Process

This article presents two different detection types for insecure filesystem permissions on Windows endpoints: scanning for directories that are user-writable, and detecting processes that are started from user-writeable directories. Directory Scan With ListUserWriteableDirectories & SetACL My ListUserWriteableDirectories script is an implementation of the first detection type: it scans the filesystem listing any permissions not known to be safe.

An architecture overview of current browsers on Windows: Chrome, Firefox and Internet Explorer. In case you are wondering: I did not include Edge because it is currently being transitioned to the Chromium rendering engine, which might change a few things. I did include Internet Explorer because it is still the default browser in many enterprises.

Application startup duration is an essential component of user experience. If you want to make sure that UX on your Windows machines is acceptable you need to monitor the time it takes for applications to start up. That, however, is not exactly easy - without uberAgent for Splunk.

Why can you start Mozilla Firefox by typing “firefox” in the Run dialog and press enter? Firefox.exe is not located in any directory in the path. The same with Outlook (type “outlook”), PowerShell (“powershell”), VMware Workstation (“vmware”) or Adobe Reader (“acrord32”). This “magic application starting thingy” works because of a little-known Windows feature based on the “App Paths” registry key.

This is the sixth part of a mini-series on Windows x64, focusing on behind the scene changes in the operating system. In the last article I discussed how 32-bit applications are wrapped up in the WoW64 subsystem. Today we will take a deeper look at some limitations of 64-bit Windows and what they mean in practice.