Blog

For the past few months, my computer has been having intermittent issues where it would partially freeze for several minutes at a time. Most of the time, it was Windows system applications that froze like opening the Start Menu, opening Task Manager, and locking/unlocking my computer. The applications would not open, but I could continue to use other applications like Firefox without any problems. After a few minutes, the application that would not open would open, often multiple times as I had tried to open it several times while my computer was not responding.

At first, I had assumed it was a bad Windows update that caused the issues, but the next month's updates did not resolve the issue. I updated all drivers that needed an update, but that did not resolve the issue either. I ran "sfc /scannow" and "dism /online /cleanup-image /restorehealth /Source:D:\sources\install.esd" to attempt to fix corrupt system files and both seemed to resolve the issue for a few days, but then several days later I would have problems again.

One day when I was having problems, I checked the Windows Defender settings and found that real-time protection was enabled. This means that Cylance and Windows Defender would both be trying to perform antivirus protection when a file was accessed. I disabled real-time protection box and performance on my computer immediately improved. I found that the other engineers' Windows Defender Security Center settings recognized that CylancePROTECT was installed and had disabled the Windows Defender virus protection completely. We checked several other PCs that were having similar issues as mine and their Windows Defender did not recognize that Cylance was installed either. I reinstalled CylancePROTECT and it reregistered with Windows Defender. My guess is that CylancePROTECT did not reregister correctly after an update and since Windows Defender no longer saw it installed, Windows Defender turned on the built-in protection.

There are two ways to fix these type of issues when CylancePROTECT or another third-party antivirus becomes unregistered.. The first is to uninstall and reinstall CylancePROTECT, which should reregister CylancePROTECT as an active third-party antivirus. The second is to create a Group Policy to disable Windows Defender Antivirus, which is safe if CylancePROTECT is installed.

To check if this is a problem for you on Windows 10 do the following:

1. Click the Start button
2. Click the Settings gear
3. Type Windows Defender Security Center in the search bar and click the result

Windows Defender should show as below if CylancePROTECT is installed and working correctly. The "Status unavailable" just means that Windows Defender cannot see the settings inside of Cylance and you should open CylancePROTECT to see information about it.

An icon that looks like one of these means that Windows Defender does not recognize CylancePROTECT or other third-party antivirus is installed and Windows Defender Antivirus is active:

How to initialize a Fortigate UTM appliance for disposal or re-use after it has been replaced by a new Fortigate appliance.

Power up the device. Interrupt boot by pressing a key during boot. A menu will be displayed:

Select "F" to format the boot device, and respond "y" to the next question:

The boot device will be formatted and the appliance is now ready for disposal.

I had setup a distribution list where one user had the rights to send as / send on behalf configured. I knew that we needed to show the From field by clicking on the appropriate menu item.

However, to change the from e-mail address to the distribution list's e-mail address was not as straightforward as I thought. I figured that the user would be able to click the down arrow next to "From" and select the other e-mail address, but no other address shows up.

What you have to do is right click on your e-mail address and delete it. Then you can start typing the e-mail address you want to use and "Search Directory". You'll see something like this in which you can select which e-mail to send as.

Many businesses and financial institutions have seen an increase in the number of employee-owned devices over the past few years. Employees are using these devices to access email, download files, launch a remote desktop, or use a Virtual Private Network (VPN) connection for a remote "on network" experience.

Some customers prohibit or restrict personally-owned devices from connecting to the network. However, in some cases, this is not feasible, such as employees or contractors who rarely visit the home office, or employees with very specific device requirements and preferences. The common term for the policy of allowing personal devices is Bring Your Own Device or BYOD.

Unprotected personal devices connecting to the network are a significant security risk. The most common issue with these devices is inadequate anti-virus and anti-malware software. Built-in free solutions like Windows Defender are not up to the task of protecting against the sophisticated zero-day threats which are common today. Additional strategies to manage a BYOD environment include Mobile Device Management (MDM) and Network Access Control (NAC).

CylanceProtect is widely recognized as the leader in the endpoint protection segment, winning multiple industry awards for their machine learning approach to stopping security threats. Over the past 2 years since CoNetrix has been a Cylance partner. We have installed almost 5,000 endpoints for customers across the US.

Last year Cylance released a home version of CylanceProtect called Smart Antivirus. This product is specifically designed to provide the same technology as the corporate version, with easy self-administration and the ability to protect multiple devices in a household for a low annual cost. Windows and macOS devices are currently supported, with support for iOS and Android devices coming later this year.

Smart Antivirus is a great option for an employee security awareness program or as a company-paid benefit for employees and business partners. Individual licenses can be purchased from Cylance using the link below.

https://conetrix.com/cylance-smart-antivirus

Smart Antivirus licenses of 50 or more are available through CoNetrix for a discounted price. Contact CoNetrix Technology sales at techsales@conetrix.com for more information about licensing for CylanceProtect and Smart Antivirus.

When something really messes up Chrome, being logged into your Google account and having Chrome sync settings makes repairing things pretty painless. 

Recently, I couldn't get my LastPass Chrome extension to log into my LastPass account. Since I rely heavily on LastPass to handle various website credentials, I'm handicapped if I can't get it working in the browser extension.

I tried a number of things, including removing and reinstalling the Chrome extension. However, the only thing that solved the problem was to reset Chrome completely. Fortunately, I could restart the browser, log into Google and wait a few minutes for everything (default home pages, bookmarks, browser extensions, etc.) to sync. In this particular case, I had to add the LastPass extension again since the last sync must have been when I had it removed while trying to troubleshoot this problem. The reset fixed the problem and the sync brought me back to my standard Chrome configuration.

I came across a few customers having trouble opening PDF attachments while in Quickbooks. The following message would be displayed, and sometimes it would be random.

"There is a problem with Adobe Acrobat/Reader. If it is running, please exit and try again. (523:523)"

The workaround to resolve the issue is to open Adobe Reader and uncheck "Enable Protected Mode" in the Edit -> Preferences -> Security (Enhanced) options.

​

I recently had a patching issue with SQL Server 2014 SP3. When I tried installing the SP3 update it kept failing with error code 0x858C001E. It turns out that this can be caused if the program files directories for SQL Server are compressed.  The folder paths to check are listed below as documented here: https://wiert.me/2017/03/16/fixing-0x858c001e-error-on-sql-server-20122014-updates/ 

For x86 systems, ensure these directories are not compressed:

• C:\Program Files\Microsoft SQL Server
• C:\Program Files\Microsoft SQL Server Compact Edition

For x64 systems, ensure these directories are not compressed:

• C:\Program Files\Microsoft SQL Server
• C:\Program Files x86\Microsoft SQL Server
• C:\Program Files x86\Microsoft SQL Server Compact Edition

I found that some of the directories were compressed due to the customer trying to free up disk space on the system drive.  After uncompressing the Microsoft SQL Server folders, the update installed, and the server needed a reboot to complete.

We have a customer who is in the process of migrating from one domain ("domain 1") to another so the domain name that will match their current company name ("domain 2"). They have moved a majority of their client PCs from domain 1 to domain 2. The Exchange servers are still in domain 1 and using credentials for domain 1.

After moving to domain 2, users started reporting intermittent Outlook connectivity issues and that they were unable to search in Outlook. Domain 1 has an internal primary DNS zone for their public email domain. In testing, we found that Outlook functioned properly when not connected to the internal network and for client PCs still on domain 1. I originally added conditional forwarders for the public email domains to forward queries from domain 2 to the internal zone on domain 1. This resolved the connectivity issues, but their Outlook search still did not work. I removed the conditional forwarders and duplicated the internal primary DNS zones on domain 2, which resolved the issues.

Part 1: When installing the Fortigate Single Sign-On Agent you need to configure the service account as a local admin on the server where it's being installed.  Fortinet support states that the account has to be a domain admin, but I have confirmed that it only needs local admin rights, and not domain admin rights. 

Part 2:  When installing the Duo Authentication agent on a server to use multi-factor authentication with a Fortigate, it uses port 1812 to communicate with the Fortigate for Radius authentication.  If you have already installed the Fortigate SSO Agent on that same server it will already be using port 1812 to communicate with DCs on the network.  This will cause the Duo agent to fail to start each time you attempt to start the service.There are a couple of possible fixes to this:

1. Change the port on the Fortigate SSO agent to another port (1813).  This will also require that you specify that port on the Fortigate DC Agents installed on your domain controllers.
2. Change the port used by the Duo agent to another port.  This can be done in the configuration file found in the Duo installation directory.  This will also require that you change the default Radius port on the Fortigate via CLI to match what you specified in the Duo configuration.  This may cause issues if your Fortigate uses multiple Radius clients/agents.