UberAgent

Microsoft Teams is a web application that needs a browser as a runtime environment. In order to keep things simple - at the expense of disk space - the Teams installation package contains not only the actual web app but also all components that are needed to run it, including Chromium. When you launch Teams, you’re really launching the Chromium browser, which then executes the embedded Teams web app. Teams’ browser-based architecture presents challenges when you want to count the number of Teams instances that are running or when you need to find out how many instances of Teams have been started. This article presents multiple ways to determine accurate application usage data.

This article presents two different detection types for insecure filesystem permissions on Windows endpoints: scanning for directories that are user-writable, and detecting processes that are started from user-writeable directories. Directory Scan With ListUserWriteableDirectories & SetACL My ListUserWriteableDirectories script is an implementation of the first detection type: it scans the filesystem listing any permissions not known to be safe.

This is part 1 of my application network connection monitoring series, a group of articles that explain how to analyze the network traffic of any Windows or macOS app. The communication targets of the Windows OS and of many popular apps are listed in dedicated posts.