O.T. Avast pop-up

On Sunday, June 30, 2019 at 1:32:52 AM UTC-7, Robert in CA wrote:
On Sunday, June 30, 2019 at 1:26:33 AM UTC-7, Robert in CA wrote:
Seems like it worked:

http://i66.tinypic.com/20z5vyb.jpg


Thanks
Robert

It seems we've resolved the yellow triangle problem.
However regarding the MITM; do you think I should
switch to another A/V because when I switched off
the Avast shield and did the test my license came
out the same as yours.

What do you think?

Robert


I ran the Smart scan again because that's
where all this started:

http://i67.tinypic.com/sfyt52.jpg

So although the yellow triangle is gone
I still have issues. Is this indicative
of the MITM problem?


Thoughts/Suggestions?

Robert

Robert and Paul,

any chance you could take this one to email? I appreciate the argument
that it might benefit others, but I think this one has got very
case-specific. Not only that, you're exposing your settings to a wider
audience, which might not be beneficial (plus, by email, you could
attach the screenshots or whatever, rather than having to use imgur or
whatever, which must be faster).

Regards, John
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"You _are_ Zaphod Beeblebrox? _The_ Zaphod Beeblebrox?"
"No, just _a_ Zaphod Beeblebrox. I come in six-packs." (from the link episode)

With regards to J.P. Gilliver's
recommendation I have no problem
with it., Does Google give you my
email? or do you need me to give
it to you?

Whatever you decide is fie with me,

Robert

On Sunday, June 30, 2019 at 5:47:40 AM UTC-7, J. P. Gilliver (John) wrote:
Robert and Paul,

any chance you could take this one to email? I appreciate the argument
that it might benefit others, but I think this one has got very
case-specific. Not only that, you're exposing your settings to a wider
audience, which might not be beneficial (plus, by email, you could
attach the screenshots or whatever, rather than having to use imgur or
whatever, which must be faster).

Regards, John
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"You _are_ Zaphod Beeblebrox? _The_ Zaphod Beeblebrox?"
"No, just _a_ Zaphod Beeblebrox. I come in six-packs." (from the link episode)



Point taken,

Thanks,
Robert

Robert in CA wrote:
On Sunday, June 30, 2019 at 1:32:52 AM UTC-7, Robert in CA wrote:
On Sunday, June 30, 2019 at 1:26:33 AM UTC-7, Robert in CA wrote:
Seems like it worked:

http://i66.tinypic.com/20z5vyb.jpg


Thanks
Robert
It seems we've resolved the yellow triangle problem.
However regarding the MITM; do you think I should
switch to another A/V because when I switched off
the Avast shield and did the test my license came
out the same as yours.

What do you think?

Robert


I ran the Smart scan again because that's
where all this started:

http://i67.tinypic.com/sfyt52.jpg

So although the yellow triangle is gone
I still have issues. Is this indicative
of the MITM problem?


Thoughts/Suggestions?

Robert

I don't know why your posts were slow getting here,
I'm just seeing them now.

It looks like the USB3 install worked. You might get
better backup speed now, you never know.

*******

I'm not convinced the three Avast items are actionable.

Windows 10 has a feature where you can set it up so that
only certain applications have access to "3 primary folders".

When Avast shows such a line with the red X, it means
they want you to turn on one of their shields. That's usually
how it works.

What the first line of defense would do, is if a malware
got on the machine, with a name like abcdefgh.exe and
it wanted to write into your "Downloads" folder, a folder guard
could stop it. Perhaps only Microsoft Office programs
are allowed to write in the folder. Using an interface,
you program the folder guard, so it allows Office programs
and denies any other program. The abcdefgh.exe program
is stopped in its tracks.

It's hard to say though, how much malware is "lame" enough
to be fooled by such a scheme. It would stop me... but
it won't stop a Black Hat.

*******

And a basic firewall is fine. The Firewall will put up an
alert if a "new program" attempts to contact the outside world.
So you will be alerted.

Just because Avast puts up the alert instead, would not
particularly add value.

*******

You may be vulnerable to fake websites, but the Avast mechanism
implemented as an Avast MITM, of injecting their own certificates,
is not such a great idea. Now we have to balance the possibility
of fake stuff, versus the possibility of someone exploiting
the Avast weakness added. Which is worse ? I don't know.

I don't know enough about the sum total of DNS hijack
mechanisms, to give advice on the topic. It's not
something that keeps me awake at night, but it
probably should... DNS really needs to be redesigned
(and think just how hard that would be to do, without
collateral damage).

Then main benefit of Avast, is the three green check boxes
at the top of the display. The "scareware" presented at the
end, is mainly self-promotional. And some things can't
really be fixed with 100% certainty, even if the
Avast feature was switched on.

Paul

Robert in CA wrote:
On Saturday, June 29, 2019 at 1:33:04 PM UTC-7, Paul wrote:
Robert in CA wrote:
On Saturday, June 29, 2019 at 9:55:28 AM UTC-7, Paul wrote:
Robert in CA wrote:
On Saturday, June 29, 2019 at 12:59:34 AM UTC-7, Paul wrote:
Robert in CA wrote:

I installed it but it came back with this:

http://i65.tinypic.com/20i7uax.jpg

Robert
OK, go back to the top folder level, and give this a try.

Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver \

setup.exe ===

I missed that the first time, in my rush to find
"any file with 1E31 in it". I was primarily concentrating
on seeing whether the driver had any chance of matching
your hardware or not.

HTH,
Paul
I tried it .

http://i68.tinypic.com/2w3uqvq.jpg

Robert
OK, the key to this step, is examining what File Explorer
is telling you.

That line in your picture, that you selected.

Does the Type column say "Zip file" or does it say "Folder" ?

If it says "Zip file", *then* the right-click menu will have

7Zip : Open Archive

If the Type field says "Folder", then it's just a regular folder.
If you were to highlight a regular folder, 7ZIP assumes you
want to make an archive file out of the folder. That's
why it offers

7Zip : Add to Archive

because it assumes you want to go in the opposite direction.

When you click on a "File", that's when you get Open Archive.

When you click on a "Folder", you get "Add To Archive".

Two different context menus are offered, and they
are context sensitive.

*******

If that item is a folder by that name, open it and
see if a Setup.exe is in there.

Paul


I opened it :

http://i65.tinypic.com/sgswlx.jpg

http://i66.tinypic.com/mrux3p.jpg === Aha! Setup.exe is in here.

http://i64.tinypic.com/vdnvrr.jpg

http://i67.tinypic.com/35mozdx.jpg

http://i67.tinypic.com/35mozdx.jpg

http://i63.tinypic.com/dn14dt.jpg

Robert
Now, let's look at mine. Here is a picture of my second
folder picture (equivalent), with *file extensions turned on* !

https://i.postimg.cc/wjTw0cvR/file-e...extensions.gif

That makes it easier to see the "Setup.exe" at the top level
of the folder.

Paul


So I'm not infected? Since we have the same
license? or is the article wrong?

Here's mine: I un-ticked a few more to try and
match yours. Also I had to change the blue button.
Mine was selected to 'don't show hidden files,...'


http://i68.tinypic.com/24nqp2h.jpg

Robert

The purpose of adjusting the hidden extension one, is
so you can see

setup.exe

and you know the file is executable. It's a better way
than relying on the "Type" column instead.

*******

No, I don't think you're infected.

*******

As for email, I don't as a rule give out my email
address. I did that once... and it was a mistake.

The newsgroup is a fine place to keep things.

I don't even check my email every day - imagine
how slow the response would be :-)

Paul

On Sunday, June 30, 2019 at 11:27:28 AM UTC-7, Paul wrote:
Robert in CA wrote:
On Saturday, June 29, 2019 at 1:33:04 PM UTC-7, Paul wrote:
Robert in CA wrote:
On Saturday, June 29, 2019 at 9:55:28 AM UTC-7, Paul wrote:
Robert in CA wrote:
On Saturday, June 29, 2019 at 12:59:34 AM UTC-7, Paul wrote:
Robert in CA wrote:

I installed it but it came back with this:

http://i65.tinypic.com/20i7uax.jpg

Robert
OK, go back to the top folder level, and give this a try.

Intel(R)_USB_3.0_eXtensible_Host_Controller_Driver \

setup.exe ===

I missed that the first time, in my rush to find
"any file with 1E31 in it". I was primarily concentrating
on seeing whether the driver had any chance of matching
your hardware or not.

HTH,
Paul
I tried it .

http://i68.tinypic.com/2w3uqvq.jpg

Robert
OK, the key to this step, is examining what File Explorer
is telling you.

That line in your picture, that you selected.

Does the Type column say "Zip file" or does it say "Folder" ?

If it says "Zip file", *then* the right-click menu will have

7Zip : Open Archive

If the Type field says "Folder", then it's just a regular folder.
If you were to highlight a regular folder, 7ZIP assumes you
want to make an archive file out of the folder. That's
why it offers

7Zip : Add to Archive

because it assumes you want to go in the opposite direction.

When you click on a "File", that's when you get Open Archive.

When you click on a "Folder", you get "Add To Archive".

Two different context menus are offered, and they
are context sensitive.

*******

If that item is a folder by that name, open it and
see if a Setup.exe is in there.

Paul


I opened it :

http://i65.tinypic.com/sgswlx.jpg

http://i66.tinypic.com/mrux3p.jpg === Aha! Setup.exe is in here.

http://i64.tinypic.com/vdnvrr.jpg

http://i67.tinypic.com/35mozdx.jpg

http://i67.tinypic.com/35mozdx.jpg

http://i63.tinypic.com/dn14dt.jpg

Robert
Now, let's look at mine. Here is a picture of my second
folder picture (equivalent), with *file extensions turned on* !

https://i.postimg.cc/wjTw0cvR/file-e...extensions.gif

That makes it easier to see the "Setup.exe" at the top level
of the folder.

Paul


So I'm not infected? Since we have the same
license? or is the article wrong?

Here's mine: I un-ticked a few more to try and
match yours. Also I had to change the blue button.
Mine was selected to 'don't show hidden files,...'


http://i68.tinypic.com/24nqp2h.jpg

Robert

The purpose of adjusting the hidden extension one, is
so you can see

setup.exe

and you know the file is executable. It's a better way
than relying on the "Type" column instead.

*******

No, I don't think you're infected.

*******

As for email, I don't as a rule give out my email
address. I did that once... and it was a mistake.

The newsgroup is a fine place to keep things.

I don't even check my email every day - imagine
how slow the response would be :-)

Paul

So were Ok and the problems resolved? Then we can
move on to getting the Windows10 key as soon as the
D VD-R's arrive.

On that topic,. should we consider also adding Linux,
Ubuntu/Unix or another OS? One that you consider better
or more secure than Win 10?

Now that we have everything 'clean' and
working again should I make a Mrimg and do a
System Restore point?

I agree with you about the mail.

Many Thanks for your help,
Robert

Robert

On Sunday, June 30, 2019 at 11:20:47 AM UTC-7, Paul wrote:
Robert in CA wrote:
On Sunday, June 30, 2019 at 1:32:52 AM UTC-7, Robert in CA wrote:
On Sunday, June 30, 2019 at 1:26:33 AM UTC-7, Robert in CA wrote:
Seems like it worked:

http://i66.tinypic.com/20z5vyb.jpg


Thanks
Robert
It seems we've resolved the yellow triangle problem.
However regarding the MITM; do you think I should
switch to another A/V because when I switched off
the Avast shield and did the test my license came
out the same as yours.

What do you think?

Robert


I ran the Smart scan again because that's
where all this started:

http://i67.tinypic.com/sfyt52.jpg

So although the yellow triangle is gone
I still have issues. Is this indicative
of the MITM problem?


Thoughts/Suggestions?

Robert

I don't know why your posts were slow getting here,
I'm just seeing them now.

It looks like the USB3 install worked. You might get
better backup speed now, you never know.

*******

I'm not convinced the three Avast items are actionable.

Windows 10 has a feature where you can set it up so that
only certain applications have access to "3 primary folders".

When Avast shows such a line with the red X, it means
they want you to turn on one of their shields. That's usually
how it works.

What the first line of defense would do, is if a malware
got on the machine, with a name like abcdefgh.exe and
it wanted to write into your "Downloads" folder, a folder guard
could stop it. Perhaps only Microsoft Office programs
are allowed to write in the folder. Using an interface,
you program the folder guard, so it allows Office programs
and denies any other program. The abcdefgh.exe program
is stopped in its tracks.

It's hard to say though, how much malware is "lame" enough
to be fooled by such a scheme. It would stop me... but
it won't stop a Black Hat.

*******

And a basic firewall is fine. The Firewall will put up an
alert if a "new program" attempts to contact the outside world.
So you will be alerted.

Just because Avast puts up the alert instead, would not
particularly add value.

*******

You may be vulnerable to fake websites, but the Avast mechanism
implemented as an Avast MITM, of injecting their own certificates,
is not such a great idea. Now we have to balance the possibility
of fake stuff, versus the possibility of someone exploiting
the Avast weakness added. Which is worse ? I don't know.

I don't know enough about the sum total of DNS hijack
mechanisms, to give advice on the topic. It's not
something that keeps me awake at night, but it
probably should... DNS really needs to be redesigned
(and think just how hard that would be to do, without
collateral damage).

Then main benefit of Avast, is the three green check boxes
at the top of the display. The "scareware" presented at the
end, is mainly self-promotional. And some things can't
really be fixed with 100% certainty, even if the
Avast feature was switched on.

Paul



I checked the license again

http://i67.tinypic.com/300sjrc.jpg


Thanks,
Robert

Robert in CA wrote:


So were Ok and the problems resolved? Then we can
move on to getting the Windows10 key as soon as the
D VD-R's arrive.

On that topic,. should we consider also adding Linux,
Ubuntu/Unix or another OS? One that you consider better
or more secure than Win 10?

Now that we have everything 'clean' and
working again should I make a Mrimg and do a
System Restore point?

I agree with you about the mail.

Many Thanks for your help,
Robert

Robert

The best install sequence for mixed OSes, is oldest
Windows first, then Linux next. So you don't have to
worry about Linux at this point. It comes second.
If you want to install multiple OSes, this is the best order.

WinXP-Vista-W7-W8-W8.1-W10-UbuntuLinux-MintLinux- ...

The Linux boot loader will put the Windows OSes in its boot menu.

*******

A good time to backup, is any time a meritorious result
has been achieved.

Now that the XPS8500 USB3 port is all fixed up, you'll be
able to see if the backup goes faster or not.

*******

The XPS 8500 likely has the Windows 7 COA sticker on the outside.

You could take a spare disk drive and do a clean Win10 install,
then enter the Windows 7 key (if it doesn't see the SLIC activation
itself).

The 780, which is a refurb, likely has no COA stick. We could in
that case, clone the existing 780 image to the spare disk (wiping
out the copy of Windows 10 from the disk), and then run the Setup.exe
off the DVD while Windows 7 is running.

In each case, we do a status check to see that the OS says it is
activated. As long as it says it is activated, the Windows 10 license
key for the machine is now stored on the Microsoft server.

After that, the original Windows 7 drives can be put back in their
respective computers, as if nothing happened. The spare drive can be
erased. There's no point keeping the installs or backing them
up, because our method is "whatever works" and we're not
trying to make a "good" install here. Just get the license key for now,
so it will be waiting for us, and there won't be a lot of sweat
later trying to get a key before the "free upgrade" disappears
completely.

Because you are always using the spare disk for the Win10 work,
there is no danger to the original disk. The original disk should
be unplugged while this work is done.

*******

One objective of this exercise is to take "tiny steps" first, without
becoming mired down in details.

*******

You can make a Ubuntu or a Mint DVD any time you want (when
you get your supply of blank media). That's if you want to boot
the DVD disc and see what all the fuss is about. It really depends
on how serious you are about this idea, as to whether it's worthwhile
wasting a DVD-R on such an exercise. Fixing stuff on Linux can be
a lot more of a challenge than on Windows.

Some versions of Linux look more like Windows menus, than others.

https://distrowatch.com/images/slinks/xubuntu.png

(closer)
https://distrowatch.com/images/slinks/lubuntu.png

(not so close, more like a smartphone)
https://distrowatch.com/images/slinks/ubuntu.png

No version is perfect. I'm always finding various kinds of bugs,
like one disc I tried, the screen stayed black, and the usual techniques
didn't get me a terminal. I think that one took "nomodeset" on the
kernel boot line, before my video card would "play nice". Since the
video card is just the right age to be properly supported, I was
just a bit surprised at the outcome. I've had some versions boot up
and the network didn't work.

There is a bit of selection work to do before proceeding.

I test a lot of these Linux things, in a virtual machine, as
that way I don't need to waste a DVD on one. In fact, some
of them, I evaluate them, and if they won't boot inside the
VM, then I don't ever put them on a DVD (as a reward).

Paul

Robert in CA wrote:

I checked the license again

http://i67.tinypic.com/300sjrc.jpg


Thanks,
Robert

It doesn't look like shenanigans are happening there.

That's not a license by the way.

The certificate system is a way of (attempting to)
prove a site is what it claims to be. It's a trust system.
It's not a license.

Imagine you're at a corner store, and you want to use
your credit card, and the clerk says "I'll need to see some ID".
Meaning, your drivers license perhaps. The license has a picture
and some details that could be matched to the credit card.
The drivers license in that case, functions like one of these
certificates that you're checking with that "lock-shaped" symbol.

The purpose of https, is to carry out a transaction, such that
no third party can "see" the details. But as well, before giving
your credit card number, the certificate details help assure
that the web site is what you think it is.

Certificates can be remotely revoked, and a lot of the time,
the certificates are checked against OCSP. So if a security problem
is detected with a certificate or a certain series of certificates,
it can be revoked, and a certificate used that is still trusted.

Your OS receives Windows Updates with certificates for the certificate
store. In addition, when you get a browser upgrade, that's another
opportunity for the browser collection to be updated as required.

Paul

In message , Paul
writes:
Robert in CA wrote:

So were Ok and the problems resolved? Then we can move on to
getting the Windows10 key as soon as the
D VD-R's arrive. On that topic,. should we consider also adding
Linux,
Ubuntu/Unix or another OS? One that you consider better
or more secure than Win 10?
Now that we have everything 'clean' and
working again should I make a Mrimg and do a System Restore point?

I would say yes. (See Paul below.)
[]
A good time to backup, is any time a meritorious result
has been achieved.

And before doing something you think has a good chance of screwing the
system.

Now that the XPS8500 USB3 port is all fixed up, you'll be
able to see if the backup goes faster or not.

Presumably that's (a) assuming he's using a USB-based external drive to
store images on and (b) that he's making the .mrimg from within a
running Windows.

Do later Macrium CDs have universal USB3 drivers like Windows 10 does?
(Or does that to some extent depend on the version of Windows that's on
the machine where you make the Macrium CD?)
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Corrupt politicians make the other 10% look bad."

So were Ok and the problems resolved? Then we can move on to
getting the Windows10 key as soon as the
D VD-R's arrive. On that topic,. should we consider also adding
Linux,
Ubuntu/Unix or another OS? One that you consider better
or more secure than Win 10?
Now that we have everything 'clean' and
working again should I make a Mrimg and do a System Restore point?

I would say yes. (See Paul below.)
[]
A good time to backup, is any time a meritorious result
has been achieved.

And before doing something you think has a good chance of screwing the
system.

Now that the XPS8500 USB3 port is all fixed up, you'll be
able to see if the backup goes faster or not.

Presumably that's (a) assuming he's using a USB-based external drive to
store images on and (b) that he's making the .mrimg from within a
running Windows.

Do later Macrium CDs have universal USB3 drivers like Windows 10 does?
(Or does that to some extent depend on the version of Windows that's on
the machine where you make the Macrium CD?)
[]
--
J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf

"Corrupt politicians make the other 10% look bad."


I do Mrimg backups once a month and it just happens it's time
to do one. For Mrimgs I follow Paul's instructions he gave me
awhile back.

Thanks,
Robert

On Sunday, June 30, 2019 at 3:37:38 PM UTC-7, Paul wrote:
Robert in CA wrote:

I checked the license again

http://i67.tinypic.com/300sjrc.jpg


Thanks,
Robert

It doesn't look like shenanigans are happening there.

That's not a license by the way.

The certificate system is a way of (attempting to)
prove a site is what it claims to be. It's a trust system.
It's not a license.

Imagine you're at a corner store, and you want to use
your credit card, and the clerk says "I'll need to see some ID".
Meaning, your drivers license perhaps. The license has a picture
and some details that could be matched to the credit card.
The drivers license in that case, functions like one of these
certificates that you're checking with that "lock-shaped" symbol.

The purpose of https, is to carry out a transaction, such that
no third party can "see" the details. But as well, before giving
your credit card number, the certificate details help assure
that the web site is what you think it is.

Certificates can be remotely revoked, and a lot of the time,
the certificates are checked against OCSP. So if a security problem
is detected with a certificate or a certain series of certificates,
it can be revoked, and a certificate used that is still trusted.

Your OS receives Windows Updates with certificates for the certificate
store. In addition, when you get a browser upgrade, that's another
opportunity for the browser collection to be updated as required.

Paul


There are sticker's on both the 8500 and 780
although I don't know if they are COA's

We'll tackle getting the key when the DVD-R's
arrive.

So that's not a certificate then what is it? I
assume I'm still OK? Is there a way of checking
if my certificate is OK?

This popped up yesterday after I loaded the drivers
and I ran it as part of the procedure but it came back
today:

http://i63.tinypic.com/2d19wg1.jpg

Robert

J. P. Gilliver (John) wrote:
In message , Paul
writes:
Robert in CA wrote:

So were Ok and the problems resolved? Then we can move on to
getting the Windows10 key as soon as the
D VD-R's arrive. On that topic,. should we consider also adding Linux,
Ubuntu/Unix or another OS? One that you consider better
or more secure than Win 10?
Now that we have everything 'clean' and
working again should I make a Mrimg and do a System Restore point?

I would say yes. (See Paul below.)
[]
A good time to backup, is any time a meritorious result
has been achieved.

And before doing something you think has a good chance of screwing the
system.

Now that the XPS8500 USB3 port is all fixed up, you'll be
able to see if the backup goes faster or not.

Presumably that's (a) assuming he's using a USB-based external drive to
store images on and (b) that he's making the .mrimg from within a
running Windows.

Do later Macrium CDs have universal USB3 drivers like Windows 10 does?
(Or does that to some extent depend on the version of Windows that's on
the machine where you make the Macrium CD?)
[]

Well, actually, the Macrium approach is interesting.

They've made a change to how the emergency CDs are made.

The CD preparation used to use a WADK kit, downloaded
from Microsoft. There were four different versions.
The versions correspond to OS versions, as Microsoft
has different (better) built-in drivers in the
newer versions. (The reason four versions exist, is
WinXP users of Macrium, can only use the oldest version
of kit as the others would not work for them. That's
why there are four versions. Microsoft has ruined the
download set for the WinXP users, such that a WinXP
user *today* cannot make emergency boot media via
Macrium.)

You can still use those four versions. Those options still exist.
(Even if one option now is damaged by Microsoft.
Only some of the necessary files went missing!)

However, a fifth option is for the preparation scheme
to extract a WinPE off the drive with C: on it. They
have a search algorithm for locating a .wim they can
make a CD from. When I tested it, *it grabbed the wrong file*
and the results were hilarious. It mixed 64 bit materials
with 32 bit materials, and when the CD was booted,
the software would not run (because there would be
subsystems missing). In effect, it was running
64-bit macrium.exe on a 32-bit WinPE OS.

When preparing your emergency CD under those particular
conditions, you want *only* the Win10 drive to be connected
while the emergency disc is being made. Alternately,
there is a preferences screen, where you can review the
potential sources of a .wim and disable certain disks
as sources. But, you only figure that part out, after
it's too late, and you've ruined a CD making a bad one.

The best approach, is to make sure you've selected
the WinPE version (Win8 or Win10) that have the built-in
USB3 driver, as that's a better choice when you want
the performance benefits of full USB3 operation. Stick
with the old method, select WinPE10 (as long as your
operating system will allow the WADK kit to run from
that version selection).

It's getting to the point, it's hard for me to write
a tutorial with all these details covered off properly :-/

Paul

Robert in CA wrote:


There are sticker's on both the 8500 and 780
although I don't know if they are COA's

We'll tackle getting the key when the DVD-R's
arrive.

So that's not a certificate then what is it? I
assume I'm still OK? Is there a way of checking
if my certificate is OK?

This popped up yesterday after I loaded the drivers
and I ran it as part of the procedure but it came back
today:

http://i63.tinypic.com/2d19wg1.jpg

Robert

Usually the browser will warn if there's a problem
with the trust tree of the certificate scheme. If
a certificate has expired, the browser will usually
warn you, and ask you what you want to do.

If you see the green lock symbol, that probably means
as far as the browser can see, the certificate is OK.
Now, if Avast was enabled, it could be fooling the
browser logic. And that's why your check, and seeing
the "correct agent" is reported under the lock
symbol, indicates there is no systematic problem
caused by the Avast interference.

Any further problems, the browser should tell you.

*******

Your picture (2d19wg1.jpg), is interesting.

The USB3 driver consists of two parts.

There is the driver portion, which makes the port work.
Drivers run in Ring0 and normally don't have permission
problems.

But, the USB3MON executable, is used to make a tray
notification dialog in the lower right corner.

It has to be elevated, as it's dealing with hardware
and drivers.

What the USB3MON prints on the screen is

"This device could go faster, if you plugged
it into a USB3 port".

That's the kind of message it delivers.

In other words, having the monitor run, isn't really
necessary. If you plug a blue-cable device into a blue
port, then everything should work and the USB3MON would
be unnecessary. It's for naive people who don't know what
USB3 is, and that their computer has two port types,
and the peripherals come in USB2 and USB3 types. The message
the USB3MON gives, is to help people plug the blue-cable
devices into the blue port.

Now, you probably installed that driver using
your administrator-group account. If there was
a tick box to "install for all users", perhaps
the elevation would be handled correctly.

The reason that message is showing now, is you're using
your Limited User account (using it for safety reasons),
and the USB3MON is not getting elevated as normal.

To stop that, you can use any "startup item adjusting tool",
such as Autoruns. Perhaps msconfig could also do it (but
you have to be careful to not enable any other functions
in msconfig).

https://docs.microsoft.com/en-us/sys...loads/autoruns

It's a graphical program. You let it display everything
(the default). Try and locate the USB3MON item, if it
is labeled properly, and untick it. That may be enough,
when Autoruns is run under your Limited User account,
to stop it.

After Autoruns has unticked the box, you should never
see that prompt to elevate again. *But*, if you re-install
the Intel USB3 driver, the same situation could arise again,
and you would need to use Autoruns again to remove it. The
Autoruns settings do not "persist against all odds". Any
code with the capability to "put stuff back", will undo
what Autoruns has done.

I don't run Limited User here, so my experience with
it is "limited" :-)

Just a guess,
Paul