I recently watched this video of Forcepoint DLP. The guy over there, applied an encryption policy (which encrypts files copied to USB) to files which are on USB. In windows explorer, files are shown as not encrypted but they are actually. The interesting thing is when he ejects USB and inserts to another pc (which has no DLP endpoint software of Forcepoint), files are shown with .ws suffix. Which specification of WINAPI provides this? Thanks in advance.
Related
We have a Microsoft Windows server, we find all files changed to an extension .ETH file (Specially the AutoCAD files .dwg files).
As the following:
All files converted to .id-26E67253.[helpfilerestore#india.com].ETH.
Also, If I tried to connect any flash USB to the computer, all files inside the USB Drive hacked also.
I just need any suggestion, how can I get my old files, and how can I fix the virus or hacking?
It is a ransomware named Dharma.
Check this link Dharma Ransomware
I am using osxfuse to develop a network disk with our service on mac osx, when I open a office2011 file and save in my disk, it will appear this error as below:
"you cannot save while the file is in use by another process.try saving the file with a new name."
but it is fine for office 2016. I am confusing about this and do not know how to resolve it?
who can help you?
I am working on my own FUSE file system and also had this problem. I found that in my case it was because I mounted the file system with the "noapplexattr" option.
It looks like MS Word requires applexattr.
MS Office apps uses extended attributes a lot. So your fs should has support of xattrs at least via apple double files (._fileName)
Also i found that MS Word likes to use exchange operation while saving files.
But it also may be an issues in your read/write/move methods implementation.
When i have such doubts - i use loopbackFS example app and just compare how it works with my FS.
I can't seem to find any way to open an old .OBD file. Our company has around a hundred of these binders that were created a long time ago by another company that we took over. They were created using Office 97 on some old machines that don't exist any more.
Our current machines run Windows 7 or later, with Microsoft Office 2010 and later. Is there a way to open these .OBD files? I've tried the Unbind.exe program that some people mentioned on other forums, but it won't run in Windows 7 with any compatibility settings. 7-zip was able to sort of look into the binders, but the files that were extracted aren't readable by any Office software.
We looked into using pywin32 to talk through COM and use Office to do the unbinding automatically, but we still need some program to actually do the unbinding.
Does anyone have any solutions? Thanks.
EDIT: I figured out the problem. The unbind.exe application (available from Microsoft) works, but only when run in a 32-bit OS. Using compatibility mode from a 64-bit OS doesn't seem to work. I was able to use a virtual machine on our servers that was set up for something else. If you don't have a 32-bit environment handy, I'm not sure on how to get around this.
I had 4 Microsoft binder (*.obd) files I wanted to open and didn't have access to a 32bit Windows computer. Please note that this method does not retain the original file names of the documents. Using Windows 10 64 bit I used 7Zip to extract the obd files to folders. Inside the folders were subfolders numbered 1, 2, 3 etc. In the subfolders were data files called WordDocument, Book and PowerPoint Document. I renamed WordDocument files to filename subfolder.doc, renamed Book files to filename subfolder.xls and renamed PowerPoint Document files to filename subfolder.ppt. Then I opened .doc files in Word 2019 and resaved as .docx files. Then I opened .xls files in LibreOffice Calc v7.2 and resaved as .xlsx files. I didn't have any luck with .ppt files. In my case I had to change Word 2019 protected view settings (File, Options, Trust Center, Trust Center Settings..., File Block Settings, untick Word 2, 6.0 & 95). Hope someone finds this info useful.
I've found some remnant documents on one of my hard drives that were somehow encrypted (appearing green in Windows 7 Ultimate x64).
I've attempted to uncheck Encryption in their properties, but I get access denied. I've figured this to be because the files were from a previous format/iteration of my desktop setup, and must have somehow inadvertently gotten encrypted. (I now believe it had something to do with transferring them at one point onto a Mac machine/drive, and then back, not realizing that they were encrypted until post-format).
I originally posted in this question that I thought I had a VMware image from the same time period as the files, and that perhaps it'd be possible to transfer the key from that image to my current machine, but that image is not the right one! :/ I don't have an image that goes back further.
I've tried copying the files to a FAT32 USB drive (as it would strip the encryption), but Windows 7 denies that (understandably). And as expected, trying to drag/copy the files from my current machine onto the VMware running machine also gets denied, as VMware is running within Win7's domain and rules.
Any ideas? What about booting my current machine off of a linux live USB stick, and then attempting to copy the NTFS encrypted files onto a FAT32 partition (thus removing the encryption) -- Would that work, seeing as how Windows wouldn't be "awake" to prohibit copying?
I found a zip archive where these files originated from. Whenever I extracted them, however, they'd appear green. Sure enough, there's also a MACOSX folder in the zip file (no idea why Windows decides to encrypt anything that's coming from a Mac).
I was able to copy the zip file onto the old VMware image of mine and extract the zip file there. It still came up as encrypted, but right clicking the folder, clicking properties, and unchecking Encryption fully decrypted the folder and files!
I'd assume that even though this VMware image's machine name was different from the user record within the file's encryption information, it likely was actually the same, originating machine and subsequent encryption certificates.
Anyway, I was able to copy the decrypted files back, and now the problem's solved!
There does not appear to be any good software to mount an FTP to a local drive letter (see here for details SF Question) so I was thinking why not just write it myself, but I have very little experience dealing with windows (at the programming level) so what would be involved in doing something like this? What needs to be done to get a new "drive" listed under "My Computer"? What needs to be done to then get the contents of the FTP (or other remote resource) listed that "drive"?
My initial thought would be you would need to write a shell extension to be able to show your FTP site, and that it would best be shown as a special folder in Windows Explorer. Your extension would ideally be written in a non-managed language that supported COM (C++, VB 6, etc). It would need to respond to events like:
The user highlighting a folder on the server
The user double-clicking on a folder on the server
The user dragging and dropping files to and from the server
The user wanting to disconnect/reconnect from the server
When you intercept these events you would issue the appropriate FTP command to accomplish the task (use LIST to get the contents of a directory, MKD to create a directory, STOR to upload a file, etc). You would have to take the results of these commands and show them in the folders view and the listview within Windows Explorer, and for that you will likely need to get up close and personal with the Win32 API. For that you can turn to books like Charles Petzold's classic Programming Windows. Also check out this tutorial on writing shell extensions.
It sounds like an interesting project.