WIN 10 Debug Unattend Setup and malformed or Deprecated Options 1607.1

 

Changes in Windows 10 CBB Version 1607.1

There seem to be some Unattend option which don't work anymore or have changed.

For some reason nothing of that info can be found under:

https://msdn.microsoft.com/en-us/windows/hardware/commercialize/customize/desktop/unattend/changed-answer-file-settings-for-windows-10-build-1607

We talk about this CBB 1607 Release which included updates from November 2016.

SW_DVD5_WIN_ENT_10_1607.1_64BIT_German_MLF_X21-27039.ISO

Here is the error you see:

Open the COMMAND LINE with:

SHIFT + F10

Hier findet man nicht viele Infos.

 

The Panther Directory

N

In dem Folder c:\windows\panther\unattendGC gibt es dann interessante Files.

Im setuperr.log sieht man warum Windows 10 die Unattend nicht sauber verarbeitet hat. Dies hat wohl vom CBB 1607 zum 1607.1 (November Kumulative) release geändert. Wir konnten dies im 1607 RTM ohne Probleme machen beim letzten ISO ging es nicht mehr.

Wir reden von dem ISO:

SW_DVD5_WIN_ENT_10_1607.1_64BIT_German_MLF_X21-27039.ISO

Auch die Option <WindowsFeature> geht wohl bei 1607.1 in der Form nicht mehr….

Es gab mal ähnliche Fehler schon bei anderen OS. Hier mit dem SHOWMEDIACENTER. Dies war es aber nicht. Trotzdem immer gut zu wissen.

https://support.microsoft.com/de-de/help/947303/error-message-when-you-perform-an-unattended-installation-of-windows-server-2008-windows-could-not-parse-or-process-unattend-answer-file-drive-windows-panther-unattend.xml-for-pass-oobesystem

 

 

Even now:

After REMOVE of the complete <WINDOWSfeature> stuff this also works under 1607.1 ISO. You will have to rip out those things with DISM after OS setup or within the WIM.

We TEND to NOT change THE wim ITSELF FOR ALL DEPLOYMENTS.

 

Some ENTEO/Frontrange related DIAGNOSE

If you have errors with Enteo/Frontrange/Heat in the First Windows PE Phase

Es gibt auch eine neue Methode dies im Windows PE selber zu machen. Falls das Problem ganz vorne liegen würde. Einfach beim COMPUTER Objekt (test Client) diesen Wert anpassen. Dann fragt Enteo selber und macht falls niemand was klickt in 5 Sekunden weiter.

Falls man ein separates DEBUG Windows PE machen will gibt es dazu FIX eine Option:

http://www.butsch.ch/post/EnteoFrontrange-Debug-MODE-PE-5X-WIN-10-aktivieren-in-Boot.aspx

 

 

 

Deployment: Adobe Flash 24.0.0.221 downloads Links

Since the website to register and then download for Enterprise DOES not seem to respond or handle Request the actual Flash Binary's from 15.02.2017 here.

 

FILENAME OLD: Flash32_24_0_0_194.ocx

FILENAME NEW: Flash32_24_0_0_221.ocx

FILENAME OLD: Flash64_24_0_0_194.ocx

FILENAME NEW: Flash64_24_0_0_221.ocx

Version OLD: 24.0.0.194

Version NEW: 24.0.0.221

 

Download Binary:

https://fpdownload.macromedia.com/get/flashplayer/pdc/24.0.0.221/install_flash_player_ax.exe

https://fpdownload.macromedia.com/pub/flashplayer/pdc/24.0.0.221/install_flash_player_24_plugin.msi

https://fpdownload.macromedia.com/get/flashplayer/pdc/24.0.0.221/install_flash_player.exe

https://forums.adobe.com/thread/2277707

 

In today's release, we've updated Flash Player with important bug fixes and security updates.

The most recent Flash Player security bulletin can be found here: Security Bulletin (APSB17-04)

 

Extract from Deployment batch silent sample for ALL deployment from SSCM to Heat Frontrange Enteo to Matrix 42.

 

</CODE>

MCAFEE ENS 10.5 detects Modernizr JS-Library as Malware

Well some Javascript library devlopers don't seem to understand that there is Ransomware. They could make sure all Security Firms know their code and trust it.

THREAT: Suspicious Attachment!script

Mcafee hat eine Malware mit dem Namen "Suspicious Attachment!script" entdeckt.

 

FILENAME: C:\Users\u3340437\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9FIW5LMY\modernizr[1].js

CLIENT: WSUB106764

TYPE: Potenziell unerwünschtes Programm

DAT: 2892.0

CATEGORY: Malware entdeckt

DESK/LAP: Workstation

OS: Windows 7

ZEIT: 02/17/17 09:46:09 UTC (Achtung UTC Coordinated Universal Time Timezone!)

 

What is Modernizr?

It's a collection of superfast tests – or "detects" as we like to call them – which run as your web page loads, then you can use the results to tailor the experience to the user.

https://modernizr.com/download#batteryapi-flash-setclasses

 

I would delete such a class from a security view. So does Mcafee Endpoint 10.5 on 20.02.2017

 

 

 

WIN7 Windows Update stuck / hangs / hängt

 

Some times the Windows 7 Update Client is stuck. Here is how to solve this in 2017.

This happens on Brand new installation of Windows 7 SP1 PRO or ENTERPRISE Media 64BIT (OEM or VL). The Internet conenction looks fine, You have no packet lost, Your MTU Size is correct. Simply Windows Update hangs and does that for hours. Sometimes it goes through and the time this could happen we have seen from 4 hrs to 3 Days.

 

First hint: On some Patches DISCONNECT the Network cable from your Client! (3020369 as example)

You need to Install 3 Patches from the Windows Update Catalog in a certain order. Keep in MIND that you need to Reboot (Restart) and also in certain cases UNLUG the Internet Connection before installing the Patches. Otherwise the Client will search endless again with the first patch.

http://catalog.update.microsoft.com/v7/site/home.aspx

Search for all 3 Patches mentioned below an add them to the Download basket

3020369

3172605

3125574

Then choose to Download all of them

 

KB3020369 (https://support.microsoft.com/de-ch/help/3020369/april-2015-servicing-stack-update-for-windows-7-and-windows-server-2008-r2)

REBOOT

KB3172605 (https://support.microsoft.com/de-de/help/3172605/july-2016-update-rollup-for-windows-7-sp1-and-windows-server-2008-r2-sp1)

REBOOT

 

Om most systems we heard this two Patches solved it. IF that did not work also try:

KB3125574 (https://support.microsoft.com/de-ch/help/3125574/convenience-rollup-update-for-windows-7-sp1-and-windows-server-2008-r2-sp1)

REBOOT

 

 

Please see our further posting regarding WSUS and WSUS-Clients:

http://www.butsch.ch/post/WSUS-Windows-Update-Client-Agent-Commandline-wuaucltexe.aspx

http://www.butsch.ch/post/WSUS-Windows-Update-Server-Most-common-Problems-FAQ.aspx

http://www.butsch.ch/category/WSUS.aspx

http://www.butsch.ch/category/Hotfixes-Updates.aspx

 

 

 

SPAM / RANSOMWARE, Switzerland, SWISSCOM, Faked Invoice

Currently 15.02.2017 there are several SPAM/Malware Attachment floating around with real good looking FAKED Swisscom Invoices.

 

Derzeit sind etliche SPAM/Malware E-Mails im Umlauf mit gefälschten Swisscom Telefon / Natel Rechnungen.

Die Rechnungen sind derart perfekt aufgebaut, dass man diese von einem Original nicht mehr unterscheiden kann.

 

MCAFEE ATD Diagnose of the File rechnung.zip > rechnung.js which a link PULLS. The faked Bill seems

To contain many AHREF Target. Most of the commercial Sandbox ONLY follow a certain amount of depth and links (5-8).

We think that there were several hidden links in the E-Mail and only those where scanned.