How to Turn On or Off Hyper-V Enhanced Session Mode in Windows 10

Hyper-V enables running virtualized computer systems on top of a physical host. These virtualized systems (aka: guests) can be used and managed just as if they were physical computer systems, however they exist in a virtualized and isolated environment.

You can give a virtual machine access to a computer’s local resources, like a removable USB flash drive, when you use Virtual Connection Manager (VMConnect). To make this happen, turn on enhanced session mode on the Hyper-V host, use VMConnect to connect to the virtual machine, and before you connect, choose the local resource that you want to use.

Enhanced session mode provides the following new capabilities for Virtual Machine Connection sessions:

•Display Configuration
•Audio redirection
•Printer redirection
•Full clipboard support (improved over limited prior-generation clipboard support)
•Smart Card support
•USB Device redirection
•Drive redirection
•Redirection for supported Plug and Play devices

This tutorial will show you how to turn on or off Hyper-V enhanced session mode for your account and/or all accounts in Windows 10.

Read more…

The Week in Ransomware – July 22 2016 – Stampado, Bart, HolyCrypt, and More

10 WordPress tricks bloggers may not be aware of

Microsoft Services Agreement and Privacy Statement Update

Own/Use SonicWALL? You probably should apply this patch!

Dell patches critical flaws in SonicWALL Global Management System

Get help with the search box in #Windows10

Check out the great offers and new titles in the @WindowsStore this week

Hidden ‘backdoor’ in Dell security software gives hackers full access

Microsoft Ships First Cumulative Update for Windows 10 Version 1607

Tor Project writes about their plans to protect Internet of Things

Malware – 2016 Rio Olympics will be a key theme to bait users

Already “fake Olympic 2016 tickets” and other spammed items are now circulating. Major world events like this, offer the proverbial cheese in the mousetrap for “click happy” users.

Hackers are targeting the Rio Olympics, so watch out for these cyberthreats. The Olympic Games in Rio de Janeiro will attract more than just athletes and tourists this year. Hackers from across the world will also be on the prowl, trying to exploit the international event.  That means visitors to the Olympics and even people watching from home should be careful. Cyberthreats related to the games will probably escalate over the coming weeks and could creep into your inbox or the websites you visit.

During past major sporting events, hackers have come up with fake ticketing and betting services to commit fraud on unsuspecting users. They’ll also use phishing emails and social media posts to spread malware.  Computer users will see these messages and links, expecting to view a video on a record-breaking Javelin throw or a bargain on great seats to the event. But in reality, they’ll end up downloading ransomware that can take their data hostage, Kapuria warned.

How to Hide or Show Notifications when Duplicating Screen in Windows 10

Display Switch is used to change the presentation mode of the main display of your Windows 10 PC to project on either the PC screen only, duplicate on second display, extend across all displays, or second screen only.

When you are duplicating your screen during say a presentation, you may not want to have any notifications show.

This tutorial will show you how to hide or show notifications when you are duplicating your screen in Windows 10.

Read more…

Check out today’s #FridayFive featuring MVPs @akfash @janaks09 @ryanjadams

System Center ConfigMgr Update 1606

PowerShell in Action–Deal of the Day-23 July 2016

Deal of the Day July 23: Half off my book Windows PowerShell in Action, Third Edition. Use code dotd072316au at


Deal of the Day details at

Avoid this “Authorize your #Twitter account” phishing scam

Removal instructions for DefaultTab

What is DefaultTab?

The Malwarebytes research team has determined that DefaultTab is a browser hijacker. These so-called “hijackers” manipulate your browser(s), for example to change your startpage or searchscopes, so that the affected browser visits their site or one of their choice. This one also displays advertisements.

Parallel copy files over remoting session

In response to this post –


I was asked how you could copy files in parallel to multiple machines.


As soon as anyone mentions parallelism I think of workflows so I ended up with this

$computers = ‘W16TP5TGT01’, ‘W16TP5TGT02’

workflow parallelcopy {
  param ([string[]]$computername)
  foreach -parallel ($computer in $computername) {
     InlineScript {
       $s = New-PSSession -ComputerName $using:computer
       Copy-Item -Path C:ScriptsNew-NanoMachine.ps1 -Destination C:Source -ToSession $s
       Remove-PSSession -Session $s

parallelcopy -computername $computers


A couple of issues I found. First off –Tosession and –FromSession haven’t been added to the Copy-Item workflow activity. This means you have to use an Inline script block to access those parameters


Secondly accessing a emoting session created outside of the workflow generates a session busy error when trying to perform the copy so have to move the session creation into the Inline script.


If you had a lot of files, or a lot of data, to copy to multiple machines this approach may be worthwhile. For small amounts of data then the approach in the original article is probably best.

AVG releases Decryptor for Bart Ransomware

AVG has released a decryptor for the Bart Ransomware infection, which stores your files in password-protected zip files. Created by the same actors behind Dridex and Locky, Bart Ransomware will password protect a victim’s data without communicating with a command & control server. This allows the ransomware to password protect a victim’s files even if the computer is not connected to the Internet.

Using AVG’s decryptor is fairly straight forward, but does require a victim to have the same file in its password-protected zip format and its original format.  These two files will then be compared by the AVG decryptor in order to assist in brute forcing the password for the zip file. So for example, to use the decryptor I could use the Window sample picture desert.jpg and its Bart zipped counterpart

What I usually do is create a folder on the desktop and put the samples being used for the comparison in the same folder as shown below.

Online scams: Why haven’t we won yet?

We here at Malwarebytes Labs have been posting on the ins and outs of tech support scams since 2013. (First post here, if you’re interested). That amounts to at least a decade in computer years.

So with all that time, effort, and analysis, why are these people still in business? They’re generally technically inept, have atrocious OPSEC, don’t vary their operations in the slightest, and have been publicly exposed countless times. And yet. . .

Recent Comments