It's better for me to be a couple of steps ahead of this fellow. If and when I figure how to kill the process responsible for this inconvenience, I plan on restarting it up when I'm done with my disk maintenance.
Do you, however, know how to write an executable that listens for a user's decrypt command to Bitlocker (from the control panel) and prevent decrypting? Or would you know how to track down a process like this? This is why I came to this forum.
As I said before, you need to talk to him for assistance.
I'm aware of what you said but I would like to stay a couple of steps ahead of this person I'm also not sure if you have considered the fact that if this person has installed this hidden process without my knowledge, that would that person help me to remove it. Just take the example of the Sony DRM rootkit episode some years back. This is a similar scenario.
We know nothing about the programs that this person has installed
Actually you should not have to know anything about the installer. He has installed a hidden process that listens for certain Bitlocker commands (decrypting, for example) and blocks the command at the kernel level. The Sysinternals tools as well as gmer are out there and I'm familiar with their use. All I need is guidance on what to look for on how this hidden process hooks into calls I make to Bitlocker to decrypt my drive.
After conversing back and forth with a couple of other folks on this form I see they don't understand what I'm looking for.
I'm looking for someone who has knowledge on using Sysinternals tools and other similar tools to just give me some tips on what to look for. What I'm looking for is this hidden process that intercepts my Bitlocker command (to decrypt) I make from the control panel and prevents Bitlocker from decrypting.
>...You'd go trough the trouble to lock something locally (meaning you don't trust your employees), just to trust some random company?
I'm a one-man company diagnosing vehicles at the customer site. I've used this guy for the last three years he is trustworthy with my data. The software is his build and he likely wants to keep his customers from selling the native installation he provides.
There is no problem using the encrypted drive since its a regular Bitlocker use case. I can access my data and programs as a user/admin should. The problem is with possibly a hidden service that keeps Bitlocker encrypted and I know I can find that service given time, tools and some guidance (ergo my coming to this forum).
edit: Bitlocker has not kept me from a windows login and accessing my account, there is no abnormal functionality here. The problem here is turning off Bitlocker because I needed to do some maintenance work and noticed that Bitlocker turns off then quickly re-encrypts.
I wouldn't. If you were paying my expenses, I might entertain you with arguments for that position
Just to be clear, I'm not interested in you coding anything for me. I'm just asking you how would you code something like that eg. write some code that creates a hidden process and intercepts calls to the Bitlocker "Turn Bitlocker off" command issued from the user control panel.
The taskmanager shows the executables location.
I'm already aware of the Sysinternals suite of tools that give a lot more information regarding system processes. It's just now I need to know what to look for when tracking down what is intercepting the Bitlocker command I issue from the control panel.
If you are the owner of the machine than it will be easy to turn off or halt.
I am the owner of the machine and if were easy to find the hidden process I suspect is on my machine, I would not need to find someone for whom it is easy.
I see that some of our users can be difficult, let me put in my two cents.
All 64-bit versions of Windows from Vista onward include a technology that prevents kernel hooks. If a kernel hook is somehow successfully installed, the machine will blue screen. It's called Kernel Patch Protection - Wikipedia[^]
Therefore, I don't think the scenario that you suspect is what's actually going on.
The difficult we do right away...
...the impossible takes slightly longer.
I have a Vista computer that I wish to upgrade at least to Windows 7. I have a lot of email, apps and data on this computer. It is reasonable in power and I don't wish to change hardware. Yes, I want to upgrade, not clean install.
All the info that Google wants to give me has outdated links, and info that now seems to be expired and useless. Microsoft is not helpful. I think I can see the upgrade path from Win 7 to 10 if/when I desire, but can't find how to go beyond Vista without a reinstall. All of the Windows 7 repair/installers that I can find seem to require that I have Win 7 installed already (catch 22). I think I need an installer and product key to go from Vista... can't find anything useful from Microsoft or even ebay. I don't currently have a Win 7 or Win 10 product key. I'm not looking for anything illegal and/or free. I have money to do it properly and legally...
Does anyone have the secret code for this besides use of a time machine?
There are still a lot of resources in the net when searching for "upgrade vista to windows 7".
Vista must have SP1 or SP2 installed and you need a Windows 7 DVD (full version) matching the Vista type (32 / 64 bit). Possible upgrade paths are Basic/Premium -> Home or Ultimate, Business -> Professional or Ultimate, and Ultimate -> Ultimate.
When booting from the installation DVD, Vista should be detected and you should be offered an upgrade option. When installation is finished you have to enter the license key.
Your approach is flawed. Copy the things that you need to backup and do a clean install. Vista has a bloated registry out of the box, let alone how bad it must be after years of use.
I get that you don't want to spend the time re-installing your needed software, but ultimately I think you'll spend more time trying to do an upgrade, which may well result in a corrupted OS that needs to be re-imaged anyway.
"There are three kinds of lies: lies, damned lies and statistics."
- Benjamin Disraeli
He might check/ask about the router used in France. Some have options to deny outgoing SMTP for specific sources (connected devices) and/or white lists for allowed SMTP servers (servers of the provider itself and common ones like GMail).
The only other reason I can think of is that his IP address is blocked by the mail provider. While this happens sometimes for address ranges that has been noticed for spamming I have not heard so far for addresses being blocked by location.
I suggest to check if the provider uses some blocking (web research first and then optionally by contacting them).
For further analysis you/we need some more information:
Outlook error message
Mail provider (e.g. the SMTP server name)
Used internet connection (provider in France)
What configuration/setting should I ask him to look at in Outlook ?
I bet his email is from his ISP and he doesn't have the SMTP server set with credentials. When in Canadia he won't need this as he will be using the network the mail server is a part of so it just lets email through.
In Outlook go to File -> Account Settings -> Account Settings. Click on the Email Account and click Change. Now click on the More Settings... button this will bring up a dialog box with 4 tabs (I'm on Hosted Exchange so can't see what POP3/IMAP has). One of these if for the Outgoing Server, check the box next to Use the same credentials as Incoming server and he will login to the SMTP server and be allowed to send emails.
"I controlled my laughter and simple said "No,I am very busy,so I can't write any code for you". The moment they heard this all the smiling face turned into a sad looking face and one of them farted. So I had to leave the place as soon as possible." - Mr.Prakash One Fine Saturday. 24/04/2004
Just wondering what others are using for log analysis, metrics, reporting. My company is thinking of using LogRhythm and from what I've heard its not so great at the analystics piece but is good on security. What tools do you guys use for troubleshooting, analysis, metrics and general health reporting?
Last Visit: 31-Dec-99 18:00 Last Update: 23-Sep-23 6:57