Emetv4 Beta adds new feature “Audit Only” to protect from crashes

Emet v4Beta was first introduced here on the Microsoft Security and Research Defense Technet Blog. I have deployed the v3.5 tech preview to most of my secure workstations, so I inquired about upgrade paths and it looks like you should uninstall previous releases as well as delete the Emet registry keys before installing Emet v4 Beta. The registry keys to delete are located at "HKEY_LOCAL_MACHINESOFTWAREMicrosoftEMET*"

If you want to download the Beta version, here is a link to the download page. I have just begun testing out this new version, and so far the best feature that is now included is the option to only audit and not crash the program. Also, when an application trips a mitigation response, you can see one or more little boxes that pop up in the lower right hand corner of the desktop, and in some cases the boxes quickly blink and scroll up the screen as the exception happens multiple times. Then you can go into the EMET control panel and turn off the mitigation that is mentioned in the box if you want the program to continue to run despite the issue.

For example I have only had problems with the SimExec mitigation, and it has so far affected Internet Explorer and Microsoft Word 2013. I went in and disabled the SimExec settings for these applications and have not had any more problems running Word or IE so far. Once you install the Beta you can read the manual located in the Program Files directory.
32 bit Windows: C:Programs FilesEMET 4.0 (Beta)
64 bit Windows: C:Programs Files (x86)EMET 4.0 (Beta)

My site was just updated and is now protected by Cloudflare.

I just want to inform you that a change has taken place and I am now utilizing Cloudlflare’s DNS and DOS protection so if anyone notices any problems or changes, please let me know. I am curious to see how good Cloudflare really is, so hopefully everything will work out smoothly. If you come across any issues, please send an email to James at this domain and I will hopefully get it. I must extend my thanks to X10 hosting, Hover, and CLoudflare for bringing you this website.

Complications from a complete Repair of Windows 7 Ultimate with an in-place upgrade (to the same edition)

Since I just had to repair a Windows 7 Ultimate installation that was about 2 years old and had various problems, such as permissions, Diagnostic Policy service problems, and drivers that would not be installed from windows update, I figured I would document what I did in the end to repair all of these problems that were really annoying. For example, the main problem that was completely driving us nuts was that we were trying to install a usb webcam and an external hard drive to this older laptop and no matter what troubleshooting method we used, Windows Update would not install the plug-n-play drivers. We tried deleting the Inf cache, changing various group policies to ensure that windows update was being searched for updates, and anything else that google searches would come up with as solutions.

In the end, it only made sense to either wipe the drive and reinstall Windows 7, or to attempt a complete Repair install, by performing an in-place upgrade installation to Windows 7 Ultimate.
(Important Note:) Now this machine originally was an OEM HP laptop, a G62-435DX from about 2-3 years ago, so HP has not tested or certified it capable to run Windows 8, and we could not take the chance of things not working from upgrading to Windows 8 on this laptop yet, so we will soon. This laptop also was upgraded with a Windows 7 Anytime Upgrade over a year ago to Windows Ultimate, and we took the product key off of it and saved it. Now it is important to note here that this method, although it worked and repaired the OS and kept most of the files and data and programs installed, the product key would not work after performing the upgrade. Most likely this is because the product key was used for an anytime upgrade, and we decided to do an in-place upgrade to the same Operating System Version which for some reason left us with an unactivated Windows 7 Ultimate Laptop. Very annoying, but we will worry about this issue later on after we find time to call Microsoft’s phone activation hotline.

Now, the complications that I noticed immediately upon logging into the newly recovered system all the VMWare workstation network adapters are gone, Bridged networking no longer works, and VMWare workstation looks like it needs to be repaired, and upon attempting one through programs and features, it actually is asking for the original VMWare Workstation installation “disk”. Also, there were 3 user profiles on this computer and it looks like one of the user profiles actually lost some data, (or had it moved), since many folders are now empty. Windows Updates were of course rolled all the way back to Service Pack 1, so 99 updates were required to be immediately installed. This is to be expected. As of right now I am in the process of comparing an earlier image to the new one to find out why there is now 40gb empty and there was only 20 when the upgrade was completed. Most likely this is due to all the Windows folder gunk that had built up over time, but it is frustrating to have to go back and perform some of the many customizations that were done on this machine over the last 2 years. So far Group Policy seems to be working fine, but there were many other registry edits and adjustments performed that were not documented so it will take time to get this machine back to the state that is desired.

All in all, it was a successful repair, however it did take over 4 hours for the operation to complete, so if you decide to do the same thing, do it overnight, do not stop it in between because you think it may be stuck, I thought it was stuck at 72%, but I left it alone and eventually it finished. Also, remember the product key problem, many people think that just because they manage to recover the product key from an installation (using a program like Nirsoft’s produkey) that Microsoft will accept it after the repair is performed. I could not get the system to accept any of my product keys from my personal stash. I assume it has to do with the fact that this is an OEM HP machine and the installation ISO was a retail version of Windows 7 Ultimate, which is most likely always a potentially troubling factor. So, if you know what you are doing, and are at your wits’ end with a system, I would say this is an almost last resort way of recovering your system, before wiping the drive and installing fresh. Good luck.

Repairing a Black Screen Hyper-V Virtual Machine of Windows Server 2012 or Windows 8

This is just a quick tip for repairing a Hyper-V Windows Server 2012 guest virtual machine if you ever encounter the Black screen of nothingness. I recently experienced a couple of Hyper-V Windows Server 2012 guests that were only showing a black screen and I could not get access to the underlying operating systems. I wanted to document the trick that I used to repair these VMs.

  1. You need to use either an installation DVD or an ISO file of the underlying Operating System. I simply pointed the virtual machines’ cd drives to the server 2012 installation ISO.
  2. You reset the virtual machine and press any key to boot from the DVD or Iso file.
  3. Choose the option: REPAIR YOUR COMPUTER
  4. Choose the option COMMAND LINE
  5. enter C: to receive a C: prompt instead of the X:
  6. Now, you want to repair the bootsector so you will use the command

      Bootsect /nt60 C: /force

  7. reset the virtual machine, and hopefully you will see the blue login screen this time. In my case it took two attempts of entering the commands but it worked for both virtual machines. There is a /SYS switch that can be used also with the bootsect command but in my case I didn’t need to use that just Bootsect /nt60 C: /force did the trick.