Prosím o preventivní kontrolu logu kvůli blokaci defenderu

[Conder]

Urob v Malwarebytes uplny sken

• Stiahni a nainstaluj Malwarebytes (MB/MBAM): https://www.malwarebytes.com/mwb-download/thankyou/
• Ignoruj skusobnu trial verziu
• Otvor Malwarebytes a vlavo klikni na "Skenovat"
• Klikni na "Vlastne skenovanie" a potom na "Nakonfigurovat skenovanie" (Nastavit sken)
• Vpravo oznac vsetky disky v PC a vlavo oznac moznost "Vyhladavat rootkity"
• Klikni na Skenovat teraz a pockaj na dokoncenie
• Po dokonceni klikni na Exportovat zhrnutie -> Skopirovat do schranky
• Skopirovany log vloz do dalsej odpovede
• Obrazkovy navod (bohuzial pre starsiu verziu): https://forum.viry.cz/viewtopic.php?f=29&t=144868

[digivir]

Vypadá to, že nebylo nic nalezeno. Odtrhnul jsme při scanu paměť a start, ale předtím jsme provedl ještě jeden sken právě těchto položek, než jsem zjistil co a jak, a také nebylo nic nalezeno


Malwarebytes
www.malwarebytes.com

-Podrobnosti logovacího souboru-
Datum skenování: 10.12.19
Čas skenování: 21:29
Logovací soubor: d09a1cb8-1b8b-11ea-a7eb-00ff9a74bb64.json

-Informace o softwaru-
Verze: 4.0.4.49
Verze komponentů: 1.0.770
Aktualizovat verzi balíku komponent: 1.0.15952
Licence: Bezplatná

-Systémová informace-
OS: Windows 10 (Build 18362.476)
CPU: x64
Systém souborů: NTFS
Uživatel: DESKTOP-57OINGI\Bodie

-Shrnutí skenování-
Typ skenování: Vlastní skenování
Spuštění skenování: Ruční
Výsledek: Dokončeno
Skenované objekty: 1545804
Zjištěné hrozby: 0
Hrozby umístěné do karantény: 0
Uplynulý čas: 53 min, 44 sek

-Možnosti skenování-
Paměť: Zakázáno
Start: Zakázáno
Systém souborů: Povoleno
Archivy: Zakázáno
Rootkity: Povoleno
Heuristika: Povoleno
Potenciálně nežádoucí program: Varovat
Potenciálně nežádoucí modifikace: Varovat

-Podrobnosti skenování-
Proces: 0
(Nebyly zjištěny žádné škodlivé položky)

Modul: 0
(Nebyly zjištěny žádné škodlivé položky)

Klíč registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Hodnota v registru: 0
(Nebyly zjištěny žádné škodlivé položky)

Data registrů: 0
(Nebyly zjištěny žádné škodlivé položky)

Datové proudy: 0
(Nebyly zjištěny žádné škodlivé položky)

Adresář: 0
(Nebyly zjištěny žádné škodlivé položky)

Soubor: 0
(Nebyly zjištěny žádné škodlivé položky)

Fyzický sektor: 0
(Nebyly zjištěny žádné škodlivé položky)

WMI: 0
(Nebyly zjištěny žádné škodlivé položky)


(end)

[Conder]

OK, preistotu urob este tento sken:

Stiahni TDSSKiller: http://www.bleepingcomputer.com/download/tdsskiller/

• Uloz na plochu a spusti ako spravca
• Potvrd licencne podmienky
• Klikni na Change parameters a oznac moznosti "Verify driver digital signature" a "Detect TDLFS file system"
• Na koniec oznac moznost "Loaded Modules" a potvrd restart PC kliknutim na Reboot Now
• Po restartovani PC by sa mal automaticky spustit TDSSKiller - klikni na "Start Scan" a pockaj na dokoncenie skenu
• V pripade nalezov ponechaj vybrane predvolene moznosti a klikni na "Continue" a v pripade vyzvy potvrd restartovanie PC
• Na disku C:\ sa vytvori textovy subor s nazvom zacinajucim na "TDSSKiller" - jeho obsah vloz do dalsej odpovede

[digivir]

Opět nic nenalezeno. Soubory byly dva, první vkládám, druhý jako příloha, nevejde se sem.


22:33:35.0907 0x2d48 TDSS rootkit removing tool 3.1.0.28 Apr 9 2019 21:11:46
22:33:35.0907 0x2d48 UEFI system
22:33:42.0467 0x2d48 ============================================================
22:33:42.0467 0x2d48 Current date / time: 2019/12/12 22:33:42.0467
22:33:42.0467 0x2d48 SystemInfo:
22:33:42.0467 0x2d48
22:33:42.0467 0x2d48 OS Version: 10.0.18363 ServicePack: 0.0
22:33:42.0467 0x2d48 Product type: Workstation
22:33:42.0467 0x2d48 ComputerName: DESKTOP-57OINGI
22:33:42.0467 0x2d48 UserName: Bodie
22:33:42.0467 0x2d48 Windows directory: C:\WINDOWS
22:33:42.0467 0x2d48 System windows directory: C:\WINDOWS
22:33:42.0467 0x2d48 Running under WOW64
22:33:42.0467 0x2d48 Processor architecture: Intel x64
22:33:42.0467 0x2d48 Number of processors: 8
22:33:42.0467 0x2d48 Page size: 0x1000
22:33:42.0467 0x2d48 Boot type: Normal boot
22:33:42.0467 0x2d48 CodeIntegrityOptions = 0x0000C001
22:33:42.0467 0x2d48 ============================================================
22:33:42.0512 0x2d48 KLMD registered as C:\WINDOWS\system32\drivers\62184815.sys
22:33:42.0512 0x2d48 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 18362.1, osProperties = 0x19
22:33:42.0546 0x2d48 System UUID: {F3402B97-3041-C429-AE17-8D3E69967349}
22:33:42.0657 0x2d48 Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:33:42.0657 0x2d48 ============================================================
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0:
22:33:42.0657 0x2d48 GPT partitions:
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {618679E5-07D6-4BDF-908E-B1A34A4C2236}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x145000
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9CB36DDF-72D1-4A2F-BFE1-E92EDB235F0A}, Name: Microsoft reserved partition, StartLBA 0x145800, BlocksNum 0x40000
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {19CB9727-C0D8-4D37-9930-B6D9DD115EC7}, Name: Basic data partition, StartLBA 0x185800, BlocksNum 0x3A0045B3
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {23E3D8C3-C4BA-4C33-A61C-7497A9CCE52A}, Name: , StartLBA 0x3A18A000, BlocksNum 0x114800
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {542EADDD-2D39-4E24-BBE1-4EDAB26D4221}, Name: , StartLBA 0x3A29E800, BlocksNum 0x1503000
22:33:42.0657 0x2d48 \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {58ACF622-0A1D-4799-B4D2-E9A476A47C39}, Name: , StartLBA 0x3B7A2000, BlocksNum 0x23F000
22:33:42.0657 0x2d48 MBR partitions:
22:33:42.0657 0x2d48 ============================================================
22:33:42.0657 0x2d48 Initialize success
22:33:42.0657 0x2d48 ============================================================
22:34:36.0814 0x1174 KLMD registered as C:\WINDOWS\system32\drivers\14758806.sys
22:34:37.0361 0x1174 Deinitialize success

[Conder]

Spusti kontrolu integrity systemovych suborov:

• Otvor Start, napis "cmd" (bez uvodzoviek), klikni pravym tlacitkom mysi na Prikazovy riadok a klikni na Spustit ako spravca
• Skopiruj a spusti prikaz:

  Kód: Vybrat vše

  DISM.exe /Online /Cleanup-image /Restorehealth

• Po dokonceni skopiruj a spusti druhy prikaz:

  Kód: Vybrat vše

  sfc /scannow

• Po dokonceni obidvoch prikazov skopiruj a spusti tento prikaz:

  Kód: Vybrat vše

  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" && copy %windir%\logs\dism\dism.log %userprofile%\desktop\dism.txt

• Na ploche sa vytvoria subory sfcdetails.txt a dism.txt, tieto subory zabal ho do archivu RAR alebo ZIP a posli ako prilohu k dalsiemu prispevku
• Restartuj PC a napis ako sa chova PC

[digivir]

Přikládám v příloze. Vše proběhlo bez problémů. Po restartu je chování stále stejné, tedy kontrola přes Defender nelze spustit (hláška o omezení kvůli správce IT), Defender samotný nelze spustit, v nastavení jej nevidím,...

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
  ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
  ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

[digivir]

Provedeno, zde je výpis požadovaných registrů:


Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by Bodie (15-12-2019 10:01:27) Run:5
Running from C:\Users\Bodie\Desktop
Loaded Profiles: Bodie (Available Profiles: Bodie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService
ExportKey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
ExportKey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies
End
*****************

================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SecurityHealthService]
"DependOnService"="RpcSs"
"Description"="@%systemroot%\system32\SecurityHealthAgent.dll,-1001"
"DisplayName"="@%systemroot%\system32\SecurityHealthAgent.dll,-1002"
"ErrorControl"="1"
"FailureActions"="80510100000000000000000003000000140000000100000060ea00000100000060ea00000000000000000000"
"ImagePath"="%SystemRoot%\system32\SecurityHealthService.exe"
"LaunchProtected"="2"
"ObjectName"="LocalSystem"
"RequiredPrivileges"="SeImpersonatePrivilege*SeBackupPrivilege*SeRestorePrivilege*SeDebugPrivilege*SeChangeNotifyPrivilege*SeSecurityPrivilege*SeAssignPrimaryTokenPrivilege*SeTcbPrivilege*SeSystemEnvironmentPrivilege*SeShu (the data entry has 14 more characters)."
"ServiceSidType"="1"
"Type"="16"
[HKLM\SYSTEM\CurrentControlSet\Services\SecurityHealthService\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"DelayedAutoStart"="1"
"DependOnService"="RpcSs"
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
"ErrorControl"="1"
"FailureActions"="805101000000000000000000030000001400000001000000c0d4010001000000e09304000000000000000000"
"ImagePath"="%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p"
"LaunchProtected"="2"
"ObjectName"="NT AUTHORITY\LocalService"
"RequiredPrivileges"="SeChangeNotifyPrivilege*SeImpersonatePrivilege"
"ServiceSidType"="1"
"Start"="2"
"Type"="32"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
"ServiceDllUnloadOnStop"="1"
[HKLM\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"="010014801c01000028010000140000003000000002001c000100000002801400ff010f000101000000000001000000000200ec0008000000000018009d00020001020000000000052000000021020000000014009d010200010100000000000512000000 (the data entry has 416 more characters)."

=== End of ExportKey ===
================== ExportKey: ===================

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies]
[HKLM\SOFTWARE\Policies\Microsoft]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL]
[HKLM\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\00010002]
[HKLM\SOFTWARE\Policies\Microsoft\Peernet]
"Disabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Disallowed\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs]
[HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs]
[HKLM\SOFTWARE\Policies\Microsoft\TPM]
"OSManagedAuthLevel"="5"
[HKLM\SOFTWARE\Policies\Microsoft\Windows]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\Appx]
"AllowAllTrustedApps"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\BITS]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings]
"CallLegacyWCMPolicies"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Cache]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\DataCollection]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\DriverSearching]
"DriverUpdateWizardWuSearchEnabled"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\EnhancedStorageDevices]
"TCGSecurityActivationDisabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\Network Connections]
"NC_PersonalFirewallConfig"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator]
""=""
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\safer]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers]
"authenticodeenabled"="0"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\SettingSync]
"EnableBackupForWin8Apps"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\System]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\GroupPolicy]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WcmSvc\Local]
"WCMPresent"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin]
""=""
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WSDAPI]
[HKLM\SOFTWARE\Policies\Microsoft\Windows\WSDAPI\Discovery Proxies]
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Policy Manager]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client]
"fEnableUsbBlockDeviceBySetupClass"="1"
"fEnableUsbNoAckIsochWriteToDevice"="80"
"fEnableUsbSelectDeviceByInterface"="1"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbBlockDeviceBySetupClasses]
"1000"="{3376f4ce-ff8d-40a2-a80f-bb4359d1415c}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\UsbSelectDeviceByInterfaces]
"1000"="{6bdd1fc6-810f-11d0-bec7-08002be2092f}"
[HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Windows File Protection]
"KnownDllList"="nlhtml.dll"

=== End of ExportKey ===

==== End of Fixlog 10:01:28 ====

[Conder]

Vyskytuje sa stale ta ista hlaska?

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CloseProcesses:
  CreateRestorePoint:
  
  ExportKey: HKLM\SYSTEM\CurrentControlSet\Services\WinDefend
  DeleteKey: HKLM\SOFTWARE\Policies\Microsoft\Windows Defender
  Folder: C:\WINDOWS\system32\GroupPolicy
  Folder: C:\WINDOWS\SysWOW64\GroupPolicy
  Folder: C:\WINDOWS\system32\GroupPolicyUsers
  Folder: C:\WINDOWS\SysWOW64\GroupPolicyUsers
  C:\WINDOWS\system32\GroupPolicy
  C:\WINDOWS\SysWOW64\GroupPolicy
  C:\WINDOWS\system32\GroupPolicyUsers
  C:\WINDOWS\SysWOW64\GroupPolicyUsers
  CMD: gpupdate /force
  
  EmptyTemp:
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Po dokonceni si FRST vyziada restart PC, potvrd kliknutim na OK
• Po restartovani PC bude na ploche subor Fixlog.txt, jeho obsah sem skopiruj

Nasledne opat poprosim aj o obidva nove logy z FRST.

[digivir]

Před provedením i po provedení se vše chová stále stejně, stejná hláška.

Všechny tři logy přikládám.

[Conder]

Otvor poznamkovy blok (Win+R -> notepad -> enter)

• Skopiruj nasledujuci text a vloz ho do poznamkoveho bloku:

  Kód: Vybrat vše

  Start
  CMD: dsregcmd /status
  End

• Uloz na plochu s nazvom fixlist.txt
• Spusti znovu FRST a klikni na Fix
• Pockaj na dokoncenie
• Tentokrat to bude bez restartu, otvori sa Fixlog.txt (pripadne bude na ploche), jeho obsah sem skopiruj

[digivir]

Zde je výpis:

Fix result of Farbar Recovery Scan Tool (x64) Version: 14-12-2019
Ran by Bodie (17-12-2019 05:51:59) Run:7
Running from C:\Users\Bodie\Desktop
Loaded Profiles: Bodie (Available Profiles: Bodie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CMD: dsregcmd /status
End
*****************


========= dsregcmd /status =========


+----------------------------------------------------------------------+
| Device State |
+----------------------------------------------------------------------+

AzureAdJoined : NO
EnterpriseJoined : NO
DomainJoined : NO

+----------------------------------------------------------------------+
| User State |
+----------------------------------------------------------------------+

NgcSet : NO
WorkplaceJoined : YES
WorkAccountCount : 1
WamDefaultSet : NO

+----------------------------------------------------------------------+
| SSO State |
+----------------------------------------------------------------------+

AzureAdPrt : NO
AzureAdPrtAuthority : NO
EnterprisePrt : NO
EnterprisePrtAuthority : NO

+----------------------------------------------------------------------+
| Work Account 1 |
+----------------------------------------------------------------------+

WorkplaceDeviceId : 373d2af5-2f9d-4928-870d-6e0fffdfa90a
WorkplaceThumbprint : 2EF6721EA800377783325D03E40E07A48FFED934
DeviceCertificateValidity : [ 2019-10-28 09:37:26.000 UTC -- 2029-10-28 10:07:26.000 UTC ]
KeyContainerId : e0f91c4d-405d-4351-a60f-ff5ecc530e0a
KeyProvider : Microsoft Platform Crypto Provider
TpmProtected : YES
WorkplaceIdp : login.windows.net
WorkplaceTenantId : 06ffb557-4f06-4d38-a637-4e5dfd787da2
WorkplaceTenantName : VB-TU Ostrava
WorkplaceMdmUrl : https://enrollment.manage.microsoft.com ... covery.svc
WorkplaceSettingsUrl :
NgcSet : NO

+----------------------------------------------------------------------+
| Ngc Prerequisite Check |
+----------------------------------------------------------------------+

IsDeviceJoined : NO
IsUserAzureAD : NO
PolicyEnabled : NO
PostLogonEnabled : YES
DeviceEligible : YES
SessionIsNotRemote : YES
CertEnrollment : none
PreReqResult : WillNotProvision


========= End of CMD: =========


==== End of Fixlog 05:52:00 ====

[Conder]

Otvor Nastavenia -> Konta -> Pristup k pracovisku alebo skole -> urob a posli screenshot z tychto nastaveni.

[digivir]

Zasílám.
Vidím dobře, že touto cestou opravdu organizace upravuje něco na mém PC, i když přes ni mám snad jen Office 365?
Mrzí mě, jestli jsem takhle plýtval Tvým časem...

[Conder]

To je v poriadku Vyzera to, ze Windows Defender je blokovany prave kvoli tomuto pripojenemu uctu. Avsak nerozumiem, preco univerzita nastavila blokovanie Windows Defenderu. Mozes skusit obratit sa na ich "technicke oddelenie" a poziadat ich, aby toto nastavenie vypli. Ine riesenie je uz iba odpojit/zmazat tento ucet (ale predpokladam, ze potom nebude mozne pouzivat Office 365).