorer can help protect you from each of these types of attacks.
Helping Protect You from Socially Engineered Attacks
A term that you may hear on occasion within the security realm is “socially engineered attacks.” What this means is an attacker uses clever techniques to get you to lower your guard and trick you into doing something that makes you vulnerable to an attack. The idea here is that they aren’t looking for weaknesses in code; rather, they’re trying to fool you into a trap.
The ways in which we see this play out are varied; it may be that you get spam – that is to say an email from a fake bank that actually takes you to a malicious site, or an email supposedly from a friend that encourages you to download a file which may contain malware. To help keep you safe from such types of attacks, Internet Explorer comes with the Smart Screen filter technology, which has been improved even more with Internet Explorer 9. SmartScreen makes it harder for someone to trick you into opening a malicious page, or con you with a phishing site. This technology checks to see if the site you’re visiting is suspected of hosting malicious code and subsequently prevents you from continuing on to that page. Internet Explorer 9 goes one step further by warning you only when you download applications that may be of higher risk.
Technologies like this can make a big difference in helping to keep you safe online. In December, NSS Labs reported that Internet Explorer offers the best protection against the spread of socially-engineered malware. As you can see in the below chart, Internet Explorer 8 (90%) and Internet Explorer 9 (99%) offer significantly more protection than other browsers.
Mitigating Attacks on Your Browser and PC
Internet Explorer also helps protect against deliberate attacks where bad code is hosted on a site that is designed to exploit weaknesses in the software on your PC. Among all the lines of code that make up software, there can be vulnerabilities. The Internet Explorer team designed its browser with security in mind, and in comparison to other browsers, Internet Explorer has fewer vulnerabilities. The chart below illustrates the number of publicly known vulnerabilities in 2010 divided by each browser, according to the National Vulnerability Database.
*Data source: National Vulnerability Database. Data is based upon the most recently shipped versions available during this time period. In the case of Chrome, versions 5, 6, 7, & 8 were all released during this time period.
At Microsoft, products are built with a secure-by-design approach, where security is designed into the product from the ground up. The result of this effort is a browser that includes specific features to help people stay secure and technologies that help insulate the browser against exploits. In addition to Microsoft’s security processes, which includes the Security Development Lifecycle, Software Security Incident Response Process (SSIRP), and monthly security bulletins, some ways in which you might see this at a product level include features such as Protected Mode, Data Execution Prevention, and many others, both in Internet Explorer 8, and the soon to be released Internet Explorer 9.
Protecting Against the Compromised Websites
This last scenario is when an attacker that has compromised a site that you visit in a way that interferes with how your browser relates to the site. This type of an attack is called a cross-site scripting attack. In this instance, an attacker gets an unsuspecting server to load special code on your browser that allows the attacker to do anything from monitoring your keystrokes to performing actions on your behalf on the site. Internet Explorer has built in a Cross-Site Script Filter that makes such attacks more difficult and helps protect you.
The upcoming release of Internet Explorer 9 contains even more features designed to help keep you safer such as ActiveX Filtering and Application Reputation. More information on how Microsoft technologies can keep you secure can be found here.
Viewed 44916 times by 3059 viewers
Video: Xbox smartglass is coming soon!!
One of the features I’m most excited about with Xbox 360 is Xbox SmartGlass. While the focus is on tapping into the best entertainment providers right now, the possibilities for this digital canvas will be endless.
Viewed 10533 times by 1443 viewers
Windows Upgrade Offer Registration Now Available
If you purchase or have purchased an eligible Windows 7 PC anytime between June 2, 2012 and January 31, 2013 you will be able to purchase an upgrade to Windows 8 Pro for only $14.99 (U.S.) which will be redeemable when Windows 8 is generally available on October 26th. If you’re still looking for a PC, check out some of our great Windows 7 PCs. Once you’ve purchased your PC you can come back and register for the offer.
Registration for the Windows Upgrade Offer is only for those who buy an eligible Windows 7 PC between June 2nd and January 31st, 2013.
Here is what you need to do to register for your $14.99 (U.S.) upgrade to Windows 8 Pro:
After buying your PC, go to the Windows Upgrade Offer website to register. It will ask you to select your country (details for the offer vary depending on country). You will then be asked to register with your personal details as well as information about your Windows 7 PC purchase – including date of purchase, retailer, and PC brand and model. You should also have your 25-digit Windows 7 product key that came with the PC handy as you may be required to enter this as part of the registration.
Then starting on October 26th, we will start sending out promo codes via email with purchase instructions. You will be directed to Windows.com where you will go through the online upgrade process with the Windows 8 Upgrade Assistant (shown above) as I have highlighted here in this blog post. Once you get to the purchase screen in the Windows 8 Upgrade Assistant, it will show the $39.99 upgrade price. However, on the order confirmation page you’ll have a chance to enter your promo code – that price will change to $14.99. Once you make your purchase, your download and upgrade installation begins!
You will have until February 28, 2013 to register for the offer to get Windows 8 Pro for $14.99.
If you experience any issues or have questions – you can click the contact support link at the top of the Windows Upgrade Offer website.
Did you already buy an awesome Windows 7 PC prior to June 2nd (or have a Windows 7 PC not eligible for the offer)? Not to worry! Starting on October 26th, you will be able to upgrade to Windows 8 Pro for $39.99!
Both the Windows Upgrade Offer and $39.99 upgrade promotion is available in 140 countries worldwide, with 37 supported languages, and 23 supported currencies (we’ve added 9 additional countries over the original 131!).
Viewed 6789 times by 1240 viewers
Categories: Microsoft Tags: Coupon, MicrosoftWindows, Personal computer, Product key, Windows 7, Windows 8, Windows 8 Pro, Windows Upgrade Offer
Windows 2012 jump start videos
• Designed for Microsoft Partners, early adopters, and experienced IT Pros/ITDMs familiar with Microsoft server technologies • All twelve (12) modules are under an hour and packed with engaging discussion and real-world demos — watch them all!
Links to Every Module from this Jump Start The HD-quality video recordings of this course are published to TechNet Edge and are highly recommended. Windows Server 2012 is a game-changing release for so many reasons and this course will help experienced IT Pros truly understand why — check it out!
• Windows Server 2012 Jump Start
• Windows Server 2012 Jump Start (02a): Virtualization Infrastructure, Part 1 • Windows Server 2012 Jump Start (02b): Virtualization Infrastructure, Part 2 • Windows Server 2012 Jump Start (03a): Storage Architecture, Part 1 • Windows Server 2012 Jump Start (03b): Storage Architecture, Part 2 • Windows Server 2012 Jump Start (04): Continuous Availability • Windows Server 2012 Jump Start (05a): Multi-Server Management, Part 1 • Windows Server 2012 Jump Start (05b): Multi-Server Management, Part 2 • Windows Server 2012 Jump Start (06a): Security and Access, Part 1 • Windows Server 2012 Jump Start (06b): Security and Access, Part 2 • Windows Server 2012 Jump Start (07): Remote Connectivity and Networking • Windows Server 2012 Jump Start (08): IIS, DHCP and IPAM
Viewed 6740 times by 1203 viewers
First updates for Windows 8 RTM released
Microsoft posted the first (public) updates for Windows 8:
An update is available to correct tile logo images of files on the All Apps View.
Assume that you add the shortcut for a file to the All Apps View in Windows 8, Windows RT or Windows Server 2012. After you change the file association of the file type, the tile logo image is not updated accordingly in the All Apps View.
KB: An update is available to correct tile logo images of files on the All Apps View
Also Microsoft published the EU browser choice Screen update for Windows 8.
KB: What is the Browser Choice update (KB976002) – Microsoft Windows
Both updates are available through Microsoft Update app.
Viewed 8409 times by 1383 viewers
Categories: Windows8 Tags: Microsoft, Microsoft Windows, Operating system, Personal computer, Windows 8, Windows RT, Windows Server 2012, Windows Update
Windows PowerShell 3.0 download
WEindows Powershell 3.0 for Windows 7 SP1, Windows Server 2008 R2 SP1 & Windows Server 2008 SP2 is now part of the Windows Management Framework 3.0.
Windows Management Framework 3.0 makes some updated management functionality available to be installed on Windows 7 SP1, Windows Server 2008 R2 SP1 & Windows Server 2008 SP2. Windows Management Framework 3.0 contains Windows PowerShell 3.0, WMI & WinRM. Windows PowerShell 3.0Some of the new features in Windows PowerShell 3.0 include:
- Workflow Windows PowerShell Workflow lets IT Pros and developers apply the benefits of workflows to the automation capabilities of Windows PowerShell. Workflows allow administrators to run long-running tasks (which can be made repeatable, frequent, parallelizable, interruptible, or restart-able) that can affect multiple managed computers or devices at the same time.
- Disconnected Sessions PowerShell sessions can be disconnected from the remote computer and reconnected later from the same computer or a different computer without losing state or causing running commands to fail.
- Robust Session Connectivity Remote sessions are resilient to network failures and will attempt to reconnect for several minutes. If connectivity cannot be reestablished, the session will automatically disconnect itself so that it can be reconnected when network connectivity is restored.
- Scheduled Jobs Scheduled jobs that run regularly or in response to an event.
- Delegated Administration Commands that can be executed with a delegated set of credentials so users with limited permissions can run critical jobs
- Simplified Language Syntax Simplified language syntax that make commands and scripts look a lot less like code and a lot more like natural language.
- Cmdlet Discovery Improved cmdlet discovery and automatic module loading that make it easier to find and run any of the cmdlets installed on your computer.
- Show-Command Show-Command, a cmdlet and ISE Add-On that helps users find the right cmdlet, view its parameters in a dialog box, and run it.
WMIWMI in Windows Management Framework 3.0 introduces:
- A new provider development model This new model brings down the cost of provider development and removes the dependency on COM.
- A new MI Client API to perform standard CIM operations. The API can be used to interact with any standard WsMan + CIMOM implementation, allowing management applications on Windows to manage non-Windows computers.
- The ability to write Windows PowerShell cmdlets in native code The new WMI Provider APIs supports an extended Windows PowerShell semantics API allowing you to provide rich Windows PowerShell semantics. e.g., Verbose, Error, Warning, WhatIf, Confirm, Progress
WinRMWith Windows Management Framework 3.0:
- Connections are more robust Remote connections communicating over WinRM are more robust to transient network failures such as a flaky WAN connection. In the case of a complete network failure, connections are gracefully disconnected and can be reconnected when network connectivity is restored.
- Remoting is more Standards-compliant Standard WS-Management operations, including Create and Delete, can be performed over WMI. Remoting for cmdlets written in native code using the new WMI provider development model uses WS-Management instead of DCOM.
- Multiple PowerShell sessions can be shared in the same process PowerShell sessions from the same user to the same session configuration (WinRM plug-in) can run in a single shared process instead of separate processes. This improves scalability and performance by allowing multiple sessions to share memory and other server resources.
Management OData IIS Extensions Management OData IIS Extension enables an administrator to expose a set of PowerShell cmdlets as a RESTful web endpoint accessible via the Open Data Protocol (OData). This enables Windows and non-Windows clients to discover and invoke PowerShell cmdlets remotely over standard web protocols and interfaces. Server Manager CIM Provider The Server Manager CIM Provider packaged with Windows Management Framework 3.0 allows you to manage your Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 servers from Server Manager in Windows Server 2012 or Remote Server Administration Tools for Windows 8
Viewed 8731 times by 1291 viewers
Categories: Microsoft Tags: MicrosoftWindows, Open Data Protocol, PowerShell, Servers, Windows, Windows PowerShell, Windows Server, WS-Management
Microsoft Unveils a New Look
In advance of one of the most significant waves of product launches in Microsoft’s history, Microsoft is unveiling a new logo for the company.
Microsoft Chief Marketing Officer Chris Capossela opens the Microsoft Store in Boston, which dons the company’s new logo, on Aug. 23, 2012.
Click logo for larger view or here for Print quality
The logo has two components: the logotype and the symbol. For the logotype, we are using the Segoe font which is the same font we use in our products as well as our marketing communications. The symbol is important in a world of digital motion (as demonstrated in the video above.) The symbol’s squares of color are intended to express the company’s diverse portfolio of products.
Starting today, you’ll see the new Microsoft logo being used prominently. It will be used on Microsoft.com – the 10th most visited website in the world. It is in three of our Microsoft retail stores today (Boston, Seattle’s University Village and Bellevue, Wash.) and will shine brightly in all our stores over the next few months. It will sign off all of our television ads globally. And it will support our products across various forms of marketing. Fully implementing a change like this takes time, so there may be other instances where you will see the old logo being used for some time.
Nice logo overview from Seattle Times
Viewed 4881 times by 768 viewers
Categories: Microsoft Tags: Boston, Chief marketing officer, Chris Capossela, Logo, Microsoft, Seattle, Seattle Times, Segoe
