I recently had a corrupted Win10Pro virtual disk image. After some research I wasn't aware of the fact that just turning it on isn't enough. The default options can cause data loss. There are ways to secure it but after a bit of reading this is a deep rabbit hole.
Ultimately I want backup recovery and restore options for Win10. First I am turning on System Restore points under the recovery option and File History. I am not sure why these are not on by default, or at least asked about during install.
Summary of Items used:
File History
Windows System Restore (Turn on System Restore for each drive)
Windows Defender AV (Enabled - this allows for daily snapshots, once you update your group policies)
Back up and Restore (backup is enabled)
Disk Management
Local Group Policy Editor (for editing things, run > gpedit.msc)
Links:
https://www.windowscentral.com/how-create-automatic-system-restore-points-daily-windows-10
Enabling Windows Defender:
My Windows defender install was disabled by group policy (this is a home PC). So I am walking through the recommended steps for fixing this issue.
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender-this-app-is-turned-off-by-group/dfa59c2a-b358-4f62-80b6-6b8e4994dc32
https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_updating-windows_10/windows-defender/dd9e4c78-efc5-4e30-8e6f-3030ae9713ff
https://www.askvg.com/windows-10-fix-your-organization-used-windows-defender-application-control-to-block-this-app-error-message/
https://windowsreport.com/windows-defender-error-577-windows-10/
https://www.lepide.com/blog/top-10-most-important-group-policy-settings-for-preventing-security-breaches/
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection
https://www.tenforums.com/tutorials/1977-windows-10-tutorial-index.html
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender-this-app-is-turned-off-by-group/dfa59c2a-b358-4f62-80b6-6b8e4994dc32
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender/e994f94f-92d5-4d44-9721-79c2a686ce24
https://www.windowscentral.com/how-create-automatic-system-restore-points-daily-windows-10
Links:
https://support.kaspersky.com/viruses/kvrt2015 (Kapersky Virus Removal Tool 2015)
Enabling Backup Options on Windows
https://www.tenforums.com/tutorials/55153-select-drive-file-history-windows-10-a.html
https://www.easeus.com/backup-software/tb-home.html (Check this one out/research)
https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/windows-7-64-bit-the-backup-failed-error/a4abfd13-edcd-44e5-b658-2440672f1f90
Links:
https://www.easeus.com/backup-software/tb-home.html
https://www.acronis.com/en-gb/personal/buy-backup/
https://www.techadvisor.co.uk/how-to/windows/how-back-up-windows-10-3635397/
https://www.aomeitech.com/download.html
Ultimately I want backup recovery and restore options for Win10. First I am turning on System Restore points under the recovery option and File History. I am not sure why these are not on by default, or at least asked about during install.
Summary of Items used:
File History
Windows System Restore (Turn on System Restore for each drive)
Windows Defender AV (Enabled - this allows for daily snapshots, once you update your group policies)
Back up and Restore (backup is enabled)
Disk Management
Local Group Policy Editor (for editing things, run > gpedit.msc)
Links:
https://www.windowscentral.com/how-create-automatic-system-restore-points-daily-windows-10
Enabling Windows Defender:
My Windows defender install was disabled by group policy (this is a home PC). So I am walking through the recommended steps for fixing this issue.
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender-this-app-is-turned-off-by-group/dfa59c2a-b358-4f62-80b6-6b8e4994dc32
https://answers.microsoft.com/en-us/protect/forum/protect_other-protect_updating-windows_10/windows-defender/dd9e4c78-efc5-4e30-8e6f-3030ae9713ff
https://www.askvg.com/windows-10-fix-your-organization-used-windows-defender-application-control-to-block-this-app-error-message/
https://windowsreport.com/windows-defender-error-577-windows-10/
https://www.lepide.com/blog/top-10-most-important-group-policy-settings-for-preventing-security-breaches/
https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-security-center/wdsc-virus-threat-protection
https://www.tenforums.com/tutorials/1977-windows-10-tutorial-index.html
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender-this-app-is-turned-off-by-group/dfa59c2a-b358-4f62-80b6-6b8e4994dc32
https://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/windows-defender/e994f94f-92d5-4d44-9721-79c2a686ce24
https://www.windowscentral.com/how-create-automatic-system-restore-points-daily-windows-10
Follow the steps provided in this thread:And illustrated in this thread:If you have a more general problem with downloading or running these malware-removal apps; or if they aren’t able to remove the malware – then run a scan with Windows Defender Offline or download a rescue disk on another PC. All of these apps run outside of the Windows environment just like WDO:
Windows Defender isn’t supposed to be turned off via Group Policy when a third-party AV app is installed, as I’ve explained in this thread:
So on a home PC; we would normally assume that the Group Policy switch was thrown by malware that’s somehow managed to escalate its privilege-level to the rank of “administrator”. It’s also quite likely that the malware succeeded because Defender didn’t have a signature/behavioral detection for it – so I would recommend scanning with this set of malware-removal tools:
Kaspersky Virus Removal Tool:
Emsisoft Emergency Kit:
Malwarebytes Anti-Malware (free version only):
Eset Online Scanner:
Some other trusted third-party malware-removal tools are listed here:
Then turn Defender back on with this REG command: Right-click on the Start button, select Command Prompt (Admin), and then copy, paste, and run (enter) this command line:
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware
As I’ve illustrated here:
Or, if you suffer from command-line phobia, then use the REG file provided here:
Turn_On_Windows_Defender.reg is a trusted file, and this is all there is to it:
Windows Registry Editor Version 5.00
; Created by: Shawn Brink
; http://www.tenforums.com
; Tutorial: http://www.tenforums.com/tutorials/5918-windows-defender-turn-off-windows-10-a.html
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=-
Links:
https://support.kaspersky.com/viruses/kvrt2015 (Kapersky Virus Removal Tool 2015)
Enabling Backup Options on Windows
https://www.tenforums.com/tutorials/55153-select-drive-file-history-windows-10-a.html
https://www.easeus.com/backup-software/tb-home.html (Check this one out/research)
https://answers.microsoft.com/en-us/windows/forum/windows_7-performance/windows-7-64-bit-the-backup-failed-error/a4abfd13-edcd-44e5-b658-2440672f1f90
Links:
https://www.easeus.com/backup-software/tb-home.html
https://www.acronis.com/en-gb/personal/buy-backup/
https://www.techadvisor.co.uk/how-to/windows/how-back-up-windows-10-3635397/
https://www.aomeitech.com/download.html
No comments:
Post a Comment