How to delete the exclusions from Microsoft defender Win10? - windows-defender

I have problem deleting the following folders from the exclusions because my CPU is on 90% Usage because of these exclusions and I don't know when and why even they are on my list. I have updated windows yesterday and my CPU starts heating up... I scanned the PC and no threat detected. But suddenly I opened the exclusion list and found some garbage is in the list which is not able to delete while the Remove button is disabled.
Is this a ransomware update attack or a malware attack on Microsoft server side which is providing vulnerable updates?

You can do 3 things to delete this.
1: Check Log files of updates and read it what happened during update.
2: Check in Registry if the above list is available in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Exclusions and manually delete them.
3: If the above options didn't solve your Problem, I am sure your PC is hijacked. To solve it read carefully the next part.
Reset Internet Explorer and delete all addons, Delete any new internet browser/Software you have installed after updating Windows and Search for this directory in the registry:
HKLM\SOFTWARE\WOW6432NODE\Microsoft\Security Center\UACDisableNotify - "1""1" -Hijack.Security.UACDisableNotify
If you find this, Just Disconnect Internet, Boot safe Mode and delete all the threats in
HKLM\SOFTWARE\WOW6432NODE\Microsoft\Security Center\
You will find many of them.

Related

NotesSQL to Notes 9 ODBC Connection resulting in IM005(0)[Microsoft][ODBC Driver Manager] Driver's SQLAllocHandle on SQL_HANDLE_DBC failed

Every application I use to initiate an ODBC connection that I've created to my IBM Notes 9 DB results in getting an error during connect:
Driver's SQLAllocHandle on SQL_HANDLE_DBC failed
I have scoured the web trying to correct this and have not been able to find an answer that solves for this issue on my machine. I am able to open and access the Lotus Notes DB within the Notes 9 software. I am able to create the ODBC System DSN and I know that it's connecting to the server properly because all of the available .nsf files populate in the "Database:" dropdown menu when going through the new ODBC connection setup. I am able to see my username which gets populated from my Notes ID file. The issue occurs when I use something to initiate the ODBC connection. I have tried Excel, QlikView, AQT, Teradata SQL Assistant all with the same result. Once I choose the ODBC connection that I've created, and click on "Ok" in each application I've attempted this with, I am met with the same error above.
I used Event Viewer per a suggestion in an older post online and received the message below:
Could not load NSQLE32.EXE. This file must exist in the same directory NSQL32.DLL and NSQLV32.DLL is in. It is possible NSQLE32.EXE could not be loaded because NotesSQL couldn't locate a valid Notes/Domino installation (couldn't find NNOTES.DLL) -- this may be because user (MYUSERID) does not have the correct rights to the Notes/Domino directory. It could also be because NotesSQL can not find your Notes/Domino installation in the Registry. NotesSQL looks for the NNOTES.DLL file by looking in the path pointed to by the following Registry entries -- HKEY_LOCAL_MACHINE\Software\Lotus\Notes{version}\Path : HKEY_LOCAL_MACHINE\Software\Lotus\Domino{version}\Path. If neither of these registry entries exist or they point to an invalid version of Notes/Domino NotesSQL will not work. To resolve -- please re-install Notes/Domino.
Some notes (no pun intended) and things I've done:
Verified that the DLLs mentioned in Event Viewer do exist in the proper directories.
Run the Nsql_ALM.exe application to configure the NotesSQL driver.
Used the 32-bit ODBC Administrator because my Notes 9 is 32 bit, as well as the driver. The 64 bit driver would not even allow installation (attempted this after hitting this roadblock) but the 32 bit installed successfully.
Modified my System Environment Variable for Path to include the true location to notes.ini, which resides in:
C:\Users\MYUSERID\AppData\Local\Lotus\Notes\Data
Modified my System Environment Variable for Path to include the location to the NotesSQL driver, which resides in:
C:\NotesSQL
Modified my registry to ensure that the appropriate strings exist to reference the proper files:
HKEY_CURRENT_USER\Software\Lotus\Notes\NotesIniPath (to notes.ini)
HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes\9.0\Path (to notes application)
HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes\9.0\DataPath (to notes.ini)
HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Domino\9.0\Path (to notes application)
HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Domino\9.0\DataPath (to notes.ini)
Set the NSQLE32.exe application to run in compatibility mode with all other options.
Attempted with everything run as administrator.
Uninstalled both Notes and NotesSQL and reinstalled everything cleanly again.
Attempted a log via Tracing within ODBC Administrator and it will not create a log file when I am attempting the connection. It will populate, however, with all of the system ODBC connections when the calling application attempts a lookup of the existing connections to populate in the dropdown menu. If I start tracing after the dropdown menu has been populated, then attempted the ODBC connection, even multiple times and with multiple versions, a new log file is never created.
I'm not sure where to go from here. Has anybody had this issue and is there something else that I can do in order to fix it?
I was able to correct the issue based on information in the Event Logs (Windows - Application) indicating that the Notes.INI file could not be located. I first added the location of notes.ini to the user and system environment variables, however, the issue persisted. I then moved notes.ini to the c:\NotesSQL folder where database connectivity dll's such as NSQL32.dll are found. This corrected the issue.
The application calling notes is SAP BusinessObjects Edge (Enterprise - Crystal Reports) 4.2 SP07.
notes.ini can not be found - Windows application event log

What is the purpose of MSSQL$SQLEXPRESS and SQLTELEMETRY$SQLEXPRESS folders in SQL Server 17.9

Anybody knows why I have MSSQL$SQLEXPRESS and SQLTELEMETRY$SQLEXPRESS folders in location C:\Windows\Users after installing SQL Server 17.9?
Is it a problem to delete both of them?
They are Service Accounts. They are essentially fake users that get their own user profile directories, which is why they exist in the User directory. You should keep them there (intact) if you plan on continuing to use SQL Server.
In my case, I was trying to migrate user profiles from an SSD to an SSHD data drive, leaving behind a Directory Junction/Symbolic Link. I found it incredibly frustrating that even after uninstalling all SQL Server stuff, these guys remained behind. That is a legitimate reason to get rid of them. You don't have to have mental issues to not want uninstall residue left over. And, I think it's okay to be concerned about potential conflicts down the road, and not wanting to assume that a reinstall will somehow catch it.
Here is how to remove them. (Again, only if not using SQL Server at all):
• Remove the services in a cmd window:
sc delete MSSQL$SQLExpress
sc delete SQLTELEMETRY$SQLEXPRESS
then
• Open services.msc and Stop the services (I can't remember what they're called, but they both start with SQL and have SQLEXPRESS in their name)
then
• Delete the directories. If doing it from a cmd window:
rd "c:\users\MSSQL$SQLExpress\" /s/q
rd "c:\users\SQLTELEMETRY$SQLEXPRESS\" /s/q

Windows could not start the Apache CouchDB service on Local Computer

I have installed CouchDB on my Windows machine but while starting the CouchDB service, I am getting a message like:
Windows could not start the Apache CouchDB service on Local Computer. The service did not return an error. This could be an internal Windows error or an internal service error. If the problem persists, please contact your system administrator.
As the service is not running, I am unable to access Fauxton too.
I am using Windows 7. CouchDB is 2.0.0. Port 5984 is not in use.
I don't think your question is a duplicate of https://stackoverflow.com/a/44107335/219187 because you are on Windows 7, and the problem described there is for Windows 10 with the creators update.
But maybe the solution fixes your problem as well? Here is the procedure:
Download the prelease build 2.2.4-101 from https://nssm.cc/download
Stop the CouchDB service through the Windows Services dialog (paused is not enough)
Overwrite nssm.exe in <CouchDbInstallDir>\bin with the one from the downloaded ZIP file (make sure you pick the right version 32 bit / 64 bit)
Start the CouchDB service
Issue it's happening since the last updates released by Microsoft. I'm not completely aware of what's causing it, but I think it's something related to CouchDB service not been able to start using Local Administrator rights.
However I've managed to start the service manually, by doing so:
Open Command Prompt - in the Search from the Start Menu or Task Bar type "cmd"
Run it as an Administrator - right click on the Command Prompt application and choose "Run as administrator" option /this is really IMPORTANT as it will allow the service to have administrator access/
Navigate to the folder where CouchDB is install - default path is "D:/CouchDB", but could be anywhere else; you have to find it
Go to the "bin" folder in there
Type "couchdb" as a command to start the service
You will see a message showing after this - "kernel-poll not supported; "K" parameter ignored"
If it adds some error messages after it or closes the whole terminal, you're making some things bad from this guide, so follow it strictly.
You can now open up the Fauxton application in the browser like normal from here - http://localhost:5984/_utils/
Keep in mind that you have to leave the cmd opened in order the service to be working as expected. As far as I saw no information was lost, so it's all good.
This is a temporary solution though, as we are waiting a relase from either Microsoft or Apache to solve the issue, or at least give us more explanation about it.
i just met the same problem.
the cause is space, you have to install CouchDB in a path without any space, even Program Files folder, because there is a space between Program and Files...

Remove computer from Configuration Manager (System Center 2012 R2) with script/batch/programatically?

We are having trouble with the Config Manager client randomly getting corrupted during installation on new computers. We are currently rebuilding our image, but in the meantime, we are implementing a short term solution where we simply completely uninstall Config Manager Client, remove the computer object from the Config Manager console, and then reinstall the client.
In an effort to reduce the "clicks" that our help desk techs would have to preform, I would like to write a simple script/batch/program/whatever to just do it in one fell swoop. My only holdup is that I don't know how to invoke Configuration Manager via the command line or Powershell and remove a computer from our Devices.
Is this even possible? I can't find any documentation from Microsoft.
Found my answer. There is a wealth of Configuration Manager cmdlets available. I simply used "CM-GetDevice" to find a device, and then "Remove-CMDevice" to remove it completely.
http://technet.microsoft.com/en-us/library/jj821831(v=sc.20).aspx

Is it possible to suppress MS Access "Security Warning" prompt without signing the project?

Background: One of my coworkers has a project that is written in VBA to use MS Access 2003 Run-time as a front-end for a MSSQL database. It's an internal project used by multiple users operating in terminal sessions on a Server 2008 R2 box.
Problem: Every time the Access project is opened, users are greeted with a Security Warning:
This file may not be safe if it contains code that was intended to harm your computer.
They have the option to Cancel or Open. The users would like to be able to skip this prompt.
Since the full version of Access is not installed, users cannot alter their individual security levels and the VBA project cannot be signed with selfcert.exe certificates. (I'm not sure that it would work for multiple users anyway?).
Ideal fix: I'm hoping there's GPO or registry key that alters security settings for Access Runtime, but am open to other suggestions. I'm sure the problem could be fixed by purchasing a license for the full version of Access and a certificate from an approved CA, but this project doesn't have any budget for it.
Update: Have confirmed that the guy who put this project together did it in Access 2003 and does not want to re-test for Access 2007/2010 runtimes. So we're stuck with 2003 Runtime.
Very late answer, but it might help someone. There is a way to do this. I created a shell for my Access apps (originally just to auto update my applications), and during this discovered you can completely workaround Access 2003 security (& 2007 etc with Remou's Trusted Locations).
Set the SecurityLevel in the registry, run the mdb via commandline, reset the registry.
Root: HKCU; Subkey: SOFTWARE\Microsoft\Office\11.0\Access\Security; ValueType: dword; ValueName: Level; ValueData: 1; Check: IsAccInstalled('11.0'); Flags: dontcreatekey
Level 1 = Low, No action; 2 = (Default) Medium, Prompt; 3 = High, Deny?
You can also run your mdb with COM, setting the SecurityLevel via COM before opening the mdb.
However COM wont work for runtime (and you cant identify the OS process later via a unique commandline as I needed to)
Answering this one just to say that no, there doesn't appear to be a way to avoid the security warning for Access 2003 Runtime without actually signing the project.