A question was brought to me, of how can one analyze minifilter driver impact on Windows clients? For the answer, I went back to my roots. Because, with agents from security and management tools enterprises use, like AV, SCCM, Tanium, BigFix, etc, generally you don’t know what its doing at a specific time, and then… Continue reading How to analyze Windows minifilter performance impact
Category: blog
Why does @battlenet Agent.exe scan for all running processes in WMI every 4 seconds?
Why does Battlenet’s agent.exe scan for all my processes on my system every 4 seconds?!
PSA: Corsair iCUE has a handle leak and makes Windows explorer slower over time
Impacted version is current plus several previous: 4.21.173 and below Handle leak is pretty obvious: Over time, a day or two, it’ll climb into the several hundred thousands. Process Explorer shows the handles are to drive resources (including Xbox/Store games that install xhd) Disabling the storage widget and restarting the service shows handles stay… Continue reading PSA: Corsair iCUE has a handle leak and makes Windows explorer slower over time
Elite:Dangerous – Mining Lasers vs Deep Core Mining
Non-authoritative list for me to keep track of what is mined how. Elite Dangerous Odyssey etc. The following can be mined using mining lasers: Low Temperature Diamonds Platinum Osmium Cobalt Gold Silver Palladium Samarium Coltan Indite Lepidolite Lithium Hydroxide Methane Clathrate Methanol Monohydrate Crystals Painite Rutile The following can be mined… Continue reading Elite:Dangerous – Mining Lasers vs Deep Core Mining
How to collect a boot trace on Windows 10 with Windows Performance Recorder from the Microsoft ADK
For: Windows 10 (any x64 build) Requirements: Windows Performance Toolkit from the Microsoft ADK Launch WPRUI as administrator (aka Windows Performance Recorder) by clicking Start and searching for WPRUI. Right-click/click run as administrator Check boxes that are important in your scenario. My recommendation is check First Level Triage Expand Resource Analysis check CPU check… Continue reading How to collect a boot trace on Windows 10 with Windows Performance Recorder from the Microsoft ADK
Everything you do for someone else, matters. (no pressure)
I didn’t have the easiest path into my eventual career in IT. As a result, I think perhaps I recognize that ‘no man is an island’ concept more than some others. I didn’t get here on my own. As Isaac Newton would say, I got here on the shoulders of giants. A post on LinkedIn… Continue reading Everything you do for someone else, matters. (no pressure)
Windows, Zombie Processes, and bullshit code
Hi, In my work at Tanium I do a bit of debugging and performance analytics. Over the last 2-3 years, a LOT of this has centered around how Windows systems get slower and slower over time. This has been a common complaint/statement of ridicule/FUD since I started my career in IT 26 years ago in… Continue reading Windows, Zombie Processes, and bullshit code
CVE-2021-26807 – GOG GALAXY v2.0.35 DLL Load Order Hijacking
Authors: Brian Papile and Jeff Stokes Executive summary The GOG Galaxy version 2.0.35 was vulnerable to a DLL Load Order Hijacking vulnerability. The vendor has patched the vulnerability and released version 2.0.37, as of March 30, 2021. Discovery This vulnerability came about when we tried to uninstall the Folding at Home Client, but its folder… Continue reading CVE-2021-26807 – GOG GALAXY v2.0.35 DLL Load Order Hijacking
Exploring the hidden opportunities of sudden change in enterprise IT management.
Tanium’s blog post featuring Lumentum’s CIO Ralph Loura’s blog post really resonated with me on a couple of levels. The one thing in life that seems predictable is change. I know it is a bit cliche, but this has been true in my life. While sometimes it is difficult to see the positive aspect in situations, it seems to me… Continue reading Exploring the hidden opportunities of sudden change in enterprise IT management.
EDRefCard.info is down! Long live EdRefCard! How to set up your own instance of EdRefCard so you can create a card for your HOTAS config in Elite Dangerous.
<no longer needed, EDRefCard.info is back up!!!> How to set up your own instance of EdRefCard so you can create a card for your HOTAS config in Elite Dangerous. Share with friends, import friends config files and get cards made for those. What? – This used to be served at https://edrefcard.info but the site has… Continue reading EDRefCard.info is down! Long live EdRefCard! How to set up your own instance of EdRefCard so you can create a card for your HOTAS config in Elite Dangerous.