If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
No full scan by Defender?
Windows Defender tells me no action is needed. But, noting that its last
Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) |
Ads |
#2
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
"Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Not much help to you (other than to confirm it should work) but it does allow me to do a full scan. |
#3
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul |
#4
|
|||
|
|||
No full scan by Defender?
On 8/1/2018 6:07 AM, Terry Pinnell wrote:
Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) In the set up on my tablet this is the procedure I use for a full scan: From the Shield icon on the main Home screen, I select "Advance Scan" This gives me three options Full Scan, Custom Scan, Windows Defender Offline Scan. I select Full Scan. -- 2018: The year we learn to play the great game of Euchre |
#5
|
|||
|
|||
No full scan by Defender?
Paul wrote:
Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK |
#6
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul |
#7
|
|||
|
|||
No full scan by Defender?
Paul wrote:
Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK |
#8
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
Paul wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK Wouldn't let me do it, "Access Denied". Darned if I want to be stuck with that CPU burden for a matter of days. Do you reckon it's safe to restart or reboot? Terry, East Grinstead, UK |
#9
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK Wouldn't let me do it, "Access Denied". Darned if I want to be stuck with that CPU burden for a matter of days. Do you reckon it's safe to restart or reboot? Terry, East Grinstead, UK I rebooted mine. The discretionary scan wasn't running on the restart. Paul |
#10
|
|||
|
|||
No full scan by Defender?
On 8/1/2018 9:16 AM, Keith Nuttle wrote:
On 8/1/2018 6:07 AM, Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) In the set up on my tablet this is the procedure I use for a full scan: From the Shield icon on the main Home screen,Â* I select "Advance Scan" This gives me three options Full Scan, Custom Scan, Windows Defender Offline Scan. I select Full Scan. One thing to check when scans using any program run for extended times is whether or not anything is in their settings under Files or Folder Exclusions. That is because whenever the scan reads a file or folder it checks the exclusions list before acting and a lot of exclusions will greatly extend the scan time. -- Zaidy036 |
#11
|
|||
|
|||
No full scan by Defender?
Paul wrote:
Terry Pinnell wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK Wouldn't let me do it, "Access Denied". Darned if I want to be stuck with that CPU burden for a matter of days. Do you reckon it's safe to restart or reboot? Terry, East Grinstead, UK I rebooted mine. The discretionary scan wasn't running on the restart. Paul Turned out that the cause of Mspeng.exe running continuously was not truly a Defender issue. Defender gave a 'Health report' which it described as a driver issue. Its troubleshooter could only narrow it to 'USB Mass Storage Device'. Nothing I could find under Properties Details appeared to help me identify which one. I thought I had three, all external USB HDs. But removing all did not fix the problem. Eventually proved more obscure; isolated finally as some driver problem with the 3D Connexion Space Navigator I use with Google Earth. Terry, East Grinstead, UK |
#12
|
|||
|
|||
No full scan by Defender?
Terry Pinnell wrote:
Paul wrote: Terry Pinnell wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK Wouldn't let me do it, "Access Denied". Darned if I want to be stuck with that CPU burden for a matter of days. Do you reckon it's safe to restart or reboot? Terry, East Grinstead, UK I rebooted mine. The discretionary scan wasn't running on the restart. Paul Turned out that the cause of Mspeng.exe running continuously was not truly a Defender issue. Defender gave a 'Health report' which it described as a driver issue. Its troubleshooter could only narrow it to 'USB Mass Storage Device'. Nothing I could find under Properties Details appeared to help me identify which one. I thought I had three, all external USB HDs. But removing all did not fix the problem. Eventually proved more obscure; isolated finally as some driver problem with the 3D Connexion Space Navigator I use with Google Earth. Terry, East Grinstead, UK While some USB devices are composite devices and hide a "virtual CD" inside with drivers, that doesn't appear to be the case for your device. The manufacturer web site has a 300MB installer file instead. https://www.3dconnexion.com/service/drivers.html Usually, a virtual CD hides maybe a couple megabytes of driver files. One of the first cases I know of, was the invention of the USB LCD monitor, where graphics travel over USB. Because the device is composite, the LCD monitor self-installs when you plug it into modern versions of Windows. I don't think Windows Defender would like this all that much. It would scan the drivers. However, if it decided a file needed to be quarantined, it would go into a loop trying to remove the file (as the virtual CD is read-only). You could watch your device with USBTreeView, but I doubt the program can follow any arbitrary set of USB hardwares and enumerate the whole thing. Only the motherboard side of the connection is really visible. I don't have enough USB gear, to do a proper test of USBTreeView. I don't even own a USB hub. Paul |
#13
|
|||
|
|||
No full scan by Defender?
Paul wrote:
Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Paul wrote: Terry Pinnell wrote: Windows Defender tells me no action is needed. But, noting that its last Quick Scan' processed only some 64,000 files (a very small proportion of my total) I used "Run a new advanced scan". Nothing happens. No dialog to choose option for Full Scan. Terry, East Grinstead, UK Version 1803 (OS Build 17134.167) Using this in an Administrator command prompt, will give an up-to-date list for scantype. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype /? You might need to modify that path a bit if running 32-bit Windows. ******* https://technet.microsoft.com/en-us/.../gg131918.aspx Here, I'm doing a custom scan with scantype 3. I typed this into an Administrator Command Prompt. "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "C:\users\user name\Downloads" Windows Defender adds entries to the Event Viewer in the following location: Event Viewer Applications and Services Logs Microsoft Windows Windows Defender Operational Where you'll see: Windows Defender scan has started. (Event ID 1000) Windows Defender scan has finished. (Event ID 1001) Windows Defender signature version has been updated. (2000) ******* To prove it works, you may need to inject the EICAR test virus into a folder on your C: drive while the drive is offline. Then when you boot C: and run a command line the above, you would expect EventViewer or even the Command Prompt window, to show that EICAR was detected and quarantined. AV applications are supposed to recognize EICAR. http://www.eicar.org/86-0-Intended-use.html In theory, clicking the link should be stopped, but we'll see when you get there :-) I keep an EICAR here for fun. ******* I'm not going to try to guess why the menu item is missing on your machine. Paul Thanks, very helpful. Reassuring to know I *can* run it, albeit by that unfriendly route. My searching revealed that others have the identical problem. I've used it rarely so cannot be sure when it started. During the course of that research I saw several threads about the long duration times of a Defender full scan. So to try your method I chose type 3, a custom scan, like you. And opted for \Downloads, which is 18 GB, 190 folders, 2600 files. That took 24 mins, so a full scan might take days. Looking at Event Viewer, did you get are all these 'intermediate' events, or just a clean start and finish? https://www.dropbox.com/s/0q2bpdsg2k...nder.jpg?raw=1 At https://kb.eventtracker.com I read stuff that's way over my head: Event Id 1150 -------------- Source Microsoft-Windows-FailoverClustering Description The removal of the DNS Pointer (PTR) record '%2' for host '%3' which is associated with the cluster network name resource '%1' failed with error '%4'. If necessary, the record can be deleted manually. Contact your DNS administrator for assistance. (Wish I had one!) Event Id 1151 -------------- Source Microsoft-Windows-ActiveDirectory_DomainService Description "Internal event: A new database column was created for the following new attribute. Database column:%1 Attribute identifier:%2 Attribute name:%3" Event Information According to Microsoft : Cause: This event is logged when a new database column was created for the new attribute. Resolution:Look for Event ID 1150 in Event Viewer This is a general error message that indicates there may be an issue with a recently requested schema modification. If there is an issue, Event ID 1150 appears in Event Viewer. Use the additional information in that event to resolve the issue. Event Id 2010 ------------- Source Microsoft-Windows-Windows Firewall with Advanced Security Description Network profile changed on an interface. Adapter GUID:%t%1 Adapter Name:%t%2 Old Profile:%t%3 New Profile:%t%4 Event Information According to Microsoft : Cause : This event is logged when Network profile changed on an interface. Resolution : This is a normal condition. No further action is required. (That's a relief!) Terry, East Grinstead, UK I looked that up mainly in case an active exploit was already on your machine, making that GUI entry disappear. The GUI is likely backed by an HTML/JS package. To make a line of text disappear from the screen is relatively easy. You're not likely to be on a Domain, so a change to a setup there is unexpected (in your EventVwr). Especially as you're in the Windows Defender : Operational area, you wouldn't expect random events to be showing up there like that. I cannot comment on the contents of my Events (yet), because my scan isn't finished. The scan is running on one core, even though C: is an SSD and could easily feed the scanner. According to Task Manager, MsMpEng reads data at around 1MB/sec or so, which is... pretty slow. My first hard drive was faster than that. I think that process in the past, has used multiple cores, and I don't understand how an on-demand scan could be assigned that low of a priority. The implication is, a user is sitting there, waiting for the results to come in. Why would you delay that ? My guess is, mine will take ten to fifteen hours. You know that MsMpEng can easily have multiple threads of execution, because it has to respond to real-time events, at the same time it's doing an on-demand scan. The software is still capable, but isn't tuned all that well. I think I've had Kaspersky run at 400% to 500% before, so that's what the competition can do. ******* There have been cases before, where the installation of commercial software which competes with Microsoft software, causes items in a window to disappear. I doubt that's the mechanism in this case. And figuring it out would not be easy. The file the text strings are in, is likely signed and equipped with some amount of security features, to prevent things like this from happening. ******* GPEDIT can be used to modify the behavior. Nothing here stands out as your problem. WD apparently has a scheduling capability. As if it's not doing enough scanning right now... https://docs.microsoft.com/en-us/win...nder-antivirus Paul Just discovered that although my custom scan of \Downloads finished at 14:07 (an hour ago), MsMpEng is still running, taking 12% CPU. No idea what it's doing, unless it's attempting an unsolicited full scan. I'm going to end the task and restart. Terry, East Grinstead, UK Wouldn't let me do it, "Access Denied". Darned if I want to be stuck with that CPU burden for a matter of days. Do you reckon it's safe to restart or reboot? Terry, East Grinstead, UK I rebooted mine. The discretionary scan wasn't running on the restart. Paul Turned out that the cause of Mspeng.exe running continuously was not truly a Defender issue. Defender gave a 'Health report' which it described as a driver issue. Its troubleshooter could only narrow it to 'USB Mass Storage Device'. Nothing I could find under Properties Details appeared to help me identify which one. I thought I had three, all external USB HDs. But removing all did not fix the problem. Eventually proved more obscure; isolated finally as some driver problem with the 3D Connexion Space Navigator I use with Google Earth. Terry, East Grinstead, UK While some USB devices are composite devices and hide a "virtual CD" inside with drivers, that doesn't appear to be the case for your device. The manufacturer web site has a 300MB installer file instead. https://www.3dconnexion.com/service/drivers.html Usually, a virtual CD hides maybe a couple megabytes of driver files. One of the first cases I know of, was the invention of the USB LCD monitor, where graphics travel over USB. Because the device is composite, the LCD monitor self-installs when you plug it into modern versions of Windows. I don't think Windows Defender would like this all that much. It would scan the drivers. However, if it decided a file needed to be quarantined, it would go into a loop trying to remove the file (as the virtual CD is read-only). You could watch your device with USBTreeView, but I doubt the program can follow any arbitrary set of USB hardwares and enumerate the whole thing. Only the motherboard side of the connection is really visible. I don't have enough USB gear, to do a proper test of USBTreeView. I don't even own a USB hub. Paul Thanks. Happily all seems stable again in that area at present. Terry, East Grinstead, UK |
Thread Tools | |
Display Modes | Rate This Thread |
|
|