Aside from this, there is a thing that people call “Dwm.exe virus”. It is a malicious program that uses the name of a legitimate process to hide its activities. In this article, we will show you how to identify and fix problems related to the dwm.exe process.

What is DWM.exe?

The DWM.exe (Desktop Window Manager) process is responsible for rendering the Windows graphical interface such as Aero effects, transparency, animations, etc. This process is an integral part of the system and cannot be disabled. Under normal circumstances, the dwm.exe process should not take up a lot of computer resources. On Windows 10/11, you will not even encounter one in the Task Manager, as it is categorized as a root system process and is not displayed.

Nonetheless, in some cases, the dwm.exe high memory and CPU usage may happen, causing your system to slow down and overheat your device. There are several reasons for this to occur.

• Video card drivers are faulty. In this case, you need to update the drivers to the latest version or roll back to the previous version if the update did not help. I recommend you to search for the latest version of a driver on the official website of your GPU manufacturer.
• The system is deeply obsolete. That is particularly true for the cases of dwm.exe high CPU usage. Sadly, but for some hardware configurations, the modern way of window management present in Windows 10 is too much. This usually causes other issues, not only with Desktop Window Manager.
• Too many open windows or programs that use graphic effects. For weaker hardware, some of the effects that dwm.exe is responsible for may be too much. In this case, you can try closing unnecessary applications or disable some effects in Windows settings.
• Presence of viruses or malicious programs that masquerade as the dwm.exe process. In this case, you should perform a full system scan with antivirus software and remove all detected threats.

DWM.exe Crashing to Black Screen – Ways to Fix

Aside from high CPU and GPU usage, DWM sometimes causes inconvenience by crashing. This leads to the screen blinking or turning off, window animations not working properly, and, in some cases, to the blue screen of death. I’ve managed to find several reasons for this, along with possible remediations.

Despite being a purely software component of the system and having minimal direct interaction with hardware, there is one thing DWM should work with – the graphics card. This interaction, more specifically, the software that arranges it is in fact a reason why dwm.exe crashes.

• Faulty Windows update. There was one specific Windows patch that made DWM fail a lot, causing black screens and screen freezing. It is not clear what exactly went wrong, but the issue persisted exclusively on systems with Nvidia GPUs. Joint effort of Microsoft and Nvidia managed to address the issue in the Windows update codenamed KB5026446.
• Improper power connection on the GPU. This is particularly the reason in the cases when dwm.exe continuously crashes during gaming. Almost every single graphics card nowadays requires a dedicated 6-pin power delivery connector. And during the heavy loads – like the gaming is – a bad connection is what may cause the GPU to suffer power starvation and shut down to prevent damage. A DWM crash in this case is more like a collateral damage, rather than the original issue.
• Damaged DWM file on your specific installation. It happens for Windows components to get damaged during an improper system shutdown or a system failure. The damage to DWM specifically may happen after the use of some sketchy tools that change the way the windows interact.

Troubleshooting Guide

Despite being a less typical issue, DWM crashing is not more complicated in troubleshooting. Let’s begin with the last reason I’ve mentioned, as it requires more interaction from the user than other methods.

Recover the dwm.exe file

To solve the issue with dwm.exe crashing due to the corrupted file, you need to “heal” it using SFC and DISM utilities. Those are built-in Windows tools meant for diagnostics and system repairing. To begin the recovery, run Command Prompt with administrator privileges, and paste there the following command:

SFC /scannow

This will run the System File Checker, which will detect and recover any system files that were potentially damaged. If the dwm.exe crashes continue to appear, there is another tool to rely on – DISM (Deployment Image Servicing and Management). Same as with SFC, run a Command Prompt with administrator privileges and paste the following command:

Dism /Online /Cleanup-Image /RestoreHealth

This tool checks the integrity of the entire system, and recovers the elements that can malfunction. As the procedure works with the entire system image, it will take much longer to finish.

Install the Latest Windows Updates

As I’ve mentioned, the issue with DWM may be related to the issue in a specific Windows version. The latest version may contain a fix – consider checking the Update & Security tab in your settings. One particular Windows update that introduces a fix for dwm.exe crash is KB5026446.

Check the GPU Power Connections

Lastly, open your PC case and give a thorough check to the GPU power connectors. From both ends – the GPU and the motherboard – the connectors should be all the way in, without any tilts or gaps. This should exclude any power drops and consequent system issues.

How to identify that dwm.exe is a Virus?

If none of the steps from above helped, there is a possibility of dwm.exe being a virus that just uses the name of a system process. By default Desktop Window Manager (dwm.exe) is a system process that is impossible to disable, as it plays an important role in the system. However, some malicious programs may masquerade as dwm.exe to use computer resources. One particular malware type that people call a dwm.exe virus is coin miner malware. To determine if dwm.exe is a legit thing or a virus, you need to review its file location and position in the Task Manager. Follow the guide below to see all these details.

Step 1: Open Task Manager

To open Task Manager, press the keyboard shortcut Ctrl+Shift+Esc or right click on an empty spot on the taskbar and select “Task Manager”. In Task Manager, click on the Processes tab and view a list of all running processes. Find the process named “Desktop Window Manager” or dwm.exe.

Step 2: Open the location of the dwm.exe file

To open the file location of a process, right-click on the process in Task Manager and select “Open File Location”. This will open the folder where the process executable is located.

Pay attention to the following signs that may indicate malware disguised as Desktop Window Manager:

• The file is not located in the C:\Windows\System32 folder, but in another location, such as the user folder, temporary folder, download folder, etc.
• The file has a double extension, such as .exe, .com, .bat, .scr, etc.
• A file has a hidden or system attribute that makes it invisible in normal viewing mode.

If you have found such a file, it is most likely a malicious program. However, do not rush to delete it, as it may lead to undesirable consequences. Check it for viruses first.

Any way you should perform a full system scan with a quality antivirus software like Gridinsoft Anti-Malware and remove all detected threats. You can also check the process file for viruses using an online service such as Gridinsoft’s Online Virus Scanner.

Download and install Anti-Malware by clicking the button below. After the installation, run a Full scan: this will check all the volumes present in the system, including hidden folders and system files. Scanning will take around 15 minutes.

After the scan, you will see the list of detected malicious and unwanted elements. It is possible to adjust the actions that the antimalware program does to each element: click "Advanced mode" and see the options in the drop-down menus. You can also see extended information about each detection - malware type, effects and potential source of infection.

Click "Clean Now" to start the removal process. Important: removal process may take several minutes when there are a lot of detections. Do not interrupt this process, and you will get your system as clean as new.

The post Your Session Was Logged Off Because DWM Crashed appeared first on Gridinsoft Blog.

Windows 7 is not supported anymore

Back in 2009, Windows 7 was released as a work on the mistakes of Windows Vista. They were similar in interface and system requirements, but the newer version was way more optimised. This, together with not the great success of Windows 8/8.1 and the rapid growth of system requirements of Windows 10, made Windows 7 a prolific version even nowadays, in 2023. According to the Statcounter service, it still holds a share of around 10% of Windows users. That’s impressive compared to Windows 8/8.1, which cannot boast of a 5% share even in sum. It is also pretty close to the most modern Windows – 11, which holds ~15% of users.

This OS version became an optimal solution for weak systems that cannot get along with more modern versions. It lacks the newest features, like out-of-box compatibility with certain file formats, has no advanced security features, and has pretty poor support of SATA/PCIe SSDs. Nonetheless, it is perfectly compatible with new versions of WinAPI, hence there was no problem finding software. Moreover, all the aforementioned problems are quite easy to solve, as there are a lot of hand-made solutions available.

Cancelling any kind of support for Windows 7 was simply a question of time. The morning sun never lasts a day, and security support was already cancelled at the beginning of 2020. Maintaining old systems’ security aspects requires staff working on discovering possible breaches or working with reports. In some cases, that may be counterproductive – and it is crucial even for the trillion-dollar giant from Redmond.

What does Windows 7 ESU program cancellation mean for users?

Actually, not a lot. As we mentioned above, to the moment of complete support cancellation Windows 7 has already lost all security support. The Extended Security Update program meant receiving some critical updates and vulnerability fixes. With the latest changes, these critical fixes will never appear again as well. Windows users are now latched with the present OS bugs and vulnerabilities on their own. If they want to use it and care about their cybersecurity, they should take care of it by themselves.

From a more global perspective, that means a slow-but-steady write-off of Windows 7. That touches both developers and users. Microsoft’s decisions act as a psychological marker that shows if the system is actual or not. The one done by the company is in fact an indirect offer – update your hardware and system or be at risk. Not the most human practice, but having over 2 billion users from all over the world makes it hard to chief everybody.

For ones who don’t want to change the system for certain reasons, I may offer to try out GridinSoft Anti-Malware. One of the key features of this anti-malware software is its compatibility with a wide range of Windows versions, down to XP. It will launch and work perfectly on Windows 7, despite the fact of its support cancellation. Aside from continuous and regular updates, GridinSoft Anti-Malware can offer a very effective detection system that can detect even the most sophisticated malware. Consider trying it out to keep your Windows 7 system safe.

The post Windows 7 Extended Security Update Program cancelled appeared first on Gridinsoft Blog.

What is a Web Application Firewall (WAF)?

The WAF or web application firewall is a tool that helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It can be cross-site scripting (XSS), cross-site spoofing, file inclusion, and SQL injections. WAF is a Layer 7 protection (in the OSI model) and is not designed to protect against all attacks. Instead, it is an attack mitigation method typically part of a set of tools that create a holistic defense against a range of attack vectors.

How Does Web Application Firewall Work?

WAF works using a set of rules, often called policies. These policies aim to protect against application vulnerabilities by filtering malicious traffic. The value of a WAF comes from the speed and ease of implementing policy modifications, which allows you to respond more quickly to different attack directions. So you can modify WAF policies during a DDoS attack and quickly implement rate limiting. In addition, it prevents incoming attacks by analyzing incoming network traffic to the web server/web application according to rules and policies. According to recommendations, WAF should be able to detect types of attacks on the OWASP list:

When a WAF is deploying in front of a web application, a screen is placed between the web application and the Internet, meaning the WAF acts as a reverse proxy server, protecting the application from unwanted requests before they reach the web application.

WAF deployment options

You can deploy WAF in some ways – it all depends on where your applications are deployed, what services you need, how you want to manage them, and the architectural flexibility and performance level you require. For example, do you want to work it yourself, or do you want to outsource that management? Is it better to have a cloud-based option, or do you want your WAF to be hosted locally? How you want to deploy will help determine which WAF suits you. Below are your choices, each with its advantages and disadvantages:

Network-based WAF

Network WAF is a hardware solution installed local network, so it has low latency. The network-based WAF has a WAF engine that handles traffic in proxy mode. All incoming (and outgoing) traffic goes through it and is inspected, and dangerous traffic is blocked. However, this option requires storage and maintenance of physical equipment despite its effectiveness. As a result, it is typically associated with high maintenance costs, making it one of the most expensive deployment options. But its flexibility and ability to control every element makes it attention-worthy.

Host-based WAF

Host-based WAF provides protection through software installed on the web server itself. Like the previous option, host-based WAFs are in place and thus minimize latency. However, host-based WAFs consume web server resources to perform their security function because they do not reside on a separate physical device, unlike the previous variant. Thus, host-based WAFs can also be costly because of the need to optimize the web server so that its performance is not degraded by deploying it on the server itself.

Cloud-based WAF

Cloud-based WAFs are the most affordable option and are very easy to implement. Companies that provide this service offer a turnkey installation that is as simple as changing DNS to redirect traffic. In addition, cloud WAFs have minimal upfront costs because the service is subscription-based, and users pay a monthly or annual security fee as a service. Cloud WAF security is continually updated to protect against the latest threats without any action or expense on the user’s part. The only disadvantage of a cloud WAF is that users delegate responsibility to a third party so that some WAF features can be a black box for them.

Types of web application firewalls

As described above, a WAF works according to a set of rules or policies defined by the network administrator. Each WAF policy or practice is designed to address a threat or known vulnerability at the application level. Together, these policies allow malicious traffic to be detected and isolated before it reaches the user or application. There are three types of security models used for Web application firewalls:

Positive Security Model

A positive security model identifies what is allowed and rejects everything else, moving away from the “blocked” end of the spectrum, following the “allow only what I know” methodology. The positive security model only trusts allowed requests or inputs and rejects the rest. In this case, an allowlist is created, permission statements are added to the firewall with packet filtering, and allowed inputs or requests are considered based on it.

Negative Security Model

The negative security model is the exact opposite of the positive security model and assumes that:

• Most web traffic is benign.
• Web traffic that is not benign can be identified.

The negative security model allows all HTTP/S requests by default. Requests are not rejected unless they are identified as hostile. The negative security model is sometimes called the “blacklist” model. This is because you need to blocklist unwanted traffic and define threat signatures and other means of identifying malicious traffic before that traffic can be blocked.

Mixed Security Model

As the name suggests, the mixed security model uses allowlists and blocklists. Since the model combines the advantages of both models, it is the most common. So, most modern firewalls use this model.

Difference Between Blocklist and Allowlist WAFs

The WAF, which operates on a blocklist, protects against known attacks. Let’s compare it to a club bouncer who denies entry to guests who don’t conform to the dress code. The WAF, based on an allowlist, in turn, allows only pre-approved traffic. It’s like a bouncer at an exclusive party who lets in only those on the guest list. Since both options have advantages and disadvantages, many WAFs offer a hybrid security model that implements both.

Why is it essential to use the web application firewall

Protecting corporate data and services is the first and most compelling reason to implement WAF. Thousands of businesses, from minor to giant corporations, make money using the Internet. If this income source is compromised, the company risks being hit hard. Here are the main risks:

Loss of Direct Revenue. Suppose the firm uses an Internet resource for online commerce, which has become unavailable. In this case, customers can not make purchases, and the firm loses a significant amount of money.

Loss of Customer Confidence. A good reputation is essential for a self-respecting company. Many customers pay attention to news about break-ins of specific companies and make a note to themselves so that they do not do business with this company in the future.

Loss of Sensitive Data. Unfortunately, cases where hackers have gained access to sensitive information, are not uncommon. After hacking websites, information such as names, addresses, credit card numbers, medical records, and social security numbers will most likely find their way into the Darknet (and sometimes into the public domain). In addition, private information, trade secrets, and even classified government data are tidbits for hackers. While the mere fact of being hacked is already a nuisance, the fines and disaster recovery/forensic costs can exceed any other financial impact.

The post Web Application Firewall: Difference Blocklist and Allowlist WAFs appeared first on Gridinsoft Blog.

The basics of VPN encryption

A VPN encrypts all your Internet traffic so it can only be decrypted using the correct key. Before leaving your device, the outgoing data is encrypted and sent to the VPN server, which decrypts the data using the appropriate key. From there, your information is sent to its destination, such as a website. This way, the encryption prevents anyone who can intercept the data between you and the VPN server from decrypting the content. This could be your ISP, a government agency, or hackers. In some cases, they may be synonymous with each other.

With incoming traffic, the same thing happens, only in reverse order. For example, when the data comes from a website, it goes to the VPN server first, gets encrypted, and arrives at your device. Your device decrypts the data, and you can browse the website as usual. All of this ensures that your Internet data remains private and does not fall into the hands of unauthorized parties. But, of course, if the VPN provider does not keep much data about its users and will not provide it by order of the police.

Encryption types may differ in the following ways:

• The persistence of encryption, or the method and degree to which your data is encrypted.
• How encryption keys are managed and exchanged
• What interfaces, protocols, and ports do they use
• What OSI (Open Systems Interconnection) layers do they operate on
• How easy is it to deploy
• Performance (read: speed)

Difference between IPSec and SSL: Security

In a nutshell, a slight advantage in favor of SSL. IPSec connections require a shared key on both the client and the server to encrypt and send traffic to each other. However, sharing this key allows attackers to hack or capture the pre-shared key. SSL VPNs are devoid of this problem because they use public key cryptography to negotiate the handshake and exchange encryption keys securely. Unfortunately, TLS/SSL has a list of other vulnerabilities, such as Heartbleed.

Some SSL VPNs allow untrusted self-authenticating certificates and do not verify clients, which are especially common in SSL VPN browser extensions. Such virtual private networks allow anyone to connect from any computer and are vulnerable to man-in-the-middle attacks. However, this does not apply to most of OpenVPN’s clients. Likewise, SSL usually requires frequent patches to update the server and the client.

The lack of open source for IPSec-based VPN protocols may worry people who fear government spies and spyware. Thus 2013, Edward Snowden reported that the U.S. National Security Agency’s Bullrun program was actively trying to “insert vulnerabilities into commercial encryption systems, IT systems, networks and communication endpoints used by targets.” The NSA allegedly used IPSec to add backdoors and side channels that hackers could exploit – even the ones hired by the government. In the end, strong security is likely the result of experienced and careful network administrators, not protocol choices.

Firewall traversal

In short, SSL-based VPNs are better suited for bypassing firewalls. However, most Wi-Fi routers and other network equipment contain NAT firewalls. So they reject unrecognized Internet traffic and data packets without port numbers to protect against threats. IPSec encrypted packets (ESP packets) do not have default port numbers assigned to them. Therefore, NAT firewalls can intercept them, which can interfere with IPSec VPN workflow.

To avoid this, many IPSec VPNs encapsulate ESP packets into UDP packets. This assigns the data a UDP port number (usually UDP 4500). Although this solves the problem of NAT traversal, your network firewall may not allow packets through this port. Thus, network administrators at airports, hotels, and other locations may only allow traffic through certainly required protocols, and UDP 4500 may not be one of them.

SSL traffic can go through port 443, which most devices know as the port used for secure HTTPS traffic. Since almost all networks allow HTTPS traffic through port 443, it is likely to be open. In addition, although OpenVPN uses port 1194 by default for UDP traffic, it can be redirected through UDP or TCP ports, including TCP port 443. This makes SSL more helpful in bypassing firewalls and other forms of censorship that block port-based traffic.

Speed and reliability

Although both are reasonably fast, IKEv2/IPSec negotiates connections faster. Most IPSec-based VPN protocols take slightly longer to negotiate connections than SSL-based protocols. However, this does not apply to IKEv2/IPSec. IKEv2 is an IPSec-based VPN protocol that is more than a decade old. Nevertheless, it is still popular among VPN providers. Its crucial feature is quickly reconnecting whenever the VPN connection is interrupted. This makes it especially useful for mobile iOS and Android clients who don’t always have a reliable connection or frequently switch between Wi-Fi and mobile data.

As for the actual bandwidth, things are not clear here, as there are arguments on both sides. However, according to some claims, IKEv2/IPSec can offer higher throughput than OpenVPN, although both protocols typically use 128-bit or 256-bit AES encryption. The extra layer of UDP that many ISPs add to IPSec traffic to help it pass through firewalls adds to the load. This means that more resources may be required to process it. However, most people won’t notice the difference because, in most consumer VPNs, throughput is determined by server and network congestion, not the VPN protocol.

Ease of use

IPSec is more versatile, but most VPN provider applications users will not notice the difference. Because IKEv2, SSTP, and L2TP are built-in IPSec-based VPN protocols in most major operating systems, they do not necessarily require an additional application to run and work. However, most consumer VPN users will still use an ISP application to connect. In addition, although SSL works by default in most web browsers, you will need a standalone application to use OpenVPN. From an end-user perspective, IKEv2 offers a more user-friendly interface. This is because IKEv2 connects and handles interruptions faster. That said, OpenVPN is more versatile and may be better suited for users who can’t get what they need with IKEv2.

If we talk about corporate VPNs, they aim to provide access to the company network, not the Internet. The consensus is that SSL is better suited for remote access, and IPSec is preferred for VPNs between networks. Because IPSec operates at the network layer of the OSI model, it gives the user full access to the corporate network regardless of the application. Consequently, restricting access to specific resources can be more difficult. On the other hand, SSL VPNs allow businesses to control remote access to specific applications at a fine level.

Generally, network administrators who work with VPNs find that client management using SSL is much easier and less time-consuming than using IPSec.

Conclusion

If you have both options, we recommend using IKEv2/IPSec first, and if you have any problems, try OpenVPN. IKEv2 connection speed will be more comfortable for everyday VPN users while offering comparable security and speed. However, it may not work in some circumstances. Until recently, OpenVPN/SSL was considered the best VPN combination for most consumer VPN users. It is fast enough, secure, open-source, and can overcome NAT firewalls. It can also support UDP or TCP.

In turn, IKEv2/IPSec is a new competitor to OpenVPN. It improves L2TP and other IPSec-based protocols with faster connections, excellent stability, and built-in support for most new consumer devices. In any case, SSL and IPSec boast reliable levels of security with sufficient bandwidth, safety, and ease of use for most commercial VPN service customers.

The post Difference Between IPSec and SSL appeared first on Gridinsoft Blog.

But where the good things come sometimes the bad ones follow. We talk about the so-called digital risks you willingly take when embarking on another new social media life. A lot of people spend a considerate time living digitally and one day start worrying about what details of reality they expose. Another question — “How does it influence me” — is usually consequential from the first one. And it does influence you not only in a way where social media platforms shape your digital personality but also your online cybersecurity.

Below you will find the five most common mistakes people tend to make on social media. These mistakes are often neglected but those that once made can have unpleasant results for a person.

Accepting friend requests from unknown accounts

You may be the friendliest person in the world, but that is not a good option online. That’s not only about allowing a stranger to view your personal information. In that way, you’re putting at risk other people you befriended on social media. That is especially true if you have a private account, so seeing your info requires your permission. In the case of public accounts, anyone can see what you’re posting and sharing, but even this option some users go with brings other nuances to think about when securing your cyber safety.

Having a private account means aiming at less exposition of your details, plans for the future, et cetera. It is important to be consequent in these attempts to make them as effective as possible. These random people who send you friend requests and seemingly want to just to get to know more people and make some friends can be different kinds of fraudsters like romance scammers, phishers, boxers, etc. You never know their true intentions, and even getting into a conversation with them might lead to more dangerous consequences.

Not checking photos you’ve been tagged on

Have you checked what on those photos that you’ve been tagged on? If you’re not — you better do. You are the one who’s in charge of the content you’re allowed to circulate on the Internet related to your account. Keeping an eye on what others share about it is also an important thing in your cyber well-being. No one wants some embarrassing photos of oneself from a friend’s birthday party to end up online. And sometimes it’s not only your friends to blame for sharing content you’d rather wish to lay in archives. You have to check settings that will allow you to have more control over the content related to your account.

Oversharing

This is a mistake that most people may have made the most. The problem in today’s digital landscape makes life much easier for threat actors but not for ordinary users themselves. Sharing the current workplace, your own, or your relatives’ home location doesn’t positively contribute to securing one’s safety. A well-informed threat actor can hope for a more successful cyber attack with the kinds of information you sometimes provide themselves on one of your social media accounts.

The good practice will be to minimize the info you share on social media accounts. It is especially actual in cases when a social network asks for it, but that is not an obligatory thing. Nevertheless, your coworkers and friends on Facebook most likely won’t need the info about the school you attended, who is your third cousin, or where you lived before. Normally, people on the same social media platform only need a way to somehow identify that this account belongs to you — the person they know or want to befriend.

For this they only need to see your name and a photo showing that it is truly you. If you are quite good at managing your digital footprint and its size, sharing just your name and a photo won’t put you at some enormous cyber security risk but instead you restrict a variety of freely circulated information on your persona for anyone on the internet to use for their purposes.

Don’t also forget about not oversharing your life events on social media platforms you use when you post photos with geolocation, sharing stories in real time tagging places or people you are going to visit or visited, revealing in posts your travel plans, major life plans, etc. Too much is also posting photos that explicitly show your surrounding neighborhood, your workplace, and places you regularly go shopping. Oversharing your life events may lead to serious life-threatening cases like stalking, burglary, physical assaults, etc

Neglecting some security essentials

Some of the important security essentials include enabling two-factor (2FA) or multi-factor authentication (MFA) features, restricting access to the information on your social media account, enabling some of the features that won’t allow completely strange people in any way to interact with your account. You only need several minutes to set these settings, but they will save you a significant amount of time when in the future you may have to deal with a cyber-attack or data breach. On any major social media platform, you can find various tutorials on how to make sure you follow security essentials concerning your safety it and know how to apply them.

Reusing passwords on multiple accounts

A number one rule in cybersecurity hygiene. One password — one account. In case of a compromise of one account, you won’t endanger the other accounts that may have the same password. Of course, it can be hard when trying to manage all the passwords users now can have which can amount sometimes to up to fifty or a hundred passwords. But you can always choose a reliable password manager that will help you to secure your accounts’ access and keep passwords in one place.

The post 5 Security Mistakes You’re Making On Social Media appeared first on Gridinsoft Blog.