Malware Isn’t Just For Windows Anymore – Fruitfly Is Hitting Macs Hard

This year’s cyber threat epidemic started with Windows, then spread over to Linux and third-party apps, and now is here for Macs. While the latest malware Fruitfly is targeting Mac computers, its malware library is also capable of running on Linux systems. 

Though it was recently found conducting surveillance attacks, it’s possible Fruitfly has been infecting Mac systems for over two years. It appears that the base code of Fruitfly is over a decade old, which begs the question: how can decade-old malware start breaching systems now? Haven’t our systems been updated over the last ten years?

It seems the Fruitfly developers have reused old code and modified it to give this malware extra power and capabilities. This cross-platform malware uses old APIs, but if there are any changes in the API, it will break the legitimate program to maintain reverse compatibility as long as possible. Fruitfly may have escaped detection for a long time because it appears that its creators have intentionally limited how many computers it targets. And since Mac systems don’t usually face as many threats as Windows, many administrators have been more lenient with patching their Macs, leaving them vulnerable to attacks such as Fruitfly.

You can identify Fruitfly infections by detecting suspicious network traffic. A file integrity monitor or log analyzer can help you identify an attack on your network, but a breach could be avoided altogether by keeping your systems up-to-date. Since most enterprises comprise different operating systems, it isn’t advisable to employ a separate patching tool for Windows, Mac, and Linux. The smarter alternative would be for an enterprise to employ a multi-platform patch management solution that helps update every computer from a single console. However, there are only a few solutions on the market that even support third-party patching, and even less that provide complete control over all enterprise devices, including mobile devices

These last few months have already given security professionals a lot to cover, and since cyber attacks are evolving at rapid rate, its high time enterprises maintain endpoint security by keeping their systems up-to-date. The best way to do this is to employ a patch management solution to stay safe from future ransomware and malware. One such solution is ManageEngine’s Desktop Central.

Desktop Central is integrated desktop and mobile device management software. This multi-platform solution helps automate your overall patch management process, and also has some other enhanced features to help secure your networkDownload ManageEngine Desktop Central Now and keep your Windows, Mac, Linux and all your third party applications completely safe and up-to-date. 

Follow me (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Five Routine’s That Sums Up Desktop Management

IT departments play a major role in systems maintenance and it takes some effort for a system administrator to keep servers and end user workstations up and running for stability and productivity reasons. Lets take a look at system administrator’s daily routine and the importance of it.

1. Downloading and Deploying patches to user computers

System administrator has to identify required patches (3rd party) on systems, download them from the vendor websites and deploy them to end user computers. Managing these patches on a one of basis seems straightforward but it becomes cumbersome on a routine basis and especially when there are many systems to patch. Using a Patch Management solution, these routine tasks can be automated and scheduled to lessen the cumbersome workload on system administrators.

2. Installing software to user computers

Manually installing software on remote computers can be a daunting task and is challenging. A Software Management solution can resolve this complication by allowing a system administrator to deploy software from any location, handle tickets with ease and assist users demands in software installation with simplicity.

3.Troubleshooting remote computers

Troubleshooting servers and workstations for Operating System issues, software installations, security patches, system crashes can be remedied much easily with software management solutions, especially with remote capabilities and centralized management interface.

4. Managing IT assets in your network

Asset tracking for hardware and software in your organization is highly important and can be done with ease with the use of an asset management software. Apart from tracking the hardware and software in the organization, software license management, hardware warranty management, and identifying the usage of software particularly for licensing, restricting unwanted software in your network is important as well. An asset management solution provides a systems administrator the tools needed to effectively gather and manage this data.

5. Deploying configurations and managing mobile devices

Managing and configuring devices such as computers, tablets, phones, and peripherals in a growing organization with rapid demands for technology can be a challenging task for system administrators. MDM and desktop management solutions provide much flexibility and the tools needed to handle these technology challenges in the enterprise.

ManageEngine Desktop Central is one such ideal solution for desktop management, with its bundle of features and pricing compared to some known industry solutions. Desktop Central offers Patch management, Software management, Asset management, Remote support, Mobile device management, Failover Service, and Auditing capabilities. Desktop Central supports heterogeneous platform in 16 different languages. Finally, Desktop Central offers a fully functioning edition to manage 50 endpoints completely free with no hidden cost.

Download Desktop Central now and experience simplified IT management.

Follow @Hoorge on Twitter and join Tech Konnect on Facebook and Twitter to stay current on technology related matters.

Please like & share:

How To Fix: Bitlocker Recovery Key Prompts On Every Reboot

windows-10-bitlocker-featured

There are few reports of users having Bitlocker issues following the October 2016 patches.

The issue: On every reboot, the Bitlocker recovery key is required which is quite disruptive and cumbersome. As a workaround in order to solve this issue, the following steps can be taken:

On the next reboot and once in Windows, reset Bitlocker by disabling and re-enabling it.
In administraive command prompt, do the following:
manage-bde -protectors c:-disable
then do this:
manage-bde -protectors c:-enable

At this time, I’m not certain on which patch is causing the issue but I wanted to share this info to help. You can also discuss in this TechNet post.

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

System Center Operations Manager (SCOM) Console Crash

scom-gsx-solutions

** UPDATE**
(October 19, 2016)
A fix for the SCOM console crash issue as previously blogged below has been released. See the following KB320006 article to obtain the hotfix.

***************************************************************************************************

**Posted on October 18, 2016**

There is a widespread report of System Center Operations Manager (SCOM) 2012 R2 / 2016 console crashes due to some bugs in October 2016 Cummulative Updates, in particular with the following patches: KB3194798 / KB3192392 / KB3185330 / KB3185331.

The product team has acknowledged the issue on their blog post and is said to be working on releasing a fix soon. The current recommendation is to uninstall the problematic patches as a temporary workaround. According to the blog post, an announcement will be made on the SCOM Team blog when a fix has been made available. So, keep a close eye on it.

Links related to this post:

SCOM Product Team Console Issue Ackowledgement
TechNet Discussion
SCOM Product Team Blog
Microsoft Tech Community Discussion

Follow (@Hoorge) on Twitter and join Tech Konnect on Facebook and Twitter (@TechKonnect) to stay current on technology related matters.

Please like & share:

Update – Windows ADK For Windows 10 (Version 1511)

windows10_adk

Update / Warning:

Aaron Czechowski, Senior Program Manager, Enterprise Client and Mobility has issued a warning regarding the latest release of Windows ADK for Windows 10, version 1511:

“…….there is a serious issue with it that blocks the following Configuration Manager OS deployment scenarios:

  • From Software Center, launch a task sequence that uses a Windows PE v10.0.10586 boot image. When the computer restarts into Windows PE, it will fail when “Initializing hardware devices” with the error: “Windows PE initialization failed with error code 0x80220014.”

At this time, we do not recommend that Configuration Manager customers use the 1511 version of the Windows 10 ADK.”

Johan Arwidmark, a System Center and OSD expert had also posted a warning on November 15, 2015 on his blog post “Inside Windows 10 ADK Build 10586“.

Warning: Do NOT upgrade your ConfigMgr 2012 R2 SP1 or MDT 2013 Update 1 environments to this build yet. For ConfigMgr, even though it seems to fix the x64 UEFI / PXE and Powershell/.NET issue, which is great, the new ADK does break Computer Refresh scenarios (Bare metal works). The error code is 0x80220014. Research and discussions with the product teams in progress… MDT 2013 Update 1 yet to be validated, but error comments on twitter does not give me a warm and fuzzy feeling.”

——————————————————————————————————————–
Original post: November 20, 2015.

The Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1511 is now available from Microsoft’s “Download Kits and Tools for Windows 10” site.

The Windows ADK now includes:

Follow me on Twitter (@Hoorge) and join Tech Konnect on Facebook to stay current on technology related matters.

Please like & share:

Repair Windows Update Agent

Windows-Update

Every now and then, you may discover a computer system that is unable to detect or install available software updates from Microsoft or from your internal Windows Server Update Services (WSUS) repository. You’ll find an error such as 8007000E generated and often times running the Windows Update Troubleshooter FixIt tool is sufficient to fix Windows Update errors, but sometimes a manual approach that requires the deletion of the SoftwareDistribution content and re-registering the Windows Update components is needed, and this can be a tedious task. By using a script, this repair task can be automated.

Here are some batch scripts to help  fix a broken Windows Update Agent on a computer system. The scripts can also be run on a remote system using the ‘psexec‘ tool, which is part of the Sysinternals Suite from Microsoft. Copy and paste the content of your desired batch file below into Notepad and save the file with the “.bat” file extension, for example: repair_wua.bat .

Version 1:

Version 2:

Here’s another Windows Update Agent Reset script available on Technet.
The Windows Update Troubleshooter is available here.

Follow me on Twitter (@Hoorge) and join Tech Konnect on Facebook to stay current on technology related matters.

Please like & share:

Cisco AnyConnect VPN Error – “The file ‘Manifest Tool.exe’ is not marked for installation”

anyconnectwin_reconnect2

Problem:
Error: “The file ‘Manifest Tool.exe’ is not marked for installation” occurs during installation of Cisco AnyConnect client. This generally happens due to a failed upgrade installation of the client..

Solution:
Uninstall any version of the Cisco AnyConnect VPN client if it exist on the system.
Then, edit the registry by following these steps:

  • Launch the Registry Editor by typing “regedit” in the search window or box.
  • If a dialogue box pops up displaying the following: “Do you want to allow the following program to make changes to this computer?”, Click Yes.
  • Browse to the following location: HKEY_CLASSES_ROOT\Installer\Products\
  • Within the Products folder, locate and delete the registry key which contains the product information for Cisco AnyConnect.
    1. Go through each key in the Products folder until you find the one for Cisco AnyConnect. For example, the registry key for Cisco AnyConnect is named {D5BA4DB6420F33A4BAA83AD8BF69D037}
    2. Please note that the version of Cisco AnyConnect that you have may display a different registry key name.
  • Close the registry editor.
  • Install the Cisco AnyConnect client.

** Please make a backup of the registry before deleting or modifying any keys.

Please like & share:

How To Fix Network Print Queue Installation Error 0x0000007e on Windows

Problem:

Adding an HP print queue from a Windows Server 2012 R2 print server on a Windows 7 / Windows 8.1 / Windows 10 system fails with the error:

Solution:

Delete the “BIDI” key from:
HKLM\SYSTEM\CurrentControlSet\Control\Print\Printers\<QueueName>\CopyFiles

You can essentially delete the “CopyFiles” key as well.
** Please backup the registry before attempting this fix. **

Please like & share: