Sysmon update introduces DNS Query Logging

A new version of the Sysmon tool will be released on Tuesday 11, 2019 that introduces DNS query logging to the Windows system monitor.
Mike Russinovich, the creator of the tool and Microsoft Azure CTO, teased the new feature in a message on Twitter on June 8, 2019.
The system monitor Sysmon extends the functionality of the Windows Event log by monitoring the system for certain events and writing them to the event log.
Tip: check out our review of Sysmon 5 to get a better understanding of the free application.
Sysmon: dns query logging

The next Sysmon release introduces support for DNS query logging. Russinovich published a screenshot on Twitter that showcases the new feature. The screenshot shows logged DNS queries and information about one of the logged queries.
Particularly interesting is the linking of the query to a specific executable on the system and that DNS query responses are logged as well. The value of “Image” reveals the program the query initiated from.
The Windows Event Log supports the logging of DNS queries but it needs to be enabled first before Windows starts logging these events, and does not highlight the executable file that initiated the query.
Here is how you enable DNS logging on Windows:

Use Windows-R to open the run box on the system.
Type eventvwr.msc and tap on the Enter-key to load the Event Viewer.
Navigate the following path: Applications and Service Logs > Microsoft > Windows > DNS Client Events > Operational
Right-click on Operational, and select Enable Log.

Closing words
The new Sysmon feature improves DNS query logging on Windows. Especially the logging of executable filenames and paths should be welcome as it makes it easier to identify the programs a DNS query originated from.
Regularly going through the DNS query log could highlight programs that leak information potentially or are dangerous. The feature may also be useful when it comes to the logging of software installations or updates to verify what is happening in the background.
The new version of Sysmon will be published on Microsoft’s Sysinternals website.
Now You: do you analyze DNS queries? (via Bleeping Computer)
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Sysmon update introduces DNS Query Logging appeared first on gHacks Technology News.

Windows 10 version 1903 available for all manual seekers

Microsoft released the May 2019 Update, also known as Windows 10 version 1903, on May 22, 2019 officially. The company limited the availability of the initial release significantly by making it available to “seekers” only and limiting it to certain hardware configurations.
Seekers refers to administrators who run manual update checks on devices they administrate. Administrators could run a manual update check on Windows 10 version 1809 devices, the previous version of Windows 10, and get nothing returned if the hardware configuration did not match Microsoft’s initial selection or if other issues, e.g. incompatible drivers, were discovered.
Microsoft updated the release document on June 6, 2019 to indicate the broader availability of the new Windows 10 feature update.
The note at the top of the linked page states that the feature update is now available to all customers who run a manual check for updates.
Current status as of June 6, 2019:
Windows 10, version 1903 is available for any user who manually selects “Check for updates” via Windows Update. The recommended servicing status is Semi-Annual Channel.
All in this regard does not necessarily mean “all” as several update blocks are in place that prevent certain systems with known issues from being upgraded at the time of writing.
Updates won’t be offered to devices with “certain Intel drivers”, the Dynabook Smartphone Link application, systems with the Store applications Dolby Access or Dolby Atmos installed, and devices with certain Realtek or Qualcomm Bluetooth radios among others.

Windows 10 administrators can run a manual check for updates in the following way:

Use the keyboard shortcut Windows-I to open the Settings application.
Go to Update & Security.
Click on the “check for updates” button.

Windows Update should return the new feature update provided that no upgrade blockers were discovered during the check.
The update should be displayed underneath the update check button. Microsoft changed the handling of feature updates recently by separating them from regular cumulative updates that it releases for Windows 10.
Previously, if an admin ran a manual check for updates, feature updates would be installed alongside any other update for the operating system. The change skips the automatic installation of feature updates; these are displayed on the Windows Update page when discovered and need to be started manually.
The separation eliminates one major point of criticism leveled at Microsoft when it comes to Windows Updates: feature updates won’t be installed automatically anymore when users run manual update checks.
Feature updates will continue to be installed automatically if the installed version of Windows 10 is about to reach end of support.
A click on “download and install now” starts the download and installation process of the new update.
Tip: check out this support article if you get a “what needs your attention” prompt during the installation of the upgrade.
Now You: do you run Windows 10? Which version, and why? (via Windows Latest)
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Windows 10 version 1903 available for all manual seekers appeared first on gHacks Technology News.

Ads in Windows 10 apps may open deceptive webpages

Windows 10 users who run ad-powered applications on their systems may be targeted by deceptive and fraudulent campaigns that make them believe that their PC is infected or that they have won an iPhone currently.
Several core Windows applications, e.g. Microsoft News, that come with the operating system natively display advertisement, and it appears that several of these ad-powered applications are causing the issue for users currently.
When a fraudulent ad is picked by the ad server, it is displayed to the user in the application. The advertisement opens a webpage in the default browser and displays either something scary, e.g. the PC is infected, or tempting, e.g. you won an iPhone.
The webpage that tries to intimidate the user states for example that viruses were found on the PC on a webpage that resembles the official Microsoft webpage.
via Günter Born
It may not be clear right away that the message is fake; experienced users may notice that it is and close the window, but inexperienced users may follow the advice and either get their systems infected in the process, submit personal information to the operator of the fake site, or make a purchase.
A (German) Microsoft Answers support page highlights the issue already. Microsoft MVP volunteer moderator Ingo Böttcher confirms that Windows Apps may open fake websites that scare the user with virus infection messages or suggest that the visitor won a high end gadget in the lottery.
According to the post, the issue is caused by fraudulent advertisement campaigns that run on Microsoft’s advertising network.
Users are advised to close the tabs or webpages; doing so won’t do any harm to the computer or personal files. The messages are fake, and the computer us not infected with a virus or trojan as suggested by the fake webpage.
There is little that affected users can do currently. Apart from not running the applications that display these fraudulent advertising campaigns, there is little that the average user may do. Experienced users may install and configure a DNS-based ad-blocking solution to deal with the issue. Everyone else needs to wait for Microsoft to kick the fraudulent campaigns and their publishers from its network.
Closing Words
Microsoft is not the only company that lets fraudulent advertising campaigns on its network. Google Search displayed “your computer appears affected” messages on Google Search in the past, and other major advertising companies had similar incidents in the past.
The incident shows once again that advertisement in its current form poses a risk on the Internet. The only option that users have is to protect their systems with ad-blockers.
Ad companies like Microsoft, Google, or Facebook, need to make advertisement safe, e.g. by restricting advertisement, before things have a chance to normalize themselves.
Advertisement is needed to power sites like Ghacks and many others but it is getting more difficult each year to finance sites through advertisement.
Now You: What is your take on this?
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Ads in Windows 10 apps may open deceptive webpages appeared first on gHacks Technology News.

Windows 10 20H1 Preview: Your Phone App gets a massive boost

Microsoft released a new Windows 10 version 20H1 build to the Insider Preview channel on May 29, 2019 that brings the version to 18908.
The new build introduces massive improvements to the Your Phone application. Your Phone and the companion app for Android and iOS, links mobile devices and Windows 10 PCs so that mobile phone functionality becomes available on the Windows 10 PC.
Microsoft focuses on the Android version of Your Phone currently and most of the changes outlined below apply only to it currently.
The current version of Your Phone for Windows 10 version 1903 has limited functionality. Depending on your device, you may use it to reply to SMS messages, view phone notifications, transfer photos, or use screen mirroring.

Microsoft published a support article recently in which it confirmed that the Your Phone application cannot be uninstalled on Windows 10 PCs because of its importance.
The new Insider Preview build improves the functionality of the Your Phone application significantly. Here is an overview of the new functionality:

Screen Reading: TalkBalk users may enable the Your Phone Companion in this build in the Android accessibility settings for “smoother cross-device reading”. Narrator on the Windows PC will describe what is happening on the phone screen when you activate the feature.
Focus Tracking: Focus Tracking is another accessibility feature that magnifies content around the mouse cursor. The feature requires that you enable the Your Phone Companion in the accessibility settings of the Android device. One turned on, use the PC magnifier shortcut Windows+ to get started.
Keyboard language and layout: A new icon to set the preferred keyboard language and layout for the physical keyboard of the PC.
New Phone Screen support: Phone screen supports more Samsung phone models including Samsung Galaxy A8 and A8+.
New Messaging features: A large number of new messaging features landed in this build:

Send and receive MMS messages.
New unread message indicator.
Sync contact thumbnails for all contacts.
In-line reply functionality.
Emoji Picker.

Mobile Data Sync: Previous versions of Your Phone required that you connect the Android device to the Wi-Fi network. The new version introduces support for mobile data syncing so that this is not necessary anymore. Just open the Your Phone Companion app settings and check the “sync over mobile data” option in the settings to enable the option.

The changes are available in the latest preview builds of the first feature update release in 2020. It is possible that some will change or be removed before the release of the final version of Windows 10 in 2020.
Closing Words
I can see Your Phone becoming popular to some user groups, e.g. business users who work on Windows 10 PCs and mobile devices. If you need to reply to customers regularly on your phone, you may prefer using a keyboard for that and that is one of the core features that Your Phone delivers.
It is not the first Android app that offers the functionality but it is the first that is tightly integrated into the Windows operating system.
Now You: What is your take on the Your Phone app?
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Windows 10 20H1 Preview: Your Phone App gets a massive boost appeared first on gHacks Technology News.

WindowGrid: improve window moving, resizing, and aligning on Windows

WindowGrid is a free program for Microsoft Windows devices that improves how you move, resize, and align windows on Windows devices.
Modern versions of the Windows operating system come with some options in that regard. You may use drag and drop to align windows to the side or make them fullscreen, use the keyboard for that instead, or use the window aligning options when you right-click on the taskbar. WindowGrid takes those concepts and improves them further.

You can run WindowGrid without installation or install the application if you prefer to do so. It requires the Microsoft .NET Framework 4.6. The application adds an icon to the System Tray area that indicates that it is active.
WindowGrid places an invisible grid on the desktop that it uses to improve window operations. The default grid size is 12×6 but you may change it and other options in the settings.
The entire operation requires just the mouse. Here is how it works:

Start with a basic left-click mouse drag operation to move a window
Right-click while holding down the left mouse button to display the grid.
Move the window to the desired location and release the right mouse button. The window snaps to the grid automatically.
Use the cursor to resize the window while holding the left mouse button.
Release the left mouse button.

Repeat the process for any other window that you may want to align on the desktop.
Customization options

Right-click on the extension icon and select settings to open the program options. There you find options to change the default grid size, e.g. to increase or decrease the number of cells used to place program windows, and to change the default key bindings.
While you can use WindowGrid with the mouse, you may also use it using the keyboard instead instead of using mouse buttons. The default keys are Space for Resize and Left-Ctrl for Move but you may add additional keys or mouse buttons to the bindings or change existing ones.
You find additional options in the settings such as changing updating behavior, showing window contents while dragging windows, or changing blur and opacity during the operation.
Closing Words
WindowGrid is a useful productivity tool for Windows that improves how you resize, move, and align windows on the system. The program is not the first of its kind: we reviewed programs like Gridy,  TicClick, WinLayout, or GridMove in the past that offer similar functionality. Most of these are not in active development anymore, however.
The developer of WindowGrid plans to add options to save window locations in a future update which would improve the app further.
The only downside is that it uses quite a bit of memory as a .NET Framework application (used about 72 Megabytes in two processes on a Windows 10 Pro test system).
Now You: Which small tools do you use to improve your productivity?
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post WindowGrid: improve window moving, resizing, and aligning on Windows appeared first on gHacks Technology News.

Look up hard disk information with PowerShell

Windows PowerShell is quite powerful when it comes to looking up hard disk information. While you may look up some information in Windows directly, e.g. in Disk Management, or by using third-party programs like Hard Disk Validator, Disk Checkup, or DiskBoss, using PowerShell is a quick and easy option as well.
Hard disks are essential on Windows as they store operating system data and user data. The devices don’t last forever, and a hard disk failure can easily lead to all sorts of issues including data loss if backups are not available (or corrupt).
PowerShell comes with several commands that return information about connected internal and external storage devices.
You may start a new PowerShell console by opening Start, typing Powershell, and selecting the item from the list of results. The commands don’t require elevation to run.
Option 1: Retrieve general information

The command: get-wmiobject -class win32_logicaldisk
Run the command get-wmiobject -class win32_logicaldisk to look up core information about each connected hard drive. The command returns drive letters and types, the overall size and free space in bytes, and the volume name.
Drive type uses a numerical code:

0 — Unknown
1 — No Root directory
2 — Removable Disk
3 — Local Disk
4 — Network Drive
5 — Compact Disc
6 — Ram Disk

You may use filters to display only select drive types, e.g. Get-WmiObject -Class Win32_logicaldisk -Filter “DriveType =4” to display network drives only.
Option 2: Retrieve hard drive properties

The command: wmic diskdrive get
The core command wmic diskdrive get needs to be followed by one or multiple properties.
The command wmic diskdrive get Name,Model,SerialNumber,Size,Status returns names, model types, serial numbers, the overall size in bytes, and the status for all connected hard drives.
Other properties that you may retrieve include InstallDate, InterfaceType, FirmwareRevision, DefaultBlockSize, CompressionMethod, Capabilities, Availability, LastErrorCode, or PowerManagementCapabilities.
Just add, replace, or remove any property from the command to create a custom one.
Closing Words
The PowerShell commands may be useful in certain situations. Apart from use in scripts, you may use them to quickly look up the status of all drives, look up serial numbers or error codes, or capabilities.
Some users may prefer to use a program with a graphical interface like Crystal DiskInfo for that, and that is perfectly fine as well.
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Look up hard disk information with PowerShell appeared first on gHacks Technology News.

Windows 10 1903: the case of the missing update deferral options

Windows 10 machines that have received the Windows 10 version 1903 feature update, the May 2019 Update, may lack update deferral options in the Settings application.
Windows 10 administrators may defer feature updates to block their installation on devices that they manage. Microsoft changed the existing update behavior significantly with the release of Windows 10 version 1903; feature updates are not installed automatically anymore when they become available.
Feature updates are separated from regular monthly updates. The latter get installed just like they did before but feature updates are highlighted to users but not installed. The updates will be installed eventually if the admin does not take action but only when the currently installed version is about to reach end of support.
Admins had to defer updates previously to block the installation of feature updates on managed Windows 10 devices. Microsoft added new update options to Windows 10 version 1903 as well.
I ran a story in March 2019 that covered the removal of deferral options in Windows 10 version 1903. The information was based on an Insider Build. Now, with the final release of Windows 10 version 1903, it is time to take another look.
Bad news is that the situation is not clear entirely. When I open Settings > Update & Security > Advanced Options on a Windows 10 version 1903 test system, I don’t see feature update or quality update deferral options listed.

The only available option is to pause the update for up to 7 days on that page.  Administrators could use the options previously to defer feature updates by up to 365 days.
Some users report that they still have these options in the Settings application, see Günter Born’s analysis of the issue. Born comes to the same conclusion: some systems display the deferral options in Settings, others don’t. He was not able to figure out why that is the case and concluded that it is likely a bug that Microsoft has not addressed yet.
It is unclear if Microsoft’s intention is to remove the deferral options from the Settings or if the company never had the intention to do so. Is the lack of deferral options the bug, or the presence of them?
Could other factors play a role? Maybe. Certain Enterprise-features could impact the visibility of the feature but nothing has been confirmed and tests are not conclusive.
Group Policy

Deferral options are still available in the Group Policy. Tap on the Windows-key, type gpedit.msc, and hit the Enter-key to launch the Group Policy Editor (professional versions only).
Go to Computer Configuration > Administrative Templates > Windows Components > Windows Update > Windows Update for Business.
There you find “Select when Preview Builds and Feature Updates are received” and “Select when Quality Updates are received”.
Closing Words
It is still possible to use deferral options on Pro, Enterprise, and Education versions of Windows 10 version 1903. Admins who don’t find them in the Settings application may still configure these in the Group Policy.
Now You: Bug or feature, what is your take?
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Windows 10 1903: the case of the missing update deferral options appeared first on gHacks Technology News.

Microsoft: Windows 10 Your Phone app is too important to be uninstalled

Ah, Windows 10 and the applications that are included with the operating system by Microsoft. Windows 10 ships with a bunch of first-party native applications like Paint 3D, Weather, Sports, Print 3D, Money or Your Phone, as well as third-party application suggestions. First-party applications are usually installed, third-party apps displayed as links only.
One of the main usability issues when it comes to apps on Windows 10 is that only some may be removed officially. Some may say that this is not different to the classic program system, as users of classic versions of Windows could not uninstall Notepad or Paint official either.
But how do you explain to users that apps like Your Phone, Paint 3D, or Snip & Sketch cannot be uninstalled? The Your Phone application serves no purposes if the user does not want to link a phone to the Microsoft Account and Windows 10 PC. Why then, does it need to remain on the system?

Some apps can be uninstalled natively. Just hit Windows-I to open the Settings application and go to Apps > Apps & Features. There you find many listed including some of the native applications that come with Windows 10.
The Your Phone application cannot be uninstalled or moved, but it is listed at least. Moving may work if you use programs like FreeMove or Symbolic Links, and you can remove core apps in Windows 10 using PowerShell, or third-party programs such as AppBuster, Geek Uninstaller or CCleaner.
Microsoft provides no information usually why apps can’t be moved or uninstalled. The Your Phone application is an exception; Microsoft published a support article on the company website that provides some details (via Bleeping Computer)
The Your Phone app is deeply integrated into Windows to light up multiple cross-device experiences now and in the future. In order to build more of these experiences between phones, PCs, and other devices, the app can’t be uninstalled.
In other words: the app powers several connectivity features already and will support even more in the future.
The Your Phone application supports screen mirroring, replying to SMS messages, viewing notifications, and transferring photos currently on Android.
Closing Words
Windows 10 customers who use Android devices may find the Your Phone application useful, especially if Microsoft manages to integrate more functionality in the app. The iOS app is severely limited at this point. Most customers won’t use the application but will have to live with it unless they use apps or PowerShell to remove it.
Now You: Why do you think Microsoft is preventing some apps from being removed?
Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Microsoft: Windows 10 Your Phone app is too important to be uninstalled appeared first on gHacks Technology News.

How to upgrade Windows 10 with USB, DVD or local media

Most Windows 10 devices are upgraded to newer versions of the operating system using Windows Update or Enterprise-grade update management solutions.
While that works out fine in many cases, some administrators may prefer (or need) to upgrade using other methods. Common scenarios where this may be preferred are local installations without Internet connection, upgrading multiple PCs, or running into errors when trying to upgrade using Windows Update.
Microsoft provides options to create Windows 10 installation media. You may write the data to an USB Flash Drive or DVD, or run the setup directly from the ISO image that gets created during the process.
The following guide walks you through the steps of installing or upgrading Windows 10 using these methods.
Step 1: Create the installation media or ISO image

You may use Microsoft’s Media Creation Tool to create Windows 10 installation media.

Visit the official Microsoft website and download the Media Creation Tool to your system. Click on the “Download tool now” button to start the process.
Run the program once it is on the local system. Note that you can only run it on Windows systems.
Accept the Software License Terms on the first screen to proceed.
Select “create installation media” on the next screen. While you can use it to “upgrade the PC now” as well, it is better, usually, to use installation media as it gives you more control and options should something go wrong.
Keep the detected language, edition and architecture settings, or change them if you need installation media for a different setup.
Select which media you want: USB flash drive or ISO file.

USB Flash Drive: needs to have at least 8 Gigabytes of space. Note that all data on the drive will be deleted in the process.
ISO: no requirements but you need a blank DVD if you want to burn it to DVD (may need dual-layer DVD).

The tool downloads the latest available Windows 10 installation from Microsoft.

If you select the USB option, data is saved to the USB drive and it is prepared so that you may boot from it.
If you select ISO, you get the option to burn it to a DVD if a DVD writer is available. Otherwise, the ISO is just saved to the local system.

Using Windows 10 installation media to upgrade
The installation process depends on the installation media.
Option 1: using USB or DVD installation media
This is probably the common option to upgrade a Windows 10 system. You need to have the installation media at hand to perform the upgrade.

Connect the USB Flash drive to the PC you want to upgrade or insert the DVD  into the drive.
Start the PC or restart it.
Some systems pick up the installation media automatically and boot from it.

If that is not the case, you need to change the boot order (from default hard drive) to the installation media so that it is used. This is done in the BIOS of the PC. Check instructions on the screen to find out how to enter BIOS, usually using ESC, DEL, F1 or one of those keys.
In BIOS, change the boot priority so that the PC checks USB or DVD boot media first before using hard drives.

Make sure you select “keep files and apps” in the setup dialog if you want to upgrade and not do a clean install.
Follow the instructions to install the Windows 10 upgrade on the device.

Option 2: installing directly using an ISO image

If you don’t want to install from USB or DVD, or cannot, you may run setup directly from the ISO image instead. Note that you need to select ISO during creation for that.

Open File Explorer on the Windows 10 device.
Navigate to the folder the ISO image has been saved to (e.g. the Downloads folder).
Right-click on the ISO image and select Open With > Windows Explorer. Doing so mounts the ISO image on Windows so that you may browse it and run files directly.
Open the mounted Windows installation ISO image from the sidebar list of all connected drives and locations if that did not happen automatically.
Launch the setup.exe file that you find in the root folder of the mounted image; this starts the setup and thus the upgrade of the system.
If you are asked whether you want to “get important updates”, select “not right now”.
Make sure you select that “keep personal files and apps” is selected if you want to keep your programs, settings, and files.
Follow the screens to upgrade the device using the ISO image.

Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post How to upgrade Windows 10 with USB, DVD or local media appeared first on gHacks Technology News.

Microsoft releases KB4497935 for Windows 10 version 1903 (major fixes)

Microsoft released KB4497935 to the Release Preview Ring and the Slow Ring on May 24, 2019. The cumulative update for Windows 10 version 1903 fixes several known issues in the operating system including some that prevented systems from being upgraded to that version of Windows 10.
A new Servicing Stack Update, KB4502374, has been released as well. Administrators who install the updates manually need to make sure that they install the Servicing Stack Update before they install the new cumulative update.
The update has not been released yet for Stable clients but downloads are available on third-party sites such as Deskmodder. We recommend that you wait with the installation unless it is really critical to get the update as early as possible.
The stable release is unknown at this point in time. Microsoft could push it out before the June Patch Tuesday update for Windows 10 version 1903, or as part of that update.
KB4497935 for Windows 10 version 1903

KB4497935 addresses the following issues in Windows 10 version 1903:

Fixed the long-standing update blocker that prevented updates to new versions of Windows 10 if an external USB device or SD memory card was connected to the PC.
Fixed the long-standing issue that prevented custom URI schemes from starting the corresponding application for local intranet and trusted sites in Internet Explorer.
Fixed an issue that prevented application protocol URLs from being opened when hosted on Intranet pages.
Fixed an issue that turned Night light mode off when the display mode changes.
Fixed a full screen game rendering distortion issue when the Microsoft Game Bar was visible on top of the game.
Fixed an issue that prevented the removal of Bluetooth peripheral devices.
Fixed Event 7600 having unreadable server name event log entries.
Fixed an issue that caused guest DPI issues not matching the of hosts.
Fixed an issue that caused servers to no longer accept SMB connections.
Fixed a BranchCache issue that caused the feature to use more disk space than assigned to it.
Fixed an issue that prevented some Direct3D applications and games from entering full-screen mode.
Fixed a Windows catalog file creation issue on 64-bit systems.

Ghacks needs you. You can find out how to support us here ( or support the site directly by becoming a Patreon ( Thank you for being a Ghacks reader. The post Microsoft releases KB4497935 for Windows 10 version 1903 (major fixes) appeared first on gHacks Technology News.