Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Win10 knowledge anyone? SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Win10 knowledge anyone?
OK... I bought a laptop December 2015 (Acer Aspire ES 13) (OEM) at startup I killed most unnecessary (for me) services... wuaultc, wmibrsr & several others... I use this comp abt. 4 days / week, Other comps usually...

K, today I got my first BSOD while surfing wikipedia, that's still fine... When I run CCleaner things went quite interesting...

On register (/Ccleaner) there is 39 InProcServ references towards OneDrive contained files.. I did kill all references of onedrive after starting this comp, don't even have microsoft account to use onedrive services..
Still this comp is trying to start software from unkown onedrive content..

Oh well, this is microsoft... but any of u seen same kind of behaviour? Any advice?

-Teemu
Teemu

10 Posts
If what you killed is wuauCLT.exe then you killed auto updates which is a bad thing.

If you do not sign in with a MS account OneDrive will not do anything so there is no need to worry about it. You can right-click the system tray icon and select close and it will go away. There will still be a folder in Windows Explorer which can not be removed as far as I know. Simply ignore that as well.
PW

65 Posts
What other services did you "kill"? It could probably be the root of the problem. Chaser1

1 Posts
I kill many processess... Win auto-updates gone wrong kills my comp, I prefer to keep my comps in a working state.. I manually update what is necessary, but I certainly don't give MS access to change my comps... I have own Intra, I manage all the firewalls, switches, servers and workstations... I need those to work, not MS killing most comps with update coded wrong...
And Antivirus/anti-malware are free (not related to MS)... Works fine... Mainly I use Linux for my affairs, need windows on occasion... But automatic updates have been / are still no no... And IDS/IPS is implemented working fine with my other HW... I don't need broken / spying MS fixes...
Teemu

10 Posts
MS Automatic updates kills my comps too often... I manually update those packets what I need, and which won't crash my system... WuAultc + WMIBrowser use too much resources, they are not needed... I have no problem with most WIN Services killed, I can still use my workstations as needed without constant crashes due to MS updates which are inserted into comps without choice to install or not...

Works for me...
Teemu

10 Posts

Sign Up for Free or Log In to start participating in the conversation!