Server #Take action: Disable Secure Time Seeding (STS) in Windows Server 2016 and later

Microsoft recommends disabling the Secure Time Seeding (STS) in Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025 due to reported timekeeping issues. Additionally, organizations should review and ensure proper time synchronization and monitoring on critical servers.   

 

When will this happen:

Microsoft recommends applying this disablement as soon as possible. This recommendation applies to all existing deployments of Windows Server 2016 and later (including domain controllers and member servers).

more details could be found here:

https://admin.microsoft.com/AdminPortal/home?ref=MessageCenter/:/messages/MC1085489

https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/sts-recommendations-for-windows-server

Tips #The Module DLL C:\WINDOWS\system32\inetsrv\rewrite.dll failed to load

 Upgrading Windows server 2012 to 2016 you might face this error.

Uninstalling "IIS Url Rewrite Module 2.0" from Programs and Features and reinstall from Microsoft website iis.net/downloads/microsoft/url-rewrite + IISReset fixed the issue

[original article https://superuser.com/questions/948411/the-module-dll-c-windows-system32-inetsrv-rewrite-dll-failed-to-load

https://stackoverflow.com/questions/18714709/windows-8-1-windows-10-breaks-my-asp-net-iis-service-unavailable]

Sophos #How to uninstall & install software client/server

Here they are some useful articles that indicate on how to safely uninstall Sophos Antivirus,

Sophos Central Endpoint and Server: Uninstall Sophos using the command line or a batch file

https://support.sophos.com/support/s/article/KBA-000003469?language=en_US

Remove Sophos Central without tamper protection password

https://community.sophos.com/community-chat/f/discussions/134537/remove-sophos-central-without-tamper-protection-password

SophosZap: Frequently asked questions (to be used only as last chance)

https://support.sophos.com/support/s/article/KBA-000006929?language=en_US

Sophos Central Endpoint: Automate the software deployment to Windows devices

https://support.sophos.com/support/s/article/KBA-000003140?language=en_US

Sophos Central Endpoint: Installer command line options for Mac and Windows

https://support.sophos.com/support/s/article/KBA-000004840?language=en_US

Sophos #XDR feature, adaptive attack protection

About sophos Intercept X Advanced with XDR and other Sophos features I take note, on blog, about some related articles:

Sophos Intercept X Advanced with XDR: Help with Forensic Snapshots

https://support.sophos.com/support/s/article/KBA-000006333?language=en_US+

Sophos XDR-enabled devices continually capture data related to processes, files, networks, and other system activities. When threat detection occurs, a snapshot file of current activity is created on the device's disk. This snapshot helps generate the Threat Case in Sophos Central, which attempts to piece together the threat chain of an attack and identify related activities.

Data Lake uploads

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/LiveDiscover/DataLakeUploads/index.html

Sophos XDR: Getting Started with XDR and Data Lake Hydration

https://techvids.sophos.com/watch/JWndawT866eCh9gVXTNE2K

Sophos Intercept X: Adaptive attack protection

https://support.sophos.com/support/s/article/KBA-000008632?language=en_US

This protection feature is part of the malicious behavior protection capability in the Sophos endpoint. It consists of a series of technique-focused behavioral rules intended to disrupt the actions of a threat actor.

Admin Isolated Devices

https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/GlobalSettings/IsolatedComputers/index.html

[UPDATE 2025.06.05]

Sophos Endpoint: Adaptive Attack Protection Gets Even Better

https://news.sophos.com/en-us/2024/04/29/sophos-endpoint-adaptive-attack-protection-gets-even-better/

Network #Some switch commands

On Cisco switches you can review single port configuration

show running-config interface Gi4/0/13

In case you would like to reset single port configuration:

Config t

default interface GigabitEthernet 4/0/13