Announcing Windows 11 Insider Preview Build 25131

Hi all, last Thursday Microsoft released Windows 11 Insider Preview Build 25131 to the Dev Channel.

The new store app pop-up experience is great!

clicking ‘get in store app’ now opens up a mini store interface

Happy Upgrades!

Fixes

[General]

  • Fixed an issue causing some Insider PCs with certain AMD processors to bugcheck and roll back when attempting to upgrade to last week’s flight. This issue is also believed to be the cause of some Insiders experiencing a bugcheck after enabling SVM in the bios on their PCs in the last build.
  • Fixed an issue which was causing some Insiders with secondary accounts on their PC to not be able to upgrade to the latest builds.

[File Explorer]

  • The new folder icon used in the command bar should be consistent with the one used in the context menu now.
  • Fixed an issue which could lead to File Explorer hanging when browsing folders with lots of .mkv files.
  • Fixed an issue which was causing searching from Home to not return any results sometimes from the Open or Save dialog (when doing it from File Explorer returned results).

[Search]

  • Searching for something like %appdata% should now show a proper folder icon and not just a blank square.
  • When selecting “Open file location” for a search result, it should now select the file in the folder again now, and not just open the folder.

[Settings]

  • Searching for “default” will now return the default apps Settings page as the first result, and not require you to click “show all results” in order to see it.
  • Fixed an issue where the “Listen to this device” audio option would stop working after a reboot until being unchecked and rechecked.
  • Narrator will now read out the position of the radio buttons in the Settings > Accessibility Color filters page to make it easier to navigate.

[Other]       

  • Hovering over “Do you like what you see?” when using Windows Spotlight on the lock screen should no longer display a shadow which extends to the bottom of the screen.
  • Fixed an issue which was leading to certain frame rate monitoring applications impacting game performance.
  • Fixed an issue that could cause rounded corners to unexpectedly become pixelated at certain scale factors.

NOTE: Some fixes noted here in Insider Preview builds from the Dev Channel may make their way into the servicing updates for the released version of Windows 11.

Known issues

[General]

  • [NEW] Windows Insiders on Surface Pro X devices will hit a black screen attempting to resume from hibernate on this build. You will need to power cycle (long power button shutdown) to get back into the device. It is recommended Insiders on these devices pause flighting until we release a build with this fix.
  • [NEW] We’re investigating reports that shutting down via the Start menu isn’t working for some Insiders and is unexpectedly rebooting instead.
  • Some games that use Easy Anti-Cheat may crash or cause your PC to bugcheck.

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

Microsoft Store Update (Version 22205.1401.3.0)

We are beginning to roll out a Microsoft Store update to Windows Insiders in the Dev Channel with the following changes and improvements:

Native Arm64 support: We’ve improved the Microsoft Store app experience on ARM64 devices. You’ll see faster and better performance when you use the app.

Improved app updates: We improved updates when clicking Update buttons in the Microsoft Store. We’ll skip over apps that you have open, so you don’t lose any important work. You can manually update the apps later.

Improved Android apps support for the pop-up store experience: When you’re browsing the web, you might discover a new app. If it’s available in the Microsoft Store, we’ll show you a pop-up experience to help you install it. This experience now supports free Android apps (depending on device compatibility and age rating).

Faster navigation: We have improved the browsing experience.

Faster navigation in the Microsoft Store.
Faster navigation in the Microsoft Store.

Improved viewing options UX for movies and TV shows: Ready for a new show but not sure how to watch it? Once you’ve selected a TV show or movie, you can see all your viewing options in a single list.

Improved media purchase options in the Microsoft Store.
Improved media purchase options in the Microsoft Store.

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Microsoft Store.

source: Windows Blogs

Have you really turned it off and on again?

Yes it’s the all time classic answer calling Helpdesk, but things have changed since Windows has Fast Startup enabled by default.

This happened with the release of Windows 8.x, before then a simple restart was equal to turning it of and on again.

Users will tell you they already restarted the device & the issue is still there… quite possible if it is present in the system session

Newer versions of Windows react differently, selecting shutdown will log off the user & hibernate the operating system for faster starting, this means when you just shut down your machine any problem in the user session will be ‘reset/fixed’, any problem that resides in the non-user part will be hibernated & resumed as it was, not fixing anything…

to check if the option is on, open powercfg.cpl & select ‘Choose what the power button does’ – the option ‘turn on fast startup’ is greyed out & on

Command line: powercfg /a
if Fast Startup is listed as available, it’s on

Lot’s of websites show how to disable fast startup to avoid this behavior, losing the benefit of the feature .

There’s no need to turn it off, if you want to do a ‘clean’ startup the easiest way is to press and hold the SHIFT key while selecting shutdown, this triggers Windows to ‘really’ shut down.

SHIFT + Shutdown = Full Shutdown
SHIFT + Restart = Full Shutdown & boot to WinRE

If you use the shutdown command in a command box, run / CMD / WT / PowerShell running ‘shutdown /s’ will also trigger a full shutdown (adding /hybrid would prepare for fast start)

Shutdown.exe /s – Full Shutdown
Shutdown.exe /r = Full Shutdown + restart

Announcing Windows 11 Insider Preview Build 25126

Hi all, last Wednesday Microsoft released Windows 11 Insider Preview Build 25126 to the Dev Channel.

After the upgrade Edge Canary kept crashing opening any page, this was persistent after a normal reboot, but fixed after a Shift + Shutdown (Feedback Hub: https://aka.ms/AAh1eob)

Happy Upgrades!

What’s new in Build 25126

Account settings page improvements

In October, we introduced subscription management in Settings > Accounts, which enabled you to view your Microsoft 365 subscriptions in Windows 11. With this build, we’re making it easier for you to view all supported Office perpetual products such as Office 2021 or Office 2019 associated with your account within Settings > Accounts.

All supported Microsoft 365 Office products licensed to your account shown under Account settings.
All supported Microsoft 365 Office products licensed to your account shown under Account settings.

This update will allow you to view all supported Microsoft 365 Office products licensed to your account and you can view details about your product or install Office by clicking the “View Details” button. This information is shown on the Microsoft account management page and you will now be able to view these datils in Windows 11 via Settings > Accounts as shown in the above screenshot, starting with this build.

[We are beginning to roll this feature out, so it isn’t available to all Insiders just yet as we plan to monitor feedback and see how it lands before pushing it out to everyone.]

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Settings > User Profile Account Settings.

Fixes

[General]

  • We fixed the issue causing some Insiders to experience a bugcheck with error DRIVER_IRQL_NOT_LESS_OR_EQUAL in pci.sys causing a rollback trying to install the latest builds in the Dev Channel.
  • We did work to mitigate the issue causing the Program Compatibility Assistant Service to use an unexpectedly large amount of CPU for some Insiders after upgrading to the latest Insider Preview builds in the Dev Channel.

[Start menu]

  • If the touch keyboard is docked it should no longer unexpectedly dismiss when trying to edit the name of a folder in Start.

[Search]

  • Fixed a high hitting explorer.exe crash that could happen when using Search.

[Settings]

  • The preview image under Personalization > Lock Screen should no longer be backwards when using an Arabic or Hebrew display language.

[Task Manager]

  • If explorer.exe has hung, that should no longer hang Task Manager.
  • Fixed an issue where the context menus weren’t following the same mode (light or dark) as Task Manager itself for some Insiders.
  • Fixed a typo in the “Minimize on use” tooltip.
  • If you’ve hidden the graphs on the side of the Performance page, the color of the circles used instead should now match the graph in the summary view.
  • Addressed an issue where the Not Responding status for certain apps wasn’t being reflected on the Processes page.

[Windows Sandbox]

  • Removed the Lock option in Start menu as it didn’t work.

[Other]

  • Fixed an issue where using “Open All Active Printers” from the printer icon in the system tray would unexpectedly open File Explorer when there were no active queues.

NOTE: Some fixes noted here in Insider Preview builds from the Dev Channel may make their way into the servicing updates for the released version of Windows 11.

Known issues

[General]

  • Some games that use Easy Anti-Cheat may crash or cause your PC to bugcheck.

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 25120

Hello all, last Wednesday Microsoft released Windows 11 Insider Preview Build 25120 to the Dev Channel.

Upgrades went smooth here,

If you use reset this pc on 25115 or 25120 after the reset the Windows Security app is missing https://aka.ms/AAgyq8g

Changes and Improvements

[General]

As described in our in our blog post here, Windows Insiders who use the Dev Channel may get to try out new ideas, longer lead features, and experiences that are intended to help validate concepts. Starting with this preview build, some Insiders will see one of these conceptual features as we begin to explore exposing lightweight interactive content on the Windows desktop. Today, Windows exposes this type of content in the Widgets board. To begin assessing this general idea and interaction model, the first exploration in this area adds a search box displayed on the desktop that enables you to search the web.

Example of interactive content on the desktop.
Example of interactive content on the desktop.

If you would like to remove this search box, you can right-click on the desktop, choose “Show more options,” and toggle the “Show search” option.

We are excited to learn your feedback on this interaction model, so please use the Feedback Hub to provide feedback if you receive this experiment.

NOTE: A reboot is required after updating to this build to trigger this experience but please note that not all Windows Insiders will have this experience enabled even after reboot.

Fixes

[Suggested Actions]

  • Suggested actions should appear for more date and time formats now.
  • Addressed some issues with certain formats when copying a date and/or time.
  • Improved overall performance and reliability of the feature.

[Settings]

  • Fixed an issue that could crash Settings when opening and looking at the battery usage graph.
  • Improved performance of displaying Wi-Fi networks after enabling Wi-Fi from the Wi-Fi section of Quick Settings.

[Task Manager]

  • Addressed an issue leading to some unreadable text in the Performance page when a contrast theme was enabled.

[Other]

  • Fixed an issue which could cause Windows Update to stall and roll back updates for WSA users.
  • Did some work to address a stutter in the progress wheel animation when upgrading to a new build.

NOTE: Some fixes noted here in Insider Preview builds from the Dev Channel may make their way into the servicing updates for the released version of Windows 11.

Known issues

[General]

  • Some games that use Easy Anti-Cheat may crash or cause your PC to bugcheck.
  • [ADDED 5/20] We’re investigating reports that some Insiders are seeing a bugcheck with error DRIVER_IRQL_NOT_LESS_OR_EQUAL in pci.sys when attempting to upgrade to this build.
  • [ADDED 5/20] We’re investigating reports that Program Compatibility Assistant Service is using an unexpectedly large amount of CPU for some Insiders after upgrading to this build.

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

source: Windows Blogs

Advanced Wi-Fi troubleshooting in Windows (Wlan-Report)

Users having network connection issues are no fun, wired troubleshooting is mostly straight forward.

Wireless connections however can be an bigger challenge…

1st thing to do usually is checking for driver updates for the adapter so far easy.

Users having issue sometimes & usually not when you’re at the device to help them can be more difficult.

“lost connection 3 times today but it looks fine now” how can we address this?

  • digging through event logs?
  • running tests?
  • adding scripts & more logging?
  • digging through Access Point logs? They only show 1 side of the story.

Wait a minute maybe there’s something under the hood in Windows.

You can pull a report of the device with all the info you were trying to collect in the steps above with 1 simple command – The Wlan-Report
Even what happened in the last 3 days is included

  • open up an elevated prompt of you choice
  • enter: netsh wlan show wlan

The command will trigger a bunch of test an log queries & produce a complete report in html format

Fastest way to access the report is to copy & paste the C:\ProgramData\Microsoft\Windows\WlanReport\wlan-report-latest.html back into the prompt window & press enter

This html format is easy to navigate thanks to the clickable circles on the top graphic, selecting one will send you to the lower located details of the event, no need for reading the entire report. to get back to the top of the report just select the Top link on the left of your view

All Network adapters listed with their driver version

The Script Output block has all of the commands you might want to do to check for an active issue on ipconfig, certificates, wireless profiles,…

conclusion:

Troubleshooting the client side of a Wi-Fi problem gets easy & fast with this command

Netsh Wlan Show Wlan

Announcing Windows 11 Insider Preview Build 25115

Hi all, last Wednesday Microsoft released Windows 11 Insider Preview Build 25115 to the Dev Channel.

This is the 1st release where Dev Channel marches into the 25xxx build numbers lots of new stuff to be expected in the coming builds

Make sure you’re on the Dev channel & got your Windows Insider account linked, a couple of my devices needed to be re-linked & set to Dev to show the 25115 build instead of the 22621 build ready for download

Driver verification device still fails to load the driver post upgrade (Feedback Hub: https://aka.ms/AAgxkij )

IMPORTANT: With this build getting released to the Dev Channel, the window closes for you to be able to switch from the Dev Channel to the Beta Channel since your device will be on a higher build number than what is provided in the Beta Channel. If your device installs this build and you decide you want to switch, you have 10 days or until we release a newer build to the Dev Channel to roll back and switch to the Beta Channel. If you do not roll back within 10 days or your device takes another new build, the only way to switch to the Beta Channel is to do a clean installation of the released version of Windows 11 on your device to switch to the Beta Channel.

TL;DR

  • This build will not be offered to ARM64 PCs. We hope to be able to offer a new build for Insiders on ARM64 PCs soon.
  • This build includes one new feature for Windows Insiders to try out called Suggested Actions.
  • We have a good set of general improvements and fixes in this build too.
  • We’re now previewing the new Sound Recorder with Windows Insiders in the Dev Channel.

What’s new in Build 25115

Suggested Actions

Windows Insiders can try out a new feature in this build for making everyday tasks quicker in Windows 11 through inline suggested actions. When you copy a date, time, or phone number, Windows will suggest actions relevant to you such as creating calendar events or making phone calls with your favorite apps.

  • On copying a phone number, Windows will pop up an inline light dismissible UI that suggests ways to call the phone number using Teams or other installed apps that offer click-to-dial call functions.
Inline suggested actions after copying a phone number.
Inline suggested actions after copying a phone number.
  • On copying a date and/or time, Windows will pop up an inline light dismissible UI that suggests creating the event using supported calendar apps. Upon user selection of preference, the app is launched with its corresponding calendar event creation page with auto filled date and/or time.
Inline suggested actions after copying a date or time.
Inline suggested actions after copying a date or time.

[UPDATE 5/12] This feature is currently only available to Windows Insiders in the U.S. 

FEEDBACK: Please file feedback in Feedback Hub (WIN + F) under Desktop Environment  > Suggested actions on copy.

Changes and Improvements

[General]

  • We updated the icons in the Windows Recovery Environment (WinRE) on this build.

Fixes

[General]

  • Updated the underlying speech platform to improve voice activity detection for voice access, live captions, and voice typing, as well as address some issues with how punctuation is recognized.

[Taskbar]

  • Fixed an issue related to loading the system tray icons in Settings > Personalization > Taskbar which could cause Settings to crash when opening that page recently. This issue may have also led to some explorer.exe crashes for impacted Insiders.

[File Explorer]

  • Fixed an issue leading to Insiders seeing error 0x800703E6 when copying files from Google Drive.
  • We made another change to help improve the performance of loading Home.
  • Fixed an issue where if you had ever opened the context menu, doing CTRL + ALT + DEL and cancelling would lead to explorer.exe crashing.
  • Fixed a sporadic explorer.exe crash when closing File Explorer windows.

[Settings]

  • Fixed an issue where if Settings suspended, it could lock up explorer.exe in certain cases.
  • Improved how Narrator reads out remaining space available in System > Storage.

[Task Manager]

  • Fixed some issues related to access key use in Task Manager, including that you weren’t able to directly press ALT + without first releasing the ALT key, and that displaying the access keys wouldn’t work after having used and dismissed them.
  • If the CPU reaches 100%, the CPU column header should no longer unexpectedly become unreadable in dark mode.

[Windows Security]

  • Fixed an issue which could result in Smart App Control unexpectedly blocking correctly signed applications.

[Other]

  • Addressed an issue which was leading to Memory Integrity unexpectedly getting turned off in some cases after rebooting.
  • Fixed an issue causing the Update Stack Package to show install error 0xc4800010.

Known issues

[General]

  • [NEW] Some games that use Easy Anti-Cheat may crash or cause your PC to bugcheck.

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

About the Dev [Updated!]

The Dev Channel receives builds that represent long lead work from our engineers with features and experiences that may never get released as we try out different concepts and get feedback. It is important to remember that the builds we release to the Dev Channel should not be seen as matched to any specific release of Windows and the features included may change over time, be removed, or replaced in Insider builds or may never be released beyond Windows Insiders to general customers. For more information, please read this blog post about how we plan to use the Dev Channel to incubate new ideas, work on long lead items, and control the states of individual features.

These aren’t always stable builds, and sometimes you will see issues that block key activities or require workarounds. It is important to make sure you read the known issues listed in our blog posts as we document many of these issues with each flight.

Build numbers are higher in the Dev Channel than the Windows 11 preview builds in the Beta and Release Preview Channels. You will not be able to switch from the Dev Channel to the Beta or Release Preview Channels without doing a clean install back to the released version of Windows 11 currently.

The desktop watermark you see at the lower right corner of your desktop is normal for these pre-release builds.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 22621

Hi all, Last Wednesday Microsoft released Windows 11 Insider Preview Build 22621 to the Beta Channel.

TL;DR

  • We are releasing ISOs for this build – they can be downloaded here.
  • This build includes a small set of fixes that will improve the overall experience for Windows Insiders on their devices.

Changes and Improvements

[General]

  • [REMINDER] The build watermark at the lower right-hand corner of the desktop is no longer present in this build. This doesn’t mean we’re done, and the watermark will return to Insiders in a future build.

Fixes

[General]

  • Updated the underlying speech platform to improve voice activity detection for voice access, live captions, and voice typing, as well as address some issues with how punctuation is recognized.

[File Explorer]

  • Fixed an issue leading to Insiders seeing error 0x800703E6 when copying files from Google Drive.
  • Fixed an issue where if you had ever opened the context menu, doing CTRL + ALT + DEL and cancelling would lead to explorer.exe crashing.

[Taskbar]

  • Fixed an issue related to loading the system tray icons in Settings > Personalization > Taskbar which could cause Settings to crash when opening that page recently. This issue may have also led to some explorer.exe crashes for impacted Insiders.

[Windows Security]

  • Fixed an issue which could result in Smart App Control unexpectedly blocking correctly signed applications.

Known issues

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

source: Windows Blogs

Announcing Windows 11 Insider Preview Build 22616

Hi all, last Thursday Microsoft released Windows 11 Insider Preview Build 22616 to the Dev and Beta Channels.

Quick & smooth upgrades here, Smart App Control still triggers some messages during the upgrade but didn’t seem to break the upgrade or disable any devices post upgrade.

Changes and Improvements

[General]

  • [REMINDER] The build watermark at the lower right-hand corner of the desktop is no longer present in this build. This doesn’t mean we’re done, and the watermark will return to Insiders in a future build.

[Taskbar]

  • As a result of feedback from Windows Insiders, we have decided to disable the changes to the system tray introduced in Build 22581 for now. The system tray and specifically the “Show hidden icons” flyout will now function the same way it did with the original release of Windows 11, including the ability to rearrange icons in the flyout. We hope to bring these changes back in the future after further refinement of the experience by addressing some of the feedback we have received. As we’ve mentioned previously, features we try out in the Dev or Beta Channels may not always ship.

[Other]

  • Previously, we shared new requirements for internet and MSA on the Windows 11 Pro edition. Today, Windows Insiders on Windows 11 Pro edition will now require MSA and internet connectivity during the initial device setup (OOBE) only when setting up for personal use. If you choose to setup device for Work or School, there is no change, and it will work the same way as before.

Fixes

[General]

  • We fixed an issue where performance and reliability of explorer.exe could degrade over time, eventually resulting in a bugcheck, in the recent Insider Preview builds.

[Taskbar]

  • We fixed the issue causing the “Show hidden icons” flyout in the system tray to disappear completely for some Insiders, even though it shows as “on” under Settings > Personalization > Taskbar and “Other system tray icons”.

[Input]

  • Fixed an issue which was leading to some apps crashing when pressing the half-width/full-width key while using the Japanese IME.

[Widgets]

  • Fixed an issue where if you tried to open the widgets board using a gesture from the side of the screen, you would see the widgets board open and then immediately close.
  • Fixed an issue where users were unable to use the swipe functionality to reliably invoke Widgets.

[Settings]

  • Fixed an issue that could cause Quick Settings to crash when projecting to certain wireless devices.

[Windowing]

  • Addressed an issue where using the 3-finger on-screen touch gesture for minimizing could cause animations to stop working across the system.
  • Fixed an issue impacting DWM reliability in recent flights.
  • Fixed an issue which was causing some apps like Settings to open blank if they were re-opened an upgrade or reboot.

[Task Manager]

  • We fixed an issue that was causing the process list to fluctuate between Apps & Background groups when clicking on Efficiency mode from the command bar

[Windows Sandbox]

  • Fixed an underlying issue which could cause some text in Windows Sandbox to appear as black boxes in certain cases.

[Other]

  • Fixed an issue leading to Windows Update notifications showing they were sent from “Windows.SystemToast.WindowsUpdate.MoNotification” instead of “Windows Update”.

Known issues

[Live captions]

  • Certain apps in full screen (e.g., video players) prevent live captions from being visible.
  • Certain apps positioned near the top of the screen and closed before live captions is run will re-launch behind the live captions window positioned at top. Use the system menu (ALT + Spacebar) while the app has focus to move the app’s window further down.

REMINDER: Window for switching from Dev Channel to the Beta Channel is closing soon!

Now that the Dev and Beta Channels are receiving the same builds, the window is still open (but closing soon!) for you to switch channels following these simple steps:

  1. Open Settings > Windows Update > Windows Insider Program.
  2. Select Choose your Insider settings
  3. Select Beta Channel.
  4. The next time you receive an update, it will be for your new channel.

IMPORTANT: This window will close once we release builds with higher build numbers to the Dev Channel. If your device stays on the Dev Channel and receives a build that is a higher build number than what is in the Beta Channel, you will have to do a clean installation of the released version of Windows 11 on your device to switch to the Beta Channel.

No action is required if you want to continue receiving the Windows 11 Insider Preview Builds in the Dev Channel.

source: Windows Blogs

Keeping your Sysinternals Tools up 2 date

Sysinternals Tools are the must have toolset for any IT-Pro keeping them up2date got a lot easier on Windows 10 and 11 since they were added to the Windows Store:

Screenshot of Sysinternals Suite in the store

https://www.microsoft.com/store/productId/9P7KNL5RWT25

The entire suite always up to date & at your fingertips:

The Tools in Start

Great for local use, if you want to take the files to another device this turns out challenging as they are located in the App’s folder.

I’m using this PowerShell script to update my local copy of https://live.sysinternals.com in C:\tools

$SysInternals = ''
Set-Location 'C:\Tools'
while (!$SysInternals) { (Clear-DnsClientCache), (net use r: \\live.sysinternals.com\tools), (Write-Host "getting toolslist..."), ($SysInternals = (Get-ChildItem \\live.sysinternals.com\tools\)) }
foreach ($File in $SysInternals) {
    if (Test-Path $File.Name) {
        if ($File.LastWriteTime -ne (get-Item $File.Name).LastWriteTime) {
            Write-Host $File.Name "is out of date. Downloading new version..."   
            Copy-Item \\live.sysinternals.com\tools\$file -Force
        } #end If LastWriteTime
        else {
            Write-Host $File.Name "is up to date."
        } #end If LastWriteTime
    } #end Test-Path
    else {
        Write-Host $File.Name "is new. Downloading..."
        Copy-Item \\live.sysinternals.com\tools\$file -Force
    } #end else Test-Path
} #end foreach $file
net use r: /delete

The script compares the local folder to the website & only downloads missing and out of date files

(the mapping of the r: is used to make sure the connection is up before the rest of the script runs)

If you make a scheduled task with:

powershell.exe -executionpolicy bypass -file “PSSysinternalsupdateTechnine.ps1”

you’ll have an always up2date folder at hand.

Catching Malware Like Pro – Part 2

In part 1 I wrote about the use of multiple engines at once for 1 file, now let’s see how to quickly check a device for malware using the same technology.

The VirusTotal service has an api interface & can be used scripted.

Sysinternals a must have toolset for every ITPro has integrated the service in 2 of their tools:

Sysinternals Tools are availabe in multiple ways:

Process Explorer & Autoruns

Process Explorer is commonly referred to as an advanced Task manager

Screenshot of Process Explorer

Autoruns is the one place to see everything that gets started when Windows starts up

Screenshot of Autoruns

Both of these tools have VirusTotal integration, slightly different to activate:

For process explorer open the options menu / VirusTotal.com & select Check VirusTotal.com

You will need to accept the terms for VirusTotal the 1st time and if you want you can also enable automatic submit of unknown executables.

Now you almost instantly know the result on virus total for all your running processes (right column)
(screenshot made on a device with preview Windows & Office causing some false positives)

For Autoruns select the Options menu / Scan Options

Enable the Check VirusTotal.com option & optionally Submit Unknown Images

Again in a few seconds you have the result for all startup items on you device

Conclusion:

If you want to know if anything possible malicious is running on your device, these 2 tools give you near to instant info on all running & startup items on your device

Tips:

If any item has a hit, just click the score in the Virus Total column to open up the result page on the website to confirm what engines detect the issue & probably can already fix it.

If you get a low score, check the results to make sure it’s not a false positive by 1 or 2 engines

It’s good to have these tools close, but make sure you always use the updated version