How To Fix Blue Screen Of Death Error In Windows 10? | Get Rid Of The “STOP Error” In Windows

Credit: bennio. via Reddit

Seeing a Windows 10 blue screen is not surprising to users anymore. The Blue Screen of Death, also known as STOP Error, is, in fact, the most famous death screens among many. Yes, there are red, green, yellow, etc.

Our earlier posts had described what the blue screen of death is, and the times when it embarrassed Bill Gates. You might have also read about playing BSOD pranks, and public places where blue screen made an appearance.

Now, what if you encounter a BSOD on your computer? How to get rid of the STOP error? There are a few ways to fix blue screen in Windows 10 that haunts people every now then.

Things to do first – Repair Blue Screen

Disable automatic restart

In most cases, Windows 10 is configured by default to restart automatically when the STOP error occurs. In that situation, you don’t get enough time to note down the error code related to the BSOD. So, to initiate your process of fixing Windows 10 blue screen error, you need to hold the STOP error screen for some time. Here is how to do that:

1. Right-click This PC.
2. Go to Properties.
3. On the left-hand side, click Advanced System Settings.
4. Under Startup and Recovery, click Settings.
   
5. Now, under System Failure, untick the checkbox that says Automatically restart.
   
6. Click Ok to save and continue.

Check for Viruses

One of the causes of BSOD showing upon your Windows 10 PC is data corruption. Other than regular scenarios, the data on your computer might get corrupt due to some malware.

So, if you experience blue screen in Windows 10 more than what you can call usual, you should use some antivirus software to do a full scan of your system. Windows Defender, the default antivirus in Windows 10 can also be a good option to scan your system and repair blue screen.

Next, comes Windows Update

You should make sure that your PC is regularly updated with latest security patches and other updates. This is one of the essential things in order to fix blue screen errors or even prevent them from appearing in the first place. Users running Windows 10 don’t need to do much as updates install automatically and there is only a little you can do to stop them.

Update the hardware drivers and firmware

Faulty drivers on your PC can cause the blue screen of death to appear on your computer screen. So, updating or repairing them would also help you get rid of the BSOD devil.

Universal Windows drivers take care of most the hardware nowadays. But still, it isn’t all-inclusive. For the drivers that Windows can’t update automatically, you need to do it manually by downloading them from the manufacturer’s website.

Also, you should keep the firmware of your computer, i.e., BIOS or UEFI to its latest version. Don’t forget to check whether the hardware components on your system are facing increased heat levels. You can use some software like Piriform’s Speccy.

Higher temperatures might be due to dust clogging up the fan. To prevent this, you should clean your machine regularly. Also, you should remove external non-essential hardware such as USB storage drives, printers, gamepads, etc. to see if they’re causing BSOD. Read our guide to preventing a computer from overheating.

How to Fix Blue Screen of Death in Windows 10

Boot to Safe Mode

For years, Windows users have used Safe Mode to find the cause of various problems that exists on their computers. And the blue screen of death is no exception. You can fix blue screen errors in Windows 10 or older versions using the Safe Mode.

When you boot to Safe Mode in Windows, only the essential Windows services, and drivers load. If you don’t see any BSOD, then you can accuse some third-party driver of putting the BSOD on your computer.

How to use safe mode in Windows?

Earlier, in the case of Windows XP and 7, you could use the msconfig utility to boot into safe mode or press the F8 key when you start the machine. Windows 10 has added another more comfortable option to access the Safe Mode.

1. Go to Settings > Update & Recovery > Recovery.
2. Under Advanced Startup, click Restart Now. Wait for the Advanced Startup options screen to appear.
3. Click Troubleshoot.
4. On the next screen, click Startup Settings. Click Restart to boot to Safe Mode.

Use system restore

By including System Restore in Windows, Microsoft has given a way to undo your sins. It can help if the blue screen of death is occurred because of some software or driver you recently installed.

You can find various settings related to Windows 10 System Restore in Control Panel > Recovery. To rollback Windows to an earlier point in time, click Open System Restore and follow the steps. To add a restore point, click Configure System Restore > Create. Chances are high that the blue screen will get fixed if it’s due some recent change on your computer.

Windows 10 blue screen Troubleshooter to repair blue screen

If you are running the Creators Update or later, Microsoft has got you covered in case a Windows 10 BSOD occurs. You can fix the blue screen of the death using the built-in troubleshooter. Go to Settings > Update and security > Troubleshoot.

Under the heading Find and fix other problems, you can see the Windows 10 Blue Screen troubleshooter.

Delete the faulty Windows update

It’s not uncommon for Windows Update to break during installation. And such incidents can cause the blue screen to appear. The easiest way to fix Windows 10 blue screen would be uninstalling the faulty update. Similar would be the case of some app which might have corrupt important files on your Windows PC.

You can remove Windows Update by visiting Settings > Update & Recovery > Windows Update > Update history > Unistall updates.

Reinstall Windows to fix blue screen of death

Clearly, the last resort to kick the blue screen of death off your system is to perform a clean install of the Windows. For users running Windows 10 or 8.1, there is a built-in option for clean installation which doesn’t require you have a dedicated installation media. For Windows 7, you’ll have to reinstall the operating system using a bootable USB or optical disk.

If it’s not some hardware related issue, then you should be able to fix Windows 10 BSOD error using the methods and tips mentioned above. Otherwise, you’ll have to approach some store for the replacement hardware to get things done.

How is your experience with BSODs so far? Drop your thoughts in the comments.

see more...

More than 75% of Windows Phones in active use no longer receiving security updates

Over 70% of Windows phones still in use are running WP 8.1, says latest AdDuplex report

AdDuplex released its latest report for October 2017 for Windows Devices. The AdDuplex interactive page shows a variety of OS information on different Windows Devices. Their report gives a clearer picture on the “results of the first week in Fall Creators Update lifecycle and take a final snapshot of the Windows ecosystem on phones as we know it.”

Based on the AdDuplex Windows Phone October 2017 report, 73.8% of Windows Phone owners are still running Windows Phone 8.1, followed by Windows 10 Mobile at 20.9%, and Windows Phone 8.0 and Windows 7.x users in the bottom sharing single-digit usage percentages. AdDuplex did note an interesting tidbit about Windows Phone; that there hasn’t been a significant drop in “overall OS version share.” AdDuplex surmised that that might be because equal numbers of Windows Phone 8.1 and Windows 10 Mobile users are switching phone platforms.

With Windows Phone being discontinued by Microsoft, it appears that a lot of users are not in any particular rush to switch platforms right away. From a recent OnMSFT poll, a majority of respondents are still waiting for the bitter end of Windows Phone. Since the only Windows Phones that will be receiving the Windows 10 Fall Creators Update are not of the phones in the chart above, it’s safe to say Windows Phone users will likely go to Android or iOS at a faster rate in the next few months.

Besides Windows Phone, the AdDuplex showed a sharp increase in installations of the Fall Creators Update on Windows 10 PCs and Surface devices. It is hard to say if the Fall Creators Update will continue the sharp rise that AdDuplex reports, since the Fall Creators Update was only officially released a week ago.

via onmsft

It’s Windows XP’s 16th birthday, yet this isn’t a cause for celebration

What’s the news?

Wednesday 25^th October marks 16 years since Windows XP was made generally available.

Are people still using XP?

Yes – despite its age, it is still one of the most widely used operating systems. It’s the fourth most popular overall, holding around 6% of the worldwide operating systems market. Organisations and public sector bodies still using XP are reluctant to upgrade their OS due to the amount of applications they have written on them. Examples include airline check-in systems or the computers used by mobile phone companies for signing up customers; it would be very costly and time-consuming for these organisations to have to rewrite their applications on a modern version of Windows.

Why is this an issue?

The lack of security updates and

patches means that computers running Windows XP are vulnerable to attacks, such as the WannaCry ransomware attack earlier this year that affected organisations including the NHS, which was still running the old OS. Though Microsoft were forced to make an exception to patch XP for this, otherwise XP users have not been able to benefit from updates since April 2014, when the operating system reached its ‘end of life’ and was no longer maintained by Microsoft.

To receive regular updates to protect computers, individuals and organisations will need to upgrade their operating systems to a newer, supported version.

What the experts are saying:

“It may seem surprising that even though the IT world has evolved so greatly, so many companies haven’t moved on from XP. The problem is that many organisations depend on custom software and applications that aren’t compatible with the latest versions, and upgrading can be hugely complex and costly. Some might not even have the time or technical know-how in order to do so,” explains Mat Clothier, CEO, CTO and Founder of Cloudhouse.

“While on the surface it may appear easier, cheaper and less time-consuming to stick with the old rather than bring in the new, there is now a middle ground – container compatibility software that can package up old applications and bring them across to newer, supported systems. This technology enables organisations to benefit from greater security, performance and all-round peace of mind without the constraint of complete rewrites.”

Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviors commonly used in malware attacks, while enabling enterprises to balance their security risk and productivity requirements.

Traditional antivirus technologies are an integral aspect of the endpoint security stack through the identification and removal of malicious executables using a combination of cloud-based machine learning and heuristics. Despite advances in antivirus detection capabilities, attackers are continuously adapting and have been expanding their arsenal of tricks and techniques to compromise endpoints, steal credentials, and execute ransomware attacks without ever needing to write anything to disk. This emerging trend of fileless attacks, which compose over 50% of all threats, are extremely dangerous, constantly changing, and designed to evade traditional AV. Fileless attacks have two types: those that use non-traditional executable files (e.g., documents with active content in them), and those that exploit vulnerabilities.

Windows Defender Exploit Guard utilizes the capabilities of the Microsoft Intelligent Security Graph (ISG) and the world-class security research team at Microsoft to identify active exploits and common behaviors to stop these types of attacks at various stages of the kill chain. Although the underlying vulnerability being exploited varies, the delivery mechanism differs, and the payload changes, there is a core set of behaviors and vectors that many different attacks adhere to. By correlating streams of events to various malicious behaviors with the ISG, Windows Defender Exploit Guard provides the capability and controls needed to handle these types of emerging threats.

The four components of Windows Defender Exploit Guard are:

• Attack Surface Reduction (ASR): A set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office-, script-, and email-based threats
• Network protection: Protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen
• Controlled folder access: Protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders
• Exploit protection: A set of exploit mitigations (replacing EMET) that can be easily configured to protect your system and applications 

Attack Surface Reduction (ASR): Intelligence to control the surface area of the device

Email and Office applications are generally thought of as keystones of enterprise productivity, yet they are the most common vector for attacks and can cause nightmares for security administrators. Both Office and email serve as simple and easy ways to distribute mechanism for bad actors to kick off malware and fileless attacks. Although Office macros and scripts have many productive use cases, malicious actors can use them to directly perform exploits that operate entirely in memory and are often undetectable by traditional AV techniques. All it takes is for a single user to enable macros on a legitimate-looking Office file, or to open an email attachment that executes a malicious PowerShell script, to compromise a machine.

Attack Surface Reduction provides enterprises with a set of built-in intelligence that can block the underlying behaviors used by these malicious documents to execute without hindering productive scenarios. By blocking malicious behaviors independent of what the threat or exploit is, ASR can protect enterprises from never before seen zero-day attacks like the recently discovered CVE-2017-8759, CVE-2017-11292 , and CVE-2017-11826.

The different behaviors ASR provides coverage for in Fall Creators Updated are split among Office, scripts, and email.

For Office apps, ASR can:

• Block Office apps from creating executable content
• Block Office apps from launching child process
• Block Office apps from injecting into process
• Block Win32 imports from macro code in Office
• Block obfuscated macro code

Although malicious Office macros are oftentimes responsible for utilizing techniques like injection and launching of executables, ASR can also protect end-users from emerging exploits like DDEDownloader, which has been recently gaining in popularity. This exploit uses the Dynamic Data Exchange (DDE) popup in Office Documents to run a PowerShell downloader; however, in doing so, it launches a child process that the corresponding child process rule blocks.

For script, ASR can:

• Block malicious JavaScript, VBScript, and PowerShell codes that have been obfuscated
• Block JavaScript and VBScript from executing payload downloaded from internet

To highlight the intelligence behind ASR, we can look at how it can address obfuscated code as an example; in this case, there is a machine learning model powering our obfuscation detection capabilities that gets retrained multiple times per week in our cloud protection service. The model is updated on client, where it interfaces with Antimalware Scan Interface (AMSI) to make a determination on whether or not a script has been obfuscated for malicious purposes. When a high-confidence match occurs, any attempt made to access the script is blocked.

For email, ASR can:

• Block execution of executable content dropped from email (webmail/mail-client)

Enterprise administrators can set policies on their corporate email (e.g., Office 365) to limit the files that can be delivered to end user inboxes. However, they don’t have control over the files that are delivered via personal email on company devices. Given the increase in spear-phishing, employees' personal emails are also targeted and need to be protected. ASR enables enterprise administrators to apply file policies on personal email for both webmail & mail-clients on company devices.

For any line of business applications running within your enterprise, there is the capability to customize file and folder based exclusions if your applications include unusual behaviors that may be impacted by ASR detection.  

ASR has a dependency on Windows Defender Antivirus being the primary AV on the device and its real-time protectionfeature must be enabled. The Windows 10 Security baseline recommends enabling most of the rules in Block Mode to protect your devices from these threat vectors.

Network protection: Blocking outbound connection

The internet is home to a swath of malicious websites that are designed to lure and trick users. They use phishing, deceptive ads, tech scams, social engineering, and other means as part of their campaigns. For some attacks, they seek to acquire information or get immediate financial payout, while others may attempt to install malware on the machine. Oftentimes malware will attempt to connect with a command-and-control server (C&C) to seek further instructions and deliver additional malicious payloads, such that the attacker can spread to additional machines on the network.

Windows Defender SmartScreen protects Microsoft Edge from socially engineered malware, phishing, and other web-based threats through the power of the Intelligent Security Graph (ISG). This has made Microsoft Edge one of the most secure browsers out there, outperforming Chrome and Firefox in NSS Lab’s recent test results for phishing protection between August 23 and September 12, 2017.

Windows Defender Exploit Guard’s network protection capability utilizes this same intelligence from ISG to vet, and if necessary block, all outbound connections before they are made. This brings the same level of protection that we previously just had for Microsoft Edge across the entire system and network stack.

By integrating a new network filtering driver into the kernel, the network protection capability can evaluate and block outbound network traffic based on ISG’s hostname and IP address-related reputation intelligence. With a combination of cloud lookups and performant caching to perform these reputation checks, the network protection capability can render web-based malware that depends on a communication channel inoperable.

Regardless if the outbound call is to phishing, socially engineered malware, or a C&C website, or if the call originates from a browser or a background process, network protection can intercept and kill the connection. These filtering capabilities can also augment and work in concert with similar protection capabilities from others security solutions, browsers, etc.

Controlled folder access

Encryption of files by ransomware and other unauthorized apps means losing control of your data: documents, precious photos and videos, and other important files. For enterprises and small businesses, losing access to files can mean disrupted operations. Controlled folder access protects files by locking down critical folders, allowing only authorized apps to access files. Unauthorized apps, including malicious and suspicious executable files, DLLs, scripts, and others will be denied access even when they are running with the user's or administrator's privilege, which malware is often be able to secure.

By default, Controlled folder access protects common folders where documents and other important data are stored, but it’s also flexible. You can add additional folders to protect, including those on other drives. You can also allow apps that you trust to access protected folders, so if you’re using unique or custom app, your normal everyday productivity will be not affected.

When enabled, controlled folder access blocks unauthorized access and notifies the user of any attempt by unauthorized apps to access or modify files in protected folders. It delivers this protection in real-time.

Exploit Protection 

Windows Defender Exploit Guard’s exploit protection represents the suite of vulnerability mitigation and hardening techniques that are built directly into Windows 10. As you install the Fall Creators Update, the appropriate mitigation settings will already be configured and applied on the machine. 

Rest In Peace (RIP) EMET

Users of the Enhanced Mitigation Experience Toolkit (EMET) will notice that it was automatically uninstalled from your machine during the upgrade. This is because WDEG includes the best of EMET built directly into Windows 10, so it’s now just part of the platform. You can the find previous user experiences for configuring EMET vulnerability mitigation capabilities in Windows Defender Security Center. For more information, read Moving Beyond Emet II - Windows-Defender-Exploit-Guard.

Figure shows using the Windows Security Center Exploit Protection control to enable mitigation Address Filtering (EAF) to unpatched application Word 2007

It is important to note that Exploit Guard’s exploit protection accepts a different format for the mitigation configuration than EMET did. To make the process of migrating to Exploit Protection and Windows Defender Exploit Guard easier, there is a PowerShell module that converts EMET XML settings files into Windows 10 mitigation policies for Exploit Guard. This PowerShell module also provides an additional interface for Windows Defender Security Center to configure its mitigation settings.

More information about this PowerShell module, and details on the EMET features relative to security in Windows 10 can be found in the topic Understanding Windows 10 in relation to the Enhanced Mitigation Experience Toolkit. For more details on Windows 10’s threat mitigations, please refer to our Windows 10 Threat Mitigations. Finally, the Windows 10 Security baseline provides a recommended Exploit Protection XML to apply.

Windows Defender Exploit Guard manageability

All the Windows Defender Exploit Guard components are manageable by Group Policy (GP), System Center Configuration Manager (SCCM), and Mobile Device Management (MDM) such as Microsoft Intune.

All components support running in both Audit and Block modes. When Block mode is enabled and a corresponding malicious behavior is observed, Windows Defender Exploit Guard blocks the event from occurring in real-time. Block events for Attack Surface Reduction, Controlled folder access and Network Protection surface a notification toast to the endpoint in real-time as well as an event log, and can be centrally viewed by security operations personnel in the Windows Defender Advanced Threat Protection (WD ATP) console. Instead of actually blocking the behavior, Audit Mode detects if an event would have occurred and surfaces that information to the event log and WD ATP console. This enables enterprises to evaluate how a rule or feature within Windows Defender Exploit Guard will perform in their enterprise and determine if there are exclusions that are needed to setup. Additionally, Audit mode provides an immense amount of optics into what kinds of behaviors are going on across the enterprise, providing valuable information to security admins to determine if a rule needs to be moved to block mode.

Windows Defender Advanced Threat Protection

Windows Defender ATP provides a single pane of glass experience for managing and viewing all the security feeds and events happening on managed endpoints across the enterprise. With Windows Defender ATP, the entire process tree execution can be seen for Exploit Guard events, making it extremely easy to determine what happened, such that a proper response can be executed. In the figure below you can see an example of how a malicious document in Word was used to drop an executable, which was then blocked when it attempted to access the C:\Demo folder.

Controlled folder access blocking sample ransomware

Network Protection blocking phishing test via Chrome browser

Exploit Guard is also surfaced in the Security Analytics dashboard of the Windows Defender ATP console, enabling enterprises to view how the feature is configured across their device and to drive compliance with recommendations based on best practice security configurations.

In the end, Windows Defender Exploit Guard is one of the most important new defenses that we’ve added to Windows 10 in the Fall Creators Update. In many ways, it completes our stack for preventive protection. Organizations that deploy it alongside Windows Defender Antivirus will find that they have a highly effective and differentiated solution for addressing modern fileless attacks and host intrusion. We recommend you evaluate it at the earliest opportunity and we look forward to your feedback.

Misha Kutsovsky (@mkutsovsky)

Program Manager, Windows Active Defense

via MSFT

Windows 10 security: Here's how to shield your files from ransomware, says Microsoft | ZDNet

The Windows 10 Fall Creators Update is rolling out now with a security feature that can prevent ransomware from encrypting your files.

With Microsoft making headway on the Windows 10 Fall Creators Update rollout, the new anti-ransomware feature, called Controlled folder access, is now becoming widely available.

It works by only allowing whitelisted apps to access files in the Controlled folder list. Users can add new folders to the protected zone and adjust which apps are authorized to access files in it.

Microsoft has been testing the feature with Windows Insiders since July but now it's making its way to the general public.

Consumers can enable the feature through the Windows Defender Security Center app by clicking the shield icon and toggling on Controlled folder access. It automatically protects Windows system folders and default locations such as Documents, Pictures, Movies, and Desktop.

Users can also add other folders and other drives by clicking the shield icon in the Windows Defender Security Center and clicking through to the Virus and threat protection settings.

The feature also issues alerts when an unapproved app attempts to access or modify files.

Controlled folder access may be trickier for enterprises to deploy as it's a new technology and could block legitimate apps from working.

To assist enterprises, Microsoft suggests admins run Controlled folder access in audit modeto test its impact.

See also: Ransomware: An executive guide to one of the biggest menaces on the web

Admins can enable Controlled folder access via the Windows Defender Security Center, Group Policy, PowerShell, or via a mobile device management configuration service provider. They can also manage which folders are protected and which apps are whitelisted through these tools.

Microsoft automatically allows a set of apps it considers trustworthy to access files protected by Controlled folder access. Admins can use Windows Defender Security Center app or Group Policy to add and remove apps that can access these files.

In the enterprise, Controlled folder access is one of four components of the Fall Creators Update's Windows Defender Exploit Guard, along with Attack Surface Reduction (ASR), Network protection, and the EMET-based Exploit Protection.

ASR requires enabling Windows Defender antivirus and can prevent common techniques used in malware, by blocking hidden macro code and stopping Office apps from creating executable content.

PREVIOUS AND RELATED COVERAGE

Windows 10 Fall Creators Update: New features to try, but don't rush to install it

The fourth feature update to Windows 10 is here now. It's packed with a wide assortment of new and refined features, including some new security options designed to block zero-day exploits and ransomware. But should you upgrade now?

Windows 10 Fall Creators Update: Microsoft shows off Fluent Design

Microsoft offers a glimpse of how its new Fluent Design is evolving the Windows 10 experience.

READ MORE ON RANSOMWARE

• Ransomware: Security researchers spot emerging new strain of malware
• This ransomware-spreading botnet will now screengrab your desktop too
• Think cybercriminals are happy about the rise of ransomware? Think again
• Ransomware: The smart person's guide (TechRepublic)
• Ransomware attack is cover for something far more destructive (CNET)