Category Archives: Tech Tips

What Is msftconnecttest.com ?

You have found this web page because you want to know what the domain msftconnecttest.com is and who owns it.

We can confirm this URL is used by Microsoft Windows 10 and above to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is msftncsi.com ?

You have found this web page because you want to know what the domain msftncsi.com is and who owns it.

We can confirm this URL is used by Windows 8.1 and earlier to test if you have a working internet connection.

Windows has an internal component for network connectivity changes detection called “Network Connectivity Status Indicator” (NCSI as known). This component, among other tasks, performs a background testing to determine if the machine has Internet connectivity, engages his brother, the Network Location Awareness (or NLA), to identify if it’s in a domain or a public network to define the proper firewall profile, etc.

There is two URL’s associated to connectivity checks they are msftconnecttest.com and msftncsi.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

How To Update Windows 10

Windows 10 periodically checks for updates so you don’t have to. When an update is available, it’s automatically downloaded and installed, keeping your device up to date with the latest features.

Check Manually For Windows 10 Updates

To check for updates manually, select the Start button, and then go to Settings > Update & security > Windows Update, and select Check for updates. If Windows Update says your device is up to date, you have all the updates that are currently available.





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What Is sophosxl.net

The domain *.sophosxl.net is the Sophos eXtensible List domain and is used by the Web Proxy and Antivirus for security and categorization lookups using HTTP and DNS queries on Sophos products.

SXL uses ports 80 and 53




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Sophos UTM – How To Create And Import Users

This article explains how to create new users or import existing users into the Sophos UTM.

These users can then authenticate on the UTM for key services such as Client Authentication, Web Filter, End-User Portal, SMTP Proxy, Hotspot, and STAS.

Manually create users

    1. Navigate to Definitions & Users > Users & Groups.
    2. Click on + New User.

    1. Fill out the basic information for the account, as shown in the image below;

 

Create users automatically

    1. Administrators may choose to have user objects automatically created when the user first authenticates through the UTM with one of the supported backend authentication methods.
    2. Navigate to the Definitions & Users > Authentication Services > Global Settings tab.
    3. Under the Automatic User Creation heading check the tick-box beside Create users automatically, then click Apply.
    4. Under Automatic User Creation for Facilities, administrators may choose which system services newly created users will automatically be added to. If a user is not added during the creation process, they can be manually added later.
    5. Click on Apply after checking the tickbox next to the facilities.

Note: For any user object to be created they will need to log in through the UTM with one of the supported services. Servers can be added at Definitions & Users > Authentication Services > Servers tab. Users authenticated with Active Directory Single Sign-On will not be added automatically.

Prefetch users from Active Directory

One of the easiest ways to import users is to prefetch individual users or groups from Active Directory.

    1. Navigate to Definitions & Users > Authentication Services > Advanced.
    2. Scroll down to the Prefetch Directory Users heading.

  1. At the Server option, click on the drop-down menu and select the Active Directory Domain Controller.

    Note:
    If the server has not been added then you will need to navigate to Definitions & Users > Authentication Services and go the Servers tab.
  2. Select a prefetch day and time, if the process is to be automated. Alternatively, administrators may choose to only prefetch manually with the Prefetch Now button at the bottom.
  3. Under the Groups title, click on the folder icon and select the AD users or groups to prefetch.

    Note:
    Do NOT use Domain Users as this group will not prefetch correctly. If necessary make a group and name it UTM Users and put only users who need to access UTM facilities in that group.
  4. Click on Apply.
  5. The users will now be prefetched, view the live log to watch them as they are imported or just wait and check the list at Users & Groups > Users.





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Sophos SUM Up2Date 4.308 Released

Sophos have released SUM Up2date 4.308, the SUM will need to be rebooted during the install process.

As per standard update procedure this update can be installed fromthe “Up2date” section on the Sophos UTM SUM.

Sophos UTM SUM Update Version 4.308

Bugfixes

  • NSU-192 – [accd] Missing validation for URL Filtering Categories on empty Sub-Categories
  • NSU-270 – [gateway manager] Import of file extensions for a filter action fails on SUM





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is cse.google.com

The web address cse.google.com is a legitimate part of Google search, known as “Custom Search” however there are plenty of browser hijackers who abuse this feature to generate revenue from Google.

Example of cse.google.com search results

This type of browser hijackers are often bundled with other free software that you download off of the Internet. Some free downloads do not adequately disclose that other software will also be installed and you may find that you have installed adware without your knowledge.

With Google Custom Search the person who created it has the option to set the custom search engine to search the entire web, similar to a normal search on Google.com and they can earn money from Ads.



 

Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

SharePoint Server 2016 – KB4018381 – May 2018

This security update (KB4018381) resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. To learn more about these vulnerabilities, see the following Microsoft security advisories:

Note To apply this security update, you must have the release version of Microsoft Office SharePoint Server 2016 installed on the computer.

This public update delivers Feature Pack 2 for SharePoint Server 2016, which contains the following feature:

  • SharePoint Framework (SPFx)

This public update also delivers all the features that were included in Feature Pack 1 for SharePoint Server 2016, including:

  • Administrative Actions Logging
  • MinRole enhancements
  • SharePoint Custom Tiles
  • Hybrid Auditing (preview)
  • Hybrid Taxonomy
  • OneDrive API for SharePoint on-premises
  • OneDrive for Business modern experience (available to Software Assurance customers)

The OneDrive for Business modern user experience requires an active Software Assurance contract at the time that the experience is enabled, either by installation of the public update or by manual enablement. If you don’t have an active Software Assurance contract at the time of enablement, you must turn off the OneDrive for Business modern user experience.

For more information, see New features included in the November 2016 Public Update for SharePoint Server 2016 (Feature Pack 1) and New features included in the September 2017 Public Update for SharePoint Server 2016 (Feature Pack 2).

Improvements and fixes


This security update contains improvements and fixes for the following nonsecurity issues in Project Server 2016:

  • If the proxy for the Project Service Application services already exists when you create a new Project Service application by using Install-SPService –Verbose command, an additional proxy for the service is created.
  • Consider the following scenario:
    • As a team member, you open your timesheet and enter work for two adjacent days.
    • On the first day, you set the actual work value back to zero.
    • On the first day, you set 8 hours of non-working time on an administrator task (for example, vacation)
    • You send a status update for approval.
    • You open the previous week timesheet.
    • You enter actual work values.
    • You send the timesheet for approval, and the status manager approves it.

    In this case, the actual work that was entered on the second of the two days moves to the first day. The actual work should not move when the status update is applied to the project.

  • When you publish a project in which the process updates the Summary Resource Assignment to a later date, the publish fails if the server is configured to use a date format other than MM-DD-YY.

This security update contains improvements and fixes for the following nonsecurity issues in SharePoint Server 2016:

  • When an item is deleted from the usage analytics caches, the item is now also deleted from the analytics reporting database.
  • If you don’t have sufficient permission to mount a content database to a farm by using the Mount-SPContentDatabase cmdlet, the cmdlet fails and the database is dropped unexpectedly.
  • This update introduces the “My Site creation default to OneDrive in Office 365” hybrid feature in SharePoint Server 2016. After you install this update and enable this feature, hybrid-enabled users can have their OneDrive personal sites provisioned in the cloud instead of on-premises. On-premise only users can still have their OneDrive personal sites provisioned on-premises.
  • You cannot use the SharePoint Term Store Management UI in browsers other than Internet Explorer.
  • The WebPart.ZoneID property is unavailable in the Web Part information.
  • SharePoint emails that are longer than 1,000 characters could become corrupted at the 1,000-character position. Depending on what content happens to be at that position, the corruption could be minor (corrupted text) or severe (broken HTML markup).
  • This update fixes the following three issues with the SharePoint Properties Panel:
    • When you save a SharePoint properties panel with required properties for the first time, you cannot find the properties.
    • The DateTime format is assumed to MM/DD/YY.
    • Drop-down of lookup type is set to nil when the label is selected.

How to get and install the update


Method 1: Microsoft Update

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.




Method 3: Microsoft Download Center

You can get the stand-alone update package through the Microsoft Download Center. Follow the installation instructions on the download page to install the update.

More Information


Security update deployment information

For deployment information about this update, see security update deployment information: May 8, 2018.

Security update replacement information

This security update replaces previously released security update KB 4018336.

File hash information

Package Name Package Hash SHA 1 Package Hash SHA 2
sts2016-kb4018381-fullfile-x64-glb.exe 4C67ED06F36496229DAE007DC51F4398EE40AE47 A85BC9DAB848D1923B179EF11595404189C0712F2BB9214C56B6F6AB3776978E

File information

For a list of the files that are included in this cumulative update (KB 4018381), download the file information.





Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

Sophos UTM Blacklist Removal

You may have an issue for example where you have a website published on your Sophos UTM but certain users are unable to connect to it.  This maybe because the client IP address is on a Sophos UTM Blacklist.

If this is the case check the reverseproxy.log from the command line or the Web Application Firewall log direct from the UTM GUI.

If this is the case you will see authz_blacklist:warn in the log as well as the list that it is blocked on, for example DNSRBL black.rbl.ctipd.astaro.local 

Sophos UTM’s use Cyren as their blacklist provider.

If the client is blocked in the logs check on the Cyren website, as it will probably show as suspect on there :-

http://www.cyren.com/security-center/ip-reputation-check

If this is the case, there should be an option on that page to unblock your IP address, this usually takes a few hours to apply, once applied on the website it may take an hour or so to update on the UTM.



Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.

What is ijinshan.com

The domain ijinshan.com appears to be related to malware, we have seen this and detected it a number of times now.

The domain is hosted in China, and we have seen quite a lot of phones with malware that trace back to this host.

Known Applications

The following applications are known to host the malware associated to this domain (to be updated)

KBatteryDoctor

Battery_Doctor_(Battery_Saver)

Known Subdomains

www.ijinshan.com
did.ijinshan.com  – Confirmed Win32.Trojan.Jadtre
m.ios.ijinshan.com
login.ijinshan.com
union.ijinshan.com
i.ijinshan.com
pay.ijinshan.com
t.ijinshan.com
zj.ijinshan.com
skin.ijinshan.com
d.union.ijinshan.com – Confirmed Troj/Small-EUU (Details from Sophos here)
cloudlib.ijinshan.com
dl.dc.ijinshan.com
dl.app.ijinshan.com
zj.ios.ijinshan.com
zt.ijinshan.com
baike.ijinshan.com
img1.ijinshan.com
u.ijinshan.com
app.ijinshan.com
url.ijinshan.com
file.ijinshan.com
wap.ijinshan.com
app.sjk.ijinshan.com
dl.sj.ijinshan.com
cdndownload.liehu.ijinshan.com
cloudapp.softlib.ijinshan.com
bj.download.ijinshan.com
softdl.ijinshan.com
fish.ijinshan.com
cs.weishi.ijinshan.com
peifu.ijinshan.com
ijinshan.com
code.ijinshan.com
zs.ijinshan.com
m.ijinshan.com
rz.ijinshan.com
client.ijinshan.com
mail.ijinshan.com
buding.ijinshan.com
software.ijinshan.com
box.wan.ijinshan.com
apns.ios.ijinshan.com
vip.ijinshan.com
gamebox.ijinshan.com
per.ijinshan.com
dl.ijinshan.com
wxservice.ijinshan.com
f.ijinshan.com




Duncan is a technology professional with over 20 years experience of working in various IT roles. He also has a wide range of other skills in radio, electronics and telecommunications.