MS Defender Update Targets Deployment Images

If you can trust the header data in this MS Support note (I do) it was updated on June 5, 2023. The item is entitled “Windows Defender update for Windows Operating system installation. It describes how to imbue offline Windows images with the latest and greatest Defender capabilities. In fact, that article includes a warning not to apply them to live images. Thus, it’s clear that this MS Defender update targets deployment images.

I got my date information about the article from its HTML meta-data:

<meta name="lastPublishedDate" content="2023-06-05">
<meta name="firstPublishedDate" content="2020-12-04">

How  MS Defender Update Targets Deployment Images

Pre-requisites to run the updates — for WIM and VHD files — include:

  • Works on OS install images for 64-bit Windows 10 and 11, and Windows Server 2016 and 2019
  • OS environment must include PowerShell version 5.1 or newer (current production version is 7.3.4 as I write this)
  • Microsoft.Powershell.Security and DISM modules installed
  • The PowerShell session for the script  <code>DefenderUpdateWinImage.ps1</code> runs with admin privileges. (“Run as administrator” or equivalent.)

The script provides switches to apply, remove or roll back, and list details for the installed update. Useful for those who maintain Windows images and want their security levels up to current snuff.

Find all the details in the MS Support article previously named. Do this before your next scheduled update window, for sure. Of course, this means you’re using Windows Defender as part of your security infrastructure.

MS Is BIG in Security

I just worked on a promotional piece for a joint Rubrik and MIcrosoft security webinar (YouTube video). Amazingly, MS describes itself as “the biggest cyber security company in the world” and did over US$20B in such business in 2022. I guess they do have some legs to stand on in this arena. And indeed, they’re doing all kinds of fascinating stuff with AI and ML to improve their security posture and incident response capabilities. Great stuff!

 

Facebooklinkedin
Facebooklinkedin

Windows 10 COM Surrogate Errors Continue

Hmmmm. About 18 months ago, I blogged about a source of regular crashes on my Windows 10 production PC. Entitled “Chronic COM Surrogate Windows 10 Failures” it goes into possible causes of and fixes for APPCRASH errors relates to the Windows COM Surrogate. As you can see in the Reliability Monitor output at the head of this story, my Windows 10 COM Surrogate errors continue, sometimes multiple times in a day. Sigh.

If Windows 10 COM Surrogate Errors Continue, Then…?

I’ve already tried all of the fixes described in the earlier item and the errors continue. My current error history goes back to May 6, and the COM Surrogate error is mentioned in over half the total error reports involved (5 of 7 items). As I look around online, I see I’m not alone in this situation. It also shows up on most, but not all, of my Windows 11 PCs (of which I currently have 11 at my fingertips).

This feels more like a “feature” even if it is manifestly an “APPCRASH” event. Thankfully, it doesn’t seem to impact system stability, reliability or performance. Sometimes, things like this just pop up in Windows. This one is interesting and mildly vexing, but overall doesn’t seem to impair the user experience.

Feedback Hub Search Results

As I search Feedback Hub on some combination of COM Surrogate, APPCRASH, MoAppHang, and so forth, I see that PowerToys sometimes enters the picture, sometimes not. The nature of the error appears to depend on whether it emerges from an app (usually on the PowerToys components) or an executable (usually DllHost.exe).

But it looks like this issue hasn’t gone away since I dug into it a while back. And based on its common presence on Windows 10 and 11 PCs alike (across production, preview, beta, dev and canary channels as well) it looks like something more constant than intermittent. While I hope MS does fix it sometime (sooner would be better than later), I guess I can live with it while they’re searching for the right “round tuit.”

Facebooklinkedin
Facebooklinkedin

Winget Zip Support Is Uncertain Right Now

I have to laugh, because that beats crying. Upon reading about built-in support for ZIP files added to winget v1.4.0.1071, I had to try it (note: it works in some Preview 1.5.1081 installs as well). I ran into issues on various PCs,owing to a missing dependency item. You can see what that error looks like in the lead-in graphic. It worked on some of my PCs but not all of them. Hence I say: Winget Zip support is uncertain right now. It works in some cases, in others it doesn’t.

Exploring Winget Zip Support Is Uncertain Right Now

If you look at the winget output in the lead-in figure, you’ll see the problem isn’t really with the unZIP process. That completes OK as the output line “Successfully extracted archive…” indicates. It blows up after that as it attempts to use the extracted files to drive actual installation. I’ve reported this to team lead Demitrius Nelson, and he suspects some additional framework package is needed. Seems likely given that “dependency missing” is explicitly cited in the last line of the error message.

I did succeed on a few of my systems whereas several others failed with the error message shown above. Here’s how success looks:

Winget Zip Support Is Uncertain Right Now.works

When things work, it simply installs from the (temporarily) unzipped archive’s contents. Good-oh!

The Store Version Works Around the Issue

If you don’t want to wait for MS to fix this particular — and quite minor — gotcha, download and install the MS Store version instead. I already know that works just fine because I blogged about it last Thursday: Exploring Windows 11 Dev Home. As a member of the “I have to see it working” club, I’m glad I tried winget to take an alternate install path this morning. That gave me the opportunity to report an interesting gotcha to the dev team. And indeed I got a response back within minutes when I reported my findings to them.

Further, I’m pleased to report that I just tried the MS Store technique on one of my affected PCs, and it worked. The Preview version of Dev Home is now running on that machine. Good stuff!

Note Added June 5 Late Afternoon: Fixed?

I reported the issue this morning and got an immediate response with an explanation and a workaround. Just now, I successfully installed DevHome on two more PCs, with no issues. My sample size is waaaaaaaaay too small for me to say “Fixed” But I can say that perhaps it has been addressed. Thus, fixed? No further direct from the WinGet team means I cany guess, but my guess is — I hope — a good one.

 

Facebooklinkedin
Facebooklinkedin

Winget Upgrade May Require Cleanup

OK, then: yesterday dev lead Demetrius Nelson and his Winget team pushed an upgrade to winget. This comes courtesy of the Microsoft Store, and shows up as part of the App Installer and/or Windows Terminal packages. I noticed also that winget would occasionally throw the error “Failed in attempting to update the source: winget” as you can see in the lead-in screencap. What made it interesting was that it happens on some, but not all, of my Windows PCs. Now, let me explain why this post says that the “Winget upgrade may require cleanup.”

Why Say: Winget Upgrade May Require Cleanup?

When I saw this pop up in the wake of the new release, I figured the changes involved in pushing it out the door might have been involved. So I contacted Mr. Nelson and sent him (among other info) the screencap that leads this piece off. He responded this morning and explained how I could fix the issue, using the commands:

winget uninstall Microsoft.Winget.Source_8wekyb3d8bbwe
winget source reset --force

The first string removes the winget package from the PC. The second resets the winget environment, which is why the user must agree to Terms again before winget will run. After that it shows no upgrades are available (“No installed package found matching input criteria” with no accompanying error message (“Failed in attempting to update the source: winget”).

Problem solved; case closed. It’s always good to get the fix right from the source. Had to laugh about the “It won’t break while the engineer is watching” comment he sent me, too. Isn’t that just the way things go in Windows-World (and elsewhere in life)? LOL

See the whole thing here:

The fix is in — and working! Good stuff…

Facebooklinkedin
Facebooklinkedin

Exploring Windows 11 Dev Home

Last week, MS released Windows 11 Dev Channel Build 25375.1 (May 25). Having finally gotten a little ahead of my workflow, I visited the MS Store to download Dev Home (Preview). This afternoon, I’ve been exploring Windows 11 Dev Home (Preview) to see what’s what. So far, it’s pretty interesting…

When Exploring Windows 11 Dev Home, Try These…

In the Dashboard, the “+Add Widget” button lets one add widgets for things that include Memory, Network, CPU and GPU. Of course, as a long-time 8GadgetPack fan, I had to try them out. Here’s what they look like:

The various hardware subsystem widgets aren’t too bad — but not equal to gadget counterparts, either.
[Click image for full-sized view.]

Other elements of Dev Home — as you should expect from the name — are distinctly developer focused. You can interact with GitHub and other development platforms, and configure devices for development using XAML or YAML configuration files (just like the newly-added winget capabilities, through no coincidence whatsoever).

The Official (Store) Word Sez…

MS describes Dev Home (Preview) as follows:

Dev Home is a control center providing the ability to track all of your workflows and coding tasks in one place. It features a streamlined setup tool that enables you to install apps and packages in a centralized location, extensions that allow you to connect to your developer accounts (such as GitHub), and a customizable dashboard with a variety of developer-focused widgets, to give you the information you need right at your fingertips.

This is an open source project and we welcome community participation. To participate, please visit https://github.com/microsoft/devhome

This makes for some interesting and potentially useful capability under a single umbrella. So far, I’m having fun looking around and messing with the widgets. Later on, I’ll get more serious about the dev side of things, and bring Visual Studio and other elements into play. Stay tuned!

 

Facebooklinkedin
Facebooklinkedin

Windows 11 Beta Shows OneDrive Holdings

OK, then. Here’s a minor –but nice — addition to Windows 11 that shows up in Build 22631.1825. That’s right, Windows 11 Beta shows OneDrive Holdings, as you can see in the lead-in graphic. Start → Settings → Accounts takes you where you need to go. It’s right up top, under a heading named “Microsoft storage” as shown in the image.

If Windows 11 Beta Shows OneDrive Holdings, Then What?

I’ve been wary of using OneDrive as a shared file store across multiple PCs. Why? Mostly because things sometimes show up in OneDrive without my specific knowledge or intent. I’ve learned, for example, to explicitly target screencaps in the Pictures folder under my user account folder hierarchy rather than defaulting to the Pictures folder in OneDrive. I shoot tens to hundreds of MB of screencaps monthly (mostly to write about them). I don’t necessarily want them to follow me around to all of my PCs. Ditto for other common Windows File Explorer library folders (Documents, Downloads, Videos, etc.).

But now, I may have to rethink how and when I use OneDrive. It’s now much easier to see when things grow (or worse, mushroom out of control) in that shared store. It occurs to me, for example, when updating apps across my mini-fleet (about a dozen PCs) it might just be easier to download once, stick it in OneDrive, then use it where needed. Just a thought…

Managing OneDrive … Carefully

Searching Google for “OneDrive Manager,” I see numerous third-party tools — and lots of tutorials — aimed at keeping this unruly beast tamed. Methinks I need to spend some time digging, learning, and thinking. I already use Google Drive, Box, and DropBox to good effect (particularly with legal clients). I believe I can and now, should, learn to do likewise with OneDrive. Stay tuned!

Facebooklinkedin
Facebooklinkedin

RingCentral Requires In-app Upgrade

In checking over my mini-fleet (1 dozen) of Windows PCs this morning, I came across an interesting winget gotcha. The tool cheerfully informed me RingCentral needed an upgrade. But neither a general upgrade (winget upgrade –all …) nor a targeted upgrade (winget upgrade RingCentral.RingCentral-v …) did the trick. Today, at least, it seems that RingCentral requires an in-app upgrade to bring itself up to snuff.

Why RingCentral Requires In-App Upgrade Is Anybody’s Guess

The whole story plays out in the lead-in screencap. It shows winget upgrade, as it includes RingCentral in its list of item in need of same. Then it shows the general upgrade (winget upgrade –all –include-unknown) updating 2 of those 3 items (excluding RingCentral). Then it shows a general RingCentral command (winget upgrade RingCentral.RingCentral), and a version specific invocation both failing with “No applicable upgrade found.” (If you can’t see it as-is, open the lead-in graphic in its own tab, please.)

So I opened the app and — guess what? — it cheerfully updated itself as part of its startup behavior. I searched the RingCentral knowledge base for insight, but found none.

Installed Apps Tells a More Nuanced Story…

In checking the target PC (one of my road laptops: a Lenovo ThinkPad P16 Mobile Workstation) I found not one — but TWO — instances of RingCentral installed on that machine.

RingCentral Requires In-app Upgrade.2instances

In addition to version 23.1.31.7242 — which winget told me I needed — I also found version 23.2.21.7380. Interesting!

I uninstalled the older version, and RingCentral no longer needs an upgrade but still launches. But alas, it no longer shows up in winget, either. Even more interesting. So I just went into the app and made sure it is working (it is) and that it’s running the advertised most current version 23.2.21.7280 (it is).

But winget still shows “No installed package found matching input criteria.” Looks like this version does not register with winget. It doesn’t show up in SUMo, either. But the 23.1.31.7242 version DID show up in “winget list ringcentral” in the earlier screencap. So I think we’re dealing with something new from the developer for which a winget package is not yet defined. Again: interesting! My first time to see something like this.

Facebooklinkedin
Facebooklinkedin

Windows 11 User Count Tops 1B Worldwide

This news comes from the Microsoft Windows Blogs dated May 26. It’s entitled “Delivering Delightful Performance for More Than One Billion Users Worldwide.” That’s the day after Build 2023 concluded, and the first time that MS has publicly disclosed user count data for Windows 11 in about a year. It’s also the first time they’ve proclaimed that the Windows 11 user count tops 1B worldwide.

These are the four instances in the afore-linked item where the “billion” word occurs:
1. In the title of the blog post, as quoted in the preceding ‘graph
2. In a sentence that reads (in part) as “... with over one billion users and a rich PC ecosystem…
3. Diagnostic data includes “…over 70.4 billion scenario performance data points per year.”
4. Final paragraph, penultimate sentence reads (in part) “…thanks to our Windows Insider community for helping us continue to improve Windows for the over one billion users worldwide.

What Windows 11 User Count Tops 1B Worldwide Means

According to Statista, as of June 2023, the company expects a ratio of 68.6% for Windows 10 vis-a-vis 18.12% for Windows 11. Thus, if there are 1 B Windows 11 users, there must also be  around 3.78 B Windows 10 users. To me this means one of two things:

(a) The ratio of visitors that Statista tracks doesn’t accurately model the Windows population of active users
(b) Microsoft’s claimed 1 B figure does not translate to active users 1-to-1 (makes sense, given that one active user can run multiple instances of the OS, especially VMs)

In January 2023, for example, Jason Wise reported at EarthWeb that MS claimed 1.4 B active devices running Windows 10 and 11 monthly in January 2022. They use this data, plus additional insights, to assert that “Windows, new versions and otherwise, run on more or less 1.6 billion devices around the world” as of January 2023.

Even assuming a monthly growth rate of 3% that puts the global Windows population at 1.85 B in May, 2023. How can there be at or over 1 B Windows 10 users and a similar number of 11 users with a total that’s arithmetically lower? Something here doesn’t make sense…

It should be interesting to see the pundit corps chew this over. Stay tuned, and I’ll keep you posted…

Note Added 1 Hour Later…

It’s got to be devices, counting both physical and virtual machines as individual devices. I use 10 PCs here at my house, and I have at least another dozen VMs across various Windows versions at my disposals. That’s over 20 “devices” but only one user. That leaves room for a tangible “muliplier” between users and devices, IMO.

 

Facebooklinkedin
Facebooklinkedin

Zoom Restores Unpaid Update Capability

Let me first confess: I don’t know exactly when the change I report here actually occurred. What I do know is that I reported last October (2022) that the free version of Zoom no longer offered a “Check for Updates” option in its free version’s user menu. It’s highlighted in the red box in the lead-in graphic at right. Because my son is back home from college, I accidentally logged into Zoom on his (free) account yesterday, and saw that the same update item was present. Good-oh!

Glad Zoom Restores Unpaid Update Capability

If you read my earlier post, you’ll see I dinged the Zoom developers for making update a paid-only capability. Why? Because that approach fosters the possibility of security exposures for the class of users that stick to the free version. I took it as a deliberate strategy to force that class to trade security against cost. That’s not good.

Given what I discovered yesterday, I take it all back. Zoom is now doing the right thing. It may have been doing so for some time without my knowledge. That IS good, and I thank them for reversing the earlier development decisions that made users choose between more cost, better security and lower cost, lower security (or more work, to get around that limitation).

Indeed, as I mentioned in my October 2022 post, users could always uninstall an outdated version, then install the current one. This would bring them back to par, and let them benefit from any security patches or fixes in the newer version. Now, thanks to Zoom’s decision to reinstate the “Check for Updates” menu item — and its supported auto-download and -install capabilities — such contortions are unnecessary. Once again: good! And thanks again to Zoom for taking the right path, regardless of exactly when that occurred.

Facebooklinkedin
Facebooklinkedin

Updating Intel Processor ID Utility

Hmmmm. Here’s an interesting one. SUMo just told me that the Intel Processor Identification Utility (Legacy Model) needs an update. Poking around on the Intel site, I found a download page that covers Intel processors by generation: the new one goes Gen 12 and up; the old one Gen 11 and down. The old one appears beneath the new in the lead-in graphic, so it’s the one I downloaded and installed. That got me through Updating Intel Processor ID Utility on my i7 Skylake.

Why Bother Updating Intel Processor ID Utility?

The latest version of the new utility is 5/22/2023. The legacy one that works for my i7 Skylake shows a date of 5/17/2023 on the General Properties tab for the ProcID.exe file. That means it’s the latest and greatest of such files. I’m not aware of any security or other issues that the new version fixes. I’m just in the habit of updating as new versions come out. It runs just fine on the production PC. Here, for example, is the “CPU Technologies” info from that tool:

Updating Intel Processor ID Utility.CPU-tech

CPU Technologies show instructions, virtualization, sleep and other state info support (or not).

Intel Always Makes Updates Interesting

I feel lucky this morning that the landing page for Processor ID Utility took me to the update I needed. Sometimes, they don’t make it totally easy or simple to find the latest versions. Indeed, searching on version number (6.10.29.0517) didn’t work all that well for me. But this tool has an “Update” button subordinate to its Help menu. Now that I know this is an option, I bet it will work immediately next time around. That’s what makes updates interesting in general (and Intel in particular): there’s almost always a way to get a boost from the developer, if you know where and how to look for same. Sigh.

Facebooklinkedin
Facebooklinkedin

Author, Editor, Expert Witness