Protecting Against Malicious Code

This post was originally published on this site

Original release date: September 28, 2018 | Last revised: April 11, 2019

What is malicious code?

Malicious code is unwanted files or programs that can cause harm to a computer or compromise data stored on a computer. Various classifications of malicious code include viruses, worms, and Trojan horses.

  • Viruses have the ability to damage or destroy files on a computer system and are spread by sharing an already infected removable media, opening malicious email attachments, and visiting malicious web pages.
  • Worms are a type of virus that self-propagates from computer to computer. Its functionality is to use all of your computer’s resources, which can cause your computer to stop responding.
  • Trojan Horses are computer programs that are hiding a virus or a potentially damaging program. It is not uncommon that free software contains a Trojan horse making a user think they are using legitimate software, instead the program is performing malicious actions on your computer.
  • Malicious data files are non-executable files—such as a Microsoft Word document, an Adobe PDF, a ZIP file, or an image file—that exploits weaknesses in the software program used to open it. Attackers frequently use malicious data files to install malware on a victim’s system, commonly distributing the files via email, social media, and websites.

How can you protect yourself against malicious code?

Following these security practices can help you reduce the risks associated with malicious code:

  • Install and maintain antivirus software. Antivirus software recognizes malware and protects your computer against it. Installing antivirus software from a reputable vendor is an important step in preventing and detecting infections. Always visit vendor sites directly rather than clicking on advertisements or email links. Because attackers are continually creating new viruses and other forms of malicious code, it is important to keep your antivirus software up-to-date.
  • Use caution with links and attachments. Take appropriate precautions when using email and web browsers to reduce the risk of an infection. Be wary of unsolicited email attachments and use caution when clicking on email links, even if they seem to come from people you know. (See Using Caution with Email Attachments for more information.)
  • Block pop-up advertisements. Pop-up blockers disable windows that could potentially contain malicious code. Most browsers have a free feature that can be enabled to block pop-up advertisements.
  • Use an account with limited permissions. When navigating the web, it’s a good security practice to use an account with limited permissions. If you do become infected, restricted permissions keep the malicious code from spreading and escalating to an administrative account.
  • Disable external media AutoRun and AutoPlay features. Disabling AutoRun and AutoPlay features prevents external media infected with malicious code from automatically running on your computer.
  • Change your passwords. If you believe your computer is infected, change your passwords. This includes any passwords for websites that may have been cached in your web browser. Create and use strong passwords, making them difficult for attackers to guess. (See Choosing and Protecting Passwords and Supplementing Passwords for more information.)
  • Keep software updated. Install software patches on your computer so attackers do not take advantage of known vulnerabilities. Consider enabling automatic updates, when available. (See Understanding Patches and Software Updates for more information.)
  • Back up data. Regularly back up your documents, photos, and important email messages to the cloud or to an external hard drive. In the event of an infection, your information will not be lost.
  • Install or enable a firewall. Firewalls can prevent some types of infection by blocking malicious traffic before it enters your computer. Some operating systems include a firewall; if the operating system you are using includes one, enable it. (See Understanding Firewalls for Home and Small Office Use for more information.)
  • Use anti-spyware tools. Spyware is a common virus source, but you can minimize infections by using a program that identifies and removes spyware. Most antivirus software includes an anti-spyware option; ensure you enable it.
  • Monitor accounts. Look for any unauthorized use of, or unusual activity on, your accounts—especially banking accounts. If you identify unauthorized or unusual activity, contact your account provider immediately.
  • Avoid using public Wi-Fi. Unsecured public Wi-Fi may allow an attacker to intercept your device’s network traffic and gain access to your personal information.

What do you need to know about antivirus software?

Antivirus software scans computer files and memory for patterns that indicate the possible presence of malicious code. You can perform antivirus scans automatically or manually.

  • Automatic scans – Most antivirus software can scan specific files or directories automatically. New virus information is added frequently, so it is a good idea to take advantage of this option.
  • Manual scans – If your antivirus software does not automatically scan new files, you should manually scan files and media you receive from an outside source before opening them, including email attachments, web downloads, CDs, DVDs, and USBs.

Although anti-virus software can be a powerful tool in helping protect your computer, it can sometimes induce problems by interfering with the performance of your computer. Too much antivirus software can affect your computer’s performance and the software’s effectiveness.

  • Investigate your options in advance. Research available antivirus and anti-spyware software to determine the best choice for you. Consider the amount of malicious code the software recognizes and how frequently the virus definitions are updated. Also, check for known compatibility issues with other software you may be running on your computer.
  • Limit the number of programs you install. Packages that incorporate both antivirus and anti-spyware capabilities together are now available. If you decide to choose separate programs, you only need one antivirus program and one anti-spyware program. Installing more programs increases your risk for problems.

There are many antivirus software program vendors, and deciding which one to choose can be confusing. Antivirus software programs all typically perform the same type of functions, so your decision may be based on recommendations, features, availability, or price. Regardless of which package you choose, installing any antivirus software will increase your level of protection.

How do you recover if you become a victim of malicious code?

Using antivirus software is the best way to defend your computer against malicious code. If you think your computer is infected, run your antivirus software program. Ideally, your antivirus program will identify any malicious code on your computer and quarantine them so they no longer affect your system. You should also consider these additional steps:

  • Minimize the damage. If you are at work and have access to an information technology (IT) department, contact them immediately. The sooner they can investigate and “clean” your computer, the less likely it is to cause additional damage to your computer—and other computers on the network. If you are on a home computer or laptop, disconnect your computer from the internet; this will prevent the attacker from accessing your system.
  • Remove the malicious code. If you have antivirus software installed on your computer, update the software and perform a manual scan of your entire system. If you do not have antivirus software, you can purchase it online or in a computer store. If the software cannot locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk. Note that reinstalling or restoring the operating system typically erases all of your files and any additional software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities.

Threats to your computer will continue to evolve. Although you cannot eliminate every hazard, by using caution, installing and using antivirus software, and following other simple security practices, you can significantly reduce your risk and strengthen your protection against malicious code.

Author: CISA

This product is provided subject to this Notification and this Privacy & Use policy.

Adding more cores to a VMClient : Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition

This post was originally published on this site

I am trying to add more cores to a VM client running on  the following HP Server and I am getting the following error:


Feature ‘Hot-Pluggable virtual HW’ is not licensed with this edition.


What do I need to purchase in order to add more cores?  The server has 1 CPU and 6 cores?


Product: VMware vSphere 6 Hypervisor Licensed for 1 physical CPUs (unlimited cores per CPU)
License Key: H129K-0UL9L-28Y88-XXXX-XXXX
Expires: Never

Product Features:
    Up to 8-way virtual SMP


Reconfiguration fails on standalone with vim.fault.NoPermission during registry access

This post was originally published on this site

The relevant fragment of the worker log appears to be as below.  What could this be caused by?  Is there a possible workaround / solution?



2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Starting system reconfiguration …

2018-09-13T23:46:00.234+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Using temp dir C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] ReconfigurationTransaction: cached guest system volume

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalPathToGuestSystemFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS

2018-09-13T23:46:00.281+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] LocalUndoFolder: .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$

2018-09-13T23:46:00.828+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSYSTEM is loaded under the name mntApi233162130830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] [LoadTempHive] Registry hive .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWSsystem32configSOFTWARE is loaded under the name mntApi233646505830690227

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Populating predefined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Processing user-defined expressions …

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetServicesACPIValueName StartValueType 1 dataPattern 0

2018-09-13T23:46:02.109+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = MicrosoftWindows NTCurrentVersionValueName CurrentTypeValueType 0 dataPattern Multiprocessor.*

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabaseprimary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Evaluating registry expression, Key = CurrentControlSetControlCriticalDeviceDatabasesecondary_ide_channelValueName ServiceValueType 0 dataPattern atapi

2018-09-13T23:46:02.125+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Applying reconfigurations …

2018-09-13T23:46:02.156+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 2 (opening key) saving registry key mntApi233162130830690227ControlSet001Servicesrhelfltr into .vstor2-mntapi20-shared-8C73F4D0000010000000000005000000WINDOWS$Reconfig$mntApi233162130830690227-ControlSet001-Services-rhelfltr-reg

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Error 5 (error restoring key: Access is denied (5)) restoring registry key C:Program FilesVMwareVMware vCenter Converter StandalonedataSKUNKWORKS_FILLER into mntApi233162130830690227ControlSet001Servicesrhelfltr

2018-09-13T23:46:02.250+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] Reconfiguration failed with: vim.fault.NoPermission

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Rolling back the reconfiguration transaction…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Deleting pending files…

2018-09-13T23:46:02.250+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=task-3] Writing the undo log …

2018-09-13T23:46:02.328+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233646505830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Unloaded hive mntApi233162130830690227

2018-09-13T23:46:02.359+01:00 info vmware-converter-worker[05116] [Originator@6876 sub=Default] Cleaning up temp directory C:WINDOWSTEMPvmware-tempvmware-SYSTEMsysReconfig …

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=task-3] TaskImpl has failed with MethodFault::Exception: converter.fault.ReconfigurationFault

2018-09-13T23:46:02.359+01:00 error vmware-converter-worker[05116] [Originator@6876 sub=Default] Task failed:

ESXi 6.0 U3 installation stuck on enter root password page

This post was originally published on this site

HI while installing custom made ESXi 6.0 image into HP Proliant DL380 Gen 10 server, I am stuck on enter root password page.


My logical disk is show at remote section and not on local. I can still choose remote location and pressing enter takes me to set root password.


This is where I am stuck, I try to enter password to root section but as soon as I hit seven characters it says password mismatch, even though I have not enter password on confirm password section.

Pressing enter key dose not seem to work here but still can press back (F9) and ESC key.


Not sure what the problem is.


The custom image consist of ESXi 6.0.0 offline bundle and contains this driver VIB package from HP website found below:

Drivers & Software – HPE Support Center.

What is Malware

This post was originally published on this site

Malware is software–a computer program–used to perform malicious actions. In fact, the term malware is a combination of the words malicious and software. Cyber criminals install malware on your computers or devices to gain control over them or gain access to what they contain. Once installed, these attackers can use malware to spy on your online activities, steal your passwords and files, or use your system to attack others.

Securing Enterprise Wireless Networks

This post was originally published on this site

Original release date: September 4, 2018 | Last revised: September 28, 2018

What is enterprise network security?

Enterprise network security is the protection of a network that connects systems, mainframes, and devices―like smartphones and tablets―within an enterprise. Companies, universities, governments, and other entities use enterprise networks to help connect their users to information and people. As networks grow in size and complexity, security concerns also increase.

What security threats do enterprise wireless networks face?

Unlike wired networks, which have robust security tools—such as firewalls, intrusion prevention systems, content filters, and antivirus and anti-malware detection programs—wireless networks (also called Wi-Fi) provide wireless access points that can be susceptible to infiltration. Because they may lack the same protections as wired networks, wireless networks and devices can fall victim to a variety of attacks designed to gain access to an enterprise network. An attacker could gain access to an organization’s network through a wireless access point to conduct malicious activities—including packet sniffing, creating rouge access points, password theft, and man-in-the-middle attacks. These attacks could hinder network connectivity, slow processes, or even crash the organization’s system. (See Securing Wireless Networks for more information on threats to wireless networks.)

How can you minimize the risks to enterprise Wi-Fi networks?

Network security protocols have advanced to offset the constant evolution of attacks. Wi-Fi Protected Access 2 (WPA2) incorporates Advanced Encryption Standard (AES) and is the standard employed today to secure wireless enterprises. In June 2018, the Wi-Fi Alliance began certifying devices that support Wi-Fi Protected Access 3 (WPA3), which replaces WPA2. Users should employ the new standards as WPA3 devices become available. IT security professionals and network administrators should also consider these additional best practices to help safeguard their enterprise Wi-Fi networks:

  • Deploy a wireless intrusion detection system (WIDS) and a wireless intrusion prevention system (WIPS) on every network.
  • Ensure existing equipment is free from known vulnerabilities by updating all software in accordance with developer service pack issuance.
  • Use existing equipment that can be securely configured.
  • Ensure all equipment meets Federal Information Processing Standards (FIPS) 140-2 compliance for encryption.
  • Ensure compliance with the most current National Institute of Standards and Technology. (See Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i.)
  • Establish multifactor authentication for access to your network. If this is not possible, consider other secure authentication means beyond a single shared password, such as Active Directory service authentication or an alternative method (e.g., tokens) to create multifactor authentication into your network.
  • Use Extensible Authentication Protocol-Transport Layer Security certificate-based methods (or better) to secure the entire authentication transaction and communication.
  • Use Counter Mode Cipher Block Chaining Message Authentication Code Protocol, a form of AES encryption used by Wireless Application Protocol 2 (WAP) enterprise networks sparingly. If possible, use more complex encryption technologies that conform to FIPS 140-2 as they are developed and approved.
  • Implement a guest Wi-Fi network that is separate from the main network. Employ routers with multiple Service Set Identifiers (SSIDs) or engage other wireless isolation features to ensure that organizational information is not accessible to guest network traffic or by engaging other wireless isolation features.

What else can you do to secure your network?

Employing active WIDS/WIPS enables network administrators to create and enforce wireless security by monitoring, detecting, and mitigating potential risks. Both WIDS and WIPS will detect and automatically disconnect unauthorized devices. WIDS provides the ability to automatically monitor and detect the presence of any unauthorized, rogue access points, while WIPS deploys countermeasures to identified threats. Some common threats mitigated by WIPS are rogue access points, misconfigured access points, client misassociation, unauthorized association, man-in-the-middle attacks, ad-hoc networks, Media Access Control spoofing, honeypot/evil twin attacks, and denial-of-service attacks.

The following list includes best practices to secure WIDS/WIPS sensor networks. Administrators should tailor these practices based on  local considerations and applicable compliance requirements. For more in-depth guidance, see A Guide to Securing Networks for Wi-Fi (IEEE 802.11 Family).

  • Use a rogue detection process capability. This capability should detect Wi-Fi access via a rogue client or WAP, regardless of the authentication or encryption techniques used by the offending device (e.g., network address translation, encrypted, soft WAPs).
  • Set the WIDS/WIPS sensors to
    • detect 802.11a/b/g/n/ac devices connected to the wired or wireless network and
    • detect and block multiple WAPs from a single sensor device over multiple wireless channels.
  • Enforce a “no Wi-Fi” policy per subnet and across multiple subnets.
  • Provide minimal secure communications between sensor and server, and identify a specific minimum allowable Kbps―the system shall provide automatic classification of clients and WAPs based upon enterprise policy and governance.
  • Provide automated (event-triggered) and scheduled reporting that is customizable.
  • Segment reporting and administration based on enterprise requirements.
  • Produce event logs and live packet captures over the air and display these directly on analyst workstations.
  • Import site drawings for site planning and location tracking requirements.
  • Manually create simple building layouts with auto-scale capability within the application.
  • Place sensors and WAPs electronically on building maps to maintain accurate records of sensor placement and future locations.
  • Have at least four different levels of permissions allowing WIPS administrators to delegate specific view and administrator privileges to other administrators.
  • Meet all applicable standards and, if Federal Government, comply with the Federal Acquisition Regulation.

Author: NCCIC

This product is provided subject to this Notification and this Privacy & Use policy.

Start of VMWARE Workstation Player fails

This post was originally published on this site


I have a new Computer (HP Spectre x360 with AMD Ryzon and Windows 10 pro.

If i try to start Vmware Workstation Player 14 i get a error message:


Windows 7 Pro Work Vmware Workstation 14 Player

Vmare Player and Device/Credential Guard are not compatible.
Player can be run after disabling Device/Credential Guard.


I was visit the suggested web site for turn off Device/Credential Guard, but found no answer.
Have anyone a idea, what i can do in this case?


The Windows Defender guard is deactivated also Virtualization based security.

Thank you for help.