Q: I can read Configuration Manager status messages using the Monitoring tab. Can I do it using PowerShell? A: Yes you can! We can accomplish this using SQL/WQL queries, plus the Win32 function FormatMessage. Better understanding Status Messages Before we ... continue reading

Microsoft’s deep understanding of human-operated ransomware attacks, which are powered by a thriving cybercrime gig economy, continuously informs the solutions we deliver to protect customers. Our expert monitoring of threat actors, investigations into real-world ransomware attacks, and the intelligence we ... continue reading

As announced today, Microsoft took action against the ZLoader trojan by working with telecommunications providers around the world to disrupt key ZLoader infrastructure. We used our research into this threat to enrich our protection technologies and ensure this infrastructure could ... continue reading

Multiple Qakbot campaigns that are active at any given time prove that the decade-old malware continues to be many attackers’ tool of choice, a customizable chameleon that adapts to suit the needs of the multiple threat actor groups that utilize ... continue reading

Windows 10 and Windows 11 have continued to raise the security bar for drivers running in the kernel. Kernel-mode driver publishers must pass the Hardware Lab Kit (HLK) compatibility tests, malware scanning, and prove their identity through extended validation (EV) ... continue reading

Introduction This is John Barbare and I am a Sr Customer Engineer at Microsoft focusing on all things in the Cybersecurity space. In this blog I will be focusing on Application Guard and the correct configuration/deployment for Microsoft Endpoint Configuration ... continue reading

Q: How can I be notified any time a service goes down? A: The short quick answer to utilizing WMI and PowerShell 7. You use PowerShell to create temporary event monitoring using WMI. Then WMI monitors any service changes and generates an alert once it detects a change. Basic Requirement To achieve this, you need Windows ... continue reading

Q: I am having a problem trying to update the registry. I am using the New-ItemProperty cmdlet, but it fails if the registry key does not exist. I added the –Force parameter, but it still does not create the registry ... continue reading

[Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts ... continue reading

The Microsoft Threat Intelligence Center (MSTIC) alongside the Microsoft Security Response Center (MSRC) has uncovered a private-sector offensive actor, or PSOA, that we are calling SOURGUM in possession of now-patched, Windows 0-day exploits (CVE-2021-31979 and CVE-2021-33771). Private-sector offensive actors are ... continue reading