Sunday, October 28, 2018

Windows: Track which application establish connectiion using cmd

To find out establish connection and its id process use netstat -no and find
D:\>netstat -no | find "EST"
  TCP    127.0.0.1:61319        127.0.0.1:61320        ESTABLISHED     2636
  TCP    127.0.0.1:61320        127.0.0.1:61319        ESTABLISHED     2636
  TCP    127.0.0.1:61321        127.0.0.1:61322        ESTABLISHED     11224
  TCP    127.0.0.1:61322        127.0.0.1:61321        ESTABLISHED     11224
  TCP    127.0.0.1:61324        127.0.0.1:61325        ESTABLISHED     5016
  TCP    127.0.0.1:61325        127.0.0.1:61324        ESTABLISHED     5016
  TCP    127.0.0.1:61329        127.0.0.1:61330        ESTABLISHED     5920
  TCP    127.0.0.1:61330        127.0.0.1:61329        ESTABLISHED     5920
  TCP    127.0.0.1:61343        127.0.0.1:61344        ESTABLISHED     4524
  TCP    127.0.0.1:61344        127.0.0.1:61343        ESTABLISHED     4524
  TCP    192.168.0.108:60442    52.230.84.0:443        ESTABLISHED     3140
  TCP    192.168.0.108:61323    139.193.253.91:80      ESTABLISHED     2636
  TCP    192.168.0.108:61331    216.239.38.120:443     ESTABLISHED     2636
  TCP    192.168.0.108:61341    172.217.194.95:443     ESTABLISHED     2636
  TCP    192.168.0.108:61355    74.125.200.101:443     ESTABLISHED     2636
  TCP    192.168.0.108:61356    172.217.194.17:443     ESTABLISHED     2636
  TCP    192.168.0.108:61357    172.217.194.84:443     ESTABLISHED     2636
  TCP    192.168.0.108:61360    172.217.194.132:443    ESTABLISHED     2636
  TCP    192.168.0.108:61365    74.125.200.139:80      ESTABLISHED     2636
  TCP    192.168.0.108:61372    74.125.68.94:443       ESTABLISHED     2636
  TCP    192.168.0.108:61375    74.125.130.113:443     ESTABLISHED     2636
  TCP    192.168.0.108:61385    74.125.24.94:443       ESTABLISHED     2636
  TCP    192.168.0.108:61386    74.125.24.17:443       ESTABLISHED     2636
  TCP    192.168.0.108:61387    172.217.194.94:443     ESTABLISHED     2636
To find out which application for parcular id use tasklist -v and find
D:\>tasklist /v | find "2636"
firefox.exe                   2636 Console                   17    258,080 K Running         [pc]\[username]                                       0:00:34 Articles: New - Garasiku - Administration - Mozilla Firefox
Firefox accessing internet using local port 2636.

Saturday, October 20, 2018

Windows 10: Disable Windows Defender Real-time Protection

Sometimes, we need to turn off Windows Defender Real-time protection. In my experience, this software may cause some error to run Android Emulator such as BigNox. To disable Windows Defender Real-time protection do these steps:
  1. Run Windows PowerShell as administrator
  2. execute set-mppreference -DisableRealtimeMonitoring 1
Windows PowerShell
Copyright (C) Microsoft Corporation. All rights reserved.
PS C:\WINDOWS\system32> set-mppreference -DisableRealtimeMonitoring 1
PS C:\WINDOWS\system32>
In Windows registry it will create
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender\Real-Time Protection -> DisableRealtimeMonitoring REG_DWORD 1
To disable permanently you can use regedit as steps below:
  1. Create key Real-Time Protection under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\
  2. Create Dword DisableRealtimeMonitoring 1 under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\
It will locked option in Real-time Protection "This setting is managed by your administrator".
Tested on Windows 10 Version 10.0.17134 Build 17134
References:
https://www.tenforums.com/tutorials/3569-turn-off-windows-defender-real-time-protection-windows-10-a.html