Go Premium for a chance to win a PS4. Enter to Win


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

hi all,

Can DB2 has built in Brute-force protection ? what tools /configuration needs for this.
Free Tool: Port Scanner
LVL 11
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi guys,

I own a computer consultant business & I go into homes & small business & do services on all kinds of things.  Google is a great tool for answers & of course EE.

My questions are, what do you do for continuing education?  

What softwares & tools do you guys use for:
Virus removal?
Ransomeware protection?
Cleanup of Systems?

I really just want to compare what tools I am using to most current softwares to make sure I am not missing things on cleanup...

Thanks for any input!  I appreciate it!
I am trouble-shooting client VPN connectivity from PAN "Global Protect". The client logs in but instantly logs out. I want to verify that this is not being caused by the windows firewall. How can I exculpate the windows firewall as not interfering with the Global Protect VPN connection process? TY
I had this question after viewing 'Access denied' when permission applied via ICACLS; no problem when applied via GUI.

Does anyone know what the icacls command would be to do this? tick the "Only Apply these permissions button?

Cant find anything in google on how to do it.
I've seen a few times where an Internet page popup displays a bogus warning about the Zeus Virus being detected.  The last one had a support number to sucker you into calling (888)289-9990.

In researching this I am very unclear as to if any sort of infection actually exists or if this is just all tricky web popups.
When I've seen these popups before I just End Task them.  Every time I've run Malwarebytes or another scanner afterwards, it has come up clean.

But googling the net shows people running adware remover, malwarebytes as well disabling and removing certain unspecified browser plugins/extensions/add-ons.

When I see one of these fake zeus popups, does it ever indicate my system is infected, not with Zeus but with the Fake Zeus Detector popup?

What's the real deal here?  Should I just close the popup, or should I take more serious measures?
Hello all.

    Having a difficult time trying to get full disk encryption setup on our laptops.  Our laptops (approx. 10) are all new and running Windows 10 Pro 64-bit with LOCAL Administrator accounts.  We are a small shop with limited money and personnel so simplicity is imperative. If required, I would rather spend money than man hours.

They are all standalone workgroup systems.
Endpoint on these systems is Kaspersky Business Security Advanced.

I've tried enforcing Kaspersky encryption using Kaspersky Business Security Advanced. While testing Kaspersky encryption, I get activation/update failures between Office and Windows. Kaspersky support says there is no way the problem could lie in the encryption piece as all the encryption is done at the sector level.

I've tried enforcing BitLocker with Kaspersky Business Security Advanced. Doesn't seem to work (something about BitLocker management component not installed, even though it is) and Kaspersky Tech support tells me they recommend using Kaspersky full disk encryption anyways.

I tried using BitLocker standalone, but the local admin accounts can just turn it off (and Applocker isn't available in Windows 10 Pro).

What other options do I have to accomplish this?
I just got a new Windows 10 computer.  I don't want to have to type in a login password whenever I turn on the computer.  I tried going to User Account Settings, but can't find how to eliminate the password protection.  Please help.  Thanks, Phil
Hello Experts, to satisfy the NIST 800-171 requirement for Dual Authentication for privileged accounts we have a way to do this, but we must disable Local Policy to prevent local logons.  The solution we're toying with now is using our KVM to connect remotely.  Only concern if for what ever reason the KVM fails & we have disabled local logons, how would we get past this?

We're running Server 2008 R2 environment.
I have this issue where non-root (ie non-priv) UNIX users or even applications could
alter or create files that are world-writable & this will easily become an audit issue.

As the creator/owner, they can always change the file permission using chmod.
"umask" can set the default settings for files created but this will not stop them
from altering it subsequently.

Can provide sample ACLs or any method such that even owners of files can't alter
the UNIX file permission?

Is there any way without using paid products (OpenSource is fine) to alert us if
file permissions are being changed?  Sort of File Integrity Monitoring but we
don't want to be alerted/notified if file content or dates are changed, only if
permission is changed.

We run Solaris 10 & 11 (both have ACL features) & AIX 6.x/7.x and RHEL 7.x.

Or is there a "find ..."  command which we can run daily to identify which files'
permissions got changed the last 1 day?
Each time I open a folder, this indicator (blue time indicator by the cursor) like get on off on off several times before the folder is opened. Very quick on off on off but it's a time lag so it's disturbing (the folder doesn't open as fast as it should, that is, immediately).

Is it a virus? I've never had this until the last week or so.

I have Windows 7 Home Premium.
Keep up with what's happening at Experts Exchange!
LVL 11
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


I encrypted a USB drive using BitLocker To Go in Windows 10 Pro and when I inserted it into a new machine it prompted for the password. Once I entered it in I noticed a More Options section which allowed me to check Automatically unlock on this PC. I have since realized I don't want this to occur but I don't know how to make it go back to the way it was. I looked in Credential Manager with no luck. Sorry I'm new to BitLocker.
I am an administrator on the 2008R2 server.  I was browsing the certificate store with mmc certificates snap in via a remote desktop session.  At one point the session froze and I x'd out the window.  After that, I couldn't log in as indicated by the above message. Another administrator logged in and was able to kill all processes which were hung from the rdp session.  I still could not log in. My smart card still works fine on my workstation and other servers.

To attempt to resolve this, I deleted my profile on the server and also deleted the following registry key:
Computer\HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList\ my SID
After the deletes, the server was rebooted.  
When I attempt to login from the console, the message is "No valid certificates found."  The error message remains the same as above via RDP.

Since I can access all of my usual machines with the same credentials, I am presuming that some corruption occurred on the server certificate store due to the hung rdp session.  Also, the status of my credentials were validated in AD by the help desk.

Any advice on other things to try to resolve this would be appreciated.

I need to bitlocker my W10 but have a VHDX on it to which I boot (mounted VHDX, added it to start menu) sometimes (different W10).
How can I bitocker the W10 AND still boot my VHDX which is on this bitlockered disk WITHOUT creating a different partition?

CIS has hardening guides for various Windows, UNIXes and Cisco switches/routers.
There are hardening guides for Juniper as well.

Now our Audit wants a hardening guide for WAF : we use F5.

Can anyone point me to such a hardening guide for F5 WAF?

if there's none, any link/authoritative guide indicating it's been
sufficiently hardened (as it's an appliance customized from RHEL 5?)
will be appreciated.

Need a good justification why we don't have hardening guide in place
for F5 WAF
Hi experts
I have an application that won’t to run as well without admin privilege even it’s run as admin with script so
I wanna know how to prevent domain admin user in active directory 2008 R2 environment from installing apps via GPO or VB script
I was told by our VMWare admin that ESXi root & vC vcadm_svc  passwords can't be changed
& can't set with an expiry from the time it was first installed & set.

is the above true?  Or is there a way at command prompt, just like UNIXes to change the
passwd  (eg: passwd root new_password) or usermod ...  (to set it to expire every 60 days) ?

What's the impact of changing passwords & attributes (eg: to enforce complexity, expiry,
etc etc) : something will break?

Can we make these IDs to use say OTP kind of password or lodge in a passwordvault tool
like Cyberark or PUM that will auto-generate a new password each time they're being
We have had several of our clients experience a similar problem over the past 2 weeks.

We have the same implementation of windows 2016 server in each instance, where we have a single hyperv host running 2 virtual severs. A windows 2016 domain controller (file server) and a windows 2016 server running Exchange 2016.

We find that the hyperv host (only) has its password hacked, so we cannot gain access to it, and we also notice that a program called Minergate is installed on the Hyperv sever too. The virtual servers seem to be unaffected.

When we recover the administrator password and remove Minergate, scanning with Malwarbytes identifies and removes remaining traces of Minergate, and till today, that seem to resolve it.

Today, however, we had exactly the same situation, but when we recovered the administrator password and removed Minergate, 1/2 an hour or so later, the password was changed again. this happened several times.

We noticed several tools appearing on the Hyperv host, which we deleted. We observed a command prompt opening up on the server and w kept getting kicked out of the console, eventually we were unable to login again.

We also noticed a service running on the server ie sync host_b652b. I have seen some postings on the web which indicate its an infected service, and as it was a delayed start, I managed to stop it, since when we seem to have stopped the changing of the password.

I have looked at changing the properties of the service …
We hv external consultants who will be stationed at our office to do
Data warehse statistical analysis using R & Python :
what are the risks to watch out for ?  We provide hardened PCs

Don't allow Internet access?
Any patches needed?
Secure Coding to adhere to?
A user is using corporate MDM-managed iPad & reading his corporate emails
from this device (that is in encrypted partition) using MobileIron's Email+, a
more secure form of email client compared to Apple's native email client.

Now this user requests for 2 common mailboxes to be configured on his iPad
so that he could read emails sent to his group.  Our MDM admin told us Email+
can't support the additional mailboxes (I'm not sure if this is true but I heard
the admin chap has logged a case with MobileIron).

What are the risks?  Can we create Exchange rules (as the emails had to
go to Exchange first before going to Email+ (or any other email clients) to
auto-forward one copy of emails sent to common mailbox to this user.

We had previously migrated users from Apple's email client to Email+ for
security reason, so don't want to go back to the old way of using Apple
email client
Cyber Threats to Small Businesses (Part 1)
Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Experts - I’d like to create a Linux/Unix read-only-root role for Auditors, InfoSec and Tech Ops, so they can examine a system without risk of breaking anything.
-      Using sudo or Centrify, we can grant the privileges to run some commands as root, e.g.  ls, cat, cksum and tail –f
-      I don’t want to allow root privileges for e.g. find, view or more/less, as they can be used to modify a system

Creating the role is easy; Making it easy to use is harder
-      `sudo cat filename |less` would work fine – the `cat` is run as root, the `less` as the unprivileged user. I can create a little script utility called something like “Auditors_less” to remove the need to remember the syntax.
-      `dzdo cat filename > ~/my_copy_of_filename` would work for the same reason, and give them a local copy to work with. Call it “Auditors_cp” or just “Acp”
(`dzdo` is the Centrify equivalent to sudo)

Replacing the functionality of `find` is the part I can’t figure out. The output of `find` gives the full path to a file. `find` also allows you to select on ownership, permissions etc., but that part could be replaced by
`dzdo ls -l |grep {pattern}`

So a scriptlet that takes a starting directory as input and produces output in the form
/path/to/file      : ls –l output of file
would be great, as grep can filter the output, e.g. for globally writeable files/directories

I’ve found similar questions on formatting `ls -lR` output on stackoverflow.com, but no usable answers – general opinion seems to be…
Attached are outputs from some of the commands (obtained from vSphere hardening gde 6.0):
I have some questions which I've highlighted in green text in the attached: appreciate
clarifications on the green text question in the attached
My colleague has managed to configure one of the PC as Super-Agent ie
other PCs could get the McaFee AV signature updates from it or

is this a 'push' update ie from Super Agent, it pushes to the slave PCs
or it's a pull ie Slave PCs pull signature updates from it?

How do we configure the slave PC portion (screen by screen will be good)?
All system in domain:
Windows 7 Professional
Service Pack 1
64-bit OS

Our Nessus scans are indicating a vulnerability with the Product :
Microsoft Office 2016
  - C:\Windows\SysWOW64\mscomctl.ocx has not been patched.
    Remote version :
    Should be      :

There are two MSCOMCTL.OCX on the systems… one in the C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\VFS\SYSTEM folder which is the current version and the offending MSCOMCTL.OCX version found in C:\WINDOWS\SYSWOW64

My question is, is it safe to replace the offending MSCOMCTL.OCX with the newer OCX and if so what it the best way to do so?  I assumed I would need to unregister the OCX file, replace the old one with the new and run Regsvr32 on the newer OCX file.

PFA screenshot of found OCX files.


Has anyone run into this vulnerability and if so what was done to remediate the issue?  Many thanks in advance!
In Win 10, how to get into Control panel to uninstall/install program?
we have a number of internal applications which rely on IIS for the web server. These are only internal servers but we have noticed the 3rd parties whose apps we use have within the web root  some web.config12.bak type files. These do have hard coded DB and admin credentials within them so we would not want them exposed to any internal officers.

All servers are internal and not internet facing so the risk is limited to internal employees, and it is a small workforce with limited web server skills I would presume. The web root is hosted on the servers D:\, and the actual permissions on  the web root folders themselves only grant IIS_USERS group read on read & execute permissions. I typed the full path into a browser, e.g. \\server\app\live\admin\web.config12.bak and it returns a "404 - File or directory not found" error, even though I know it exists in that path. If I try a sample of other files in that directory such as styles.css, or a log txt file I know exists, my browser loads them up fine. So I am wondering if its something to do with the extension that causes the 404 error rather than ACL permissions preventing their download. As the ACL seems to be the same for all files in that directory, so it must be an IIS additional security control, perhaps.

I just need to be sure this would be consistent for all internal employees, that nobody could download a copy of these web config backup files, or if its the behavior of the browser preventing the …

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.