Antivirus & Malware

Windows Defender and Herd Immunity

Types of computers:
  1. Fully Protected Machine
  2. Partially Protected Machine (detection patterns are not kept updated)
  3. No Protection, with Common Sense
  4. No Protection, no Common Sense
Scenario 1
  • Everyone has #1 type computers.
  • Herd Immunity working at full protection.

Result: The spread of viruses, trojans, and malware are virtually nonexistent.

Scenario 2: Most everyone has #2 computers. Herd Immunity works, but there are certain rare vectors of attacks that are vulnerable.
Result: viruses, trojans, and malware are sporadically spread through unprotected computers, causing havoc but damage is minimal.

Scenario 3: Everyone has #3 computers. Herd Immunity is not enabled as there are too many unprotected vectors.
Result: viruses, trojans, and malware spread throughout connected networks undetected (as there are no antivirus to identify & protect). Persons with no antivirus on their computer’s don’t even know they’re infected. Damage is high.

Scenario 4: Everyone has #4 computers. Herd Immunity is not enabled as there are no protected vectors.
Result: viruses, trojans, and malware spread rapidly throughout connected networks undetected (as there are no antivirus to identify & protect). Persons with no antivirus on their computer’s don’t even know they’re infected. Damage is extremely high.

Conclusion: People who think they can’t/won’t get infected because they’re ‘smarter’ than badware, can & will eventually get infected because they don’t have antivirus active.

See also (directly related): Keep your firewalls up!!


RoboCopy – Exclude existing files.cmd

robocopy.exe c:\Sourcepath c:\Destpath /E /XC /XN /XO

/E makes Robocopy recursively copy subdirectories, including empty ones.
/XC excludes existing files with the same timestamp, but different file sizes. Robocopy normally overwrites those.
/XN excludes existing files newer than the copy in the source directory. Robocopy normally overwrites those.
/XO excludes existing files older than the copy in the source directory. Robocopy normally overwrites those.

With the Changed, Older, and Newer classes excluded, Robocopy will exclude files existing in the destination directory.

CSR Bluetooth USB Driver 64-bit

I received a crappy little Costech USB Bluetooth dongle, but Windows would not recognize it.. “Unknown Device”. After some googling, I think I’ve found the driver. Seems to be working well.

Here is the download link: CSR Bluetooth USB Driver.

Windows Windows 10

Windows Emoji Entry not working? [Fix]

Make sure “ctfmon.exe” in the C:\Windows\System32 folder is running.

Also, as far as I know, the Windows task “MsCtfMonitor” is responsible for making sure ctfmon is running. You can check if that task is running at startup by using the “AutoRuns” Sysinternals program from Microsoft.

Also, in case you didn’t know: Press the Windows key + dot to bring up the emoji list.

Windows 10

Windows 10 Gets a Cloud Reset Feature, Here’s How it Works

via Windows 10 Gets a Cloud Reset Feature, Here’s How it Works

Um.. no. That’s too much control out of the user’s hands.

“With Cloud Recovery, Microsoft wants to make the process of recovering a corrupted installation of Windows 10 much easier by downloading a fresh copy of Windows files directly from Microsoft, without the need of Windows media.”

It would be a nice OPTIONAL feature to refresh your computer via streaming download, but it should be only the system files, and no personal files.. such as the Documents folder.



ReFS 3.4 is not ready for Production. Don’t use it.. yet.

I love the new features that ReFS (version 3.4 as of now) brings. Each feature sounds wonderful. Self-healing, large volumes, checksums, etc.. it all sounds good.. on paper.

But when used, they all fall flat on how easy it is to break ReFS. (seriously!)

A reboot at the wrong time can totally fry the ReFS volume. Simply gone. Poof. Little chance of recovery. I’ve seen it happen multiple times on multiple servers. No known way to repair the now-RAW partition. There is a recovery tool ReFSUtil.exe built-in to Windows, but I haven’t had any success recovering anything useful with it.

Just thinking.. why doesn’t any file system (that I know about) have at least 3 master file tables? One at the beginning, middle, and end of the drive? Think of the speed increase when searching for files, and the added resiliency! The drive heads would never have to seek more than 1/3 of the platter to read from the MFT.

Sigh. I should write my own FS.. just give me a team and a few decades lol.

Windows Windows 10 Windows Server

Enable Memory Compression in Windows

  1. Run PowerShell (as Admin). (Press Windows+X to bring it up.)
  2. Enter the command “Enable-MMAgent -MemoryCompression“.

Nothing appears to happen, but compression should now be enabled.

Windows Windows 10 Windows Server

Fix for “A service installation section in this inf is invalid.”

Run PowerShell command: Add-WindowsFeature -Name Wireless-Networking


How to fix Error 0x80300024 when installing Windows

So, trying a fresh install of Windows onto the second of two drives installed on this new computer. (The second drive was an SSD)

Every time I’d try to install, Windows returned error 0x80300024.

Fortunately, this fix was simple. There was an MSR partition on the first drive. Deleted the MSR partition and that let Windows install onto the second drive!

Summary: A partition on the first drive was preventing Windows installing to a second drive.

Windows 10

Dexter Haslem’s WiFi Tweaks

Windows 10 Wifi Tweaks

Wifi has never been great on windows 10, especially after the latest ‘fall creator update’. One of my wifi cards no longer works at all, despite working on this same exact version of windows before a clean install!

Anyway, I’ve found a few ways that seem to make the wifi slightly more consistent, so here they are.

We will need the short name of the wifi adapter and the easiest way is with **netsh*.

To list wlan settings run the following in a cmd or powershell (Win+X):

netsh wlan show settings

PS C:\Users\Dexter> netsh wlan show settings

Wireless LAN settings
Show blocked networks in visible network list: No

Only use GP profiles on GP-configured networks: No

Hosted network mode allowed in WLAN service: Yes

Allow shared user credentials for network authentication: Yes

Block period: Not Configured.

Auto configuration logic is disabled on interface “Wi-Fi”
MAC randomization not available on interface Wi-Fi
Look for the quoted part after interface, in this case my adapter name is Wi-Fi. Alternatively, you can go to

Control Panel -> Network Connections

And that will have the same name. We’ll need it for the rest of the steps.

Save these two in batch files so you can easily run them as needed:

WIFI_AUTO_ON.bat netsh wlan set autoconfig enabled=yes interface=”Wi-Fi”

WIFI_AUTO_OFF.bat netsh wlan set autoconfig enabled=no interface=”Wi-Fi”

Replace “Wi-Fi” with the adapter name from the first step!

Now you can right click on WIFI_AUTO_OFF.BAT and run as admin before playing an online game. For me, this seems to help with the persistent, roughly 1 minute apart ping spikes.

This one is a bit harder to quantify but in my highly non-scientific testing, my ping appeared to be more stable overall after turning off auto tuning. Note this is machine wide and seems to be related to TCP window sizes. I’ve encounted no side effects but..

netsh int tcp set heuristics disabled
netsh int tcp set global autotuninglevel=disabled
netsh int tcp set global rss=enabled
Disable dat heuristic tuning

Hopefully this helps others eek out a remotely usable wifi experience on windows.

April 12, 2018
NetBSD cross-compiling

via Dexter Haslem