Microsoft recommends disabling the Secure Time Seeding (STS) in Windows Server 2016, Windows Server 2019, Windows Server 2022, and Windows Server 2025 due to reported timekeeping issues. Additionally, organizations should review and ensure proper time synchronization and monitoring on critical servers.
Eng. Alessandro Mazzanti
IT and Engineer web site
Server #Take action: Disable Secure Time Seeding (STS) in Windows Server 2016 and later
Tips #The Module DLL C:\WINDOWS\system32\inetsrv\rewrite.dll failed to load
Upgrading Windows server 2012 to 2016 you might face this error.
Uninstalling "IIS Url Rewrite Module 2.0" from Programs and Features and reinstall from Microsoft website iis.net/downloads/microsoft/url-rewrite + IISReset fixed the issue
[original article https://superuser.com/questions/948411/the-module-dll-c-windows-system32-inetsrv-rewrite-dll-failed-to-load
Sophos #How to uninstall & install software client/server
Here they are some useful articles that indicate on how to safely uninstall Sophos Antivirus,
Sophos Central Endpoint and Server: Uninstall Sophos using the command line or a batch file
https://support.sophos.com/support/s/article/KBA-000003469?language=en_US
Remove Sophos Central without tamper protection password
SophosZap: Frequently asked questions (to be used only as last chance)
https://support.sophos.com/support/s/article/KBA-000006929?language=en_US
Sophos Central Endpoint: Automate the software deployment to Windows devices
https://support.sophos.com/support/s/article/KBA-000003140?language=en_US
Sophos Central Endpoint: Installer command line options for Mac and Windows
https://support.sophos.com/support/s/article/KBA-000004840?language=en_US
Sophos #XDR feature, adaptive attack protection
About sophos Intercept X Advanced with XDR and other Sophos features I take note, on blog, about some related articles:
Sophos Intercept X Advanced with XDR: Help with Forensic Snapshots
https://support.sophos.com/support/s/article/KBA-000006333?language=en_US+
Sophos XDR-enabled devices continually capture data related to processes, files, networks, and other system activities. When threat detection occurs, a snapshot file of current activity is created on the device's disk. This snapshot helps generate the Threat Case in Sophos Central, which attempts to piece together the threat chain of an attack and identify related activities.
Data Lake uploads
https://docs.sophos.com/central/customer/help/en-us/ManageYourProducts/ThreatAnalysisCenter/LiveDiscover/DataLakeUploads/index.html
Sophos XDR: Getting Started with XDR and Data Lake Hydration
https://techvids.sophos.com/watch/JWndawT866eCh9gVXTNE2K
Sophos Intercept X: Adaptive attack protection
https://support.sophos.com/support/s/article/KBA-000008632?language=en_US
This protection feature is part of the malicious behavior protection capability in the Sophos endpoint. It consists of a series of technique-focused behavioral rules intended to disrupt the actions of a threat actor.
Admin Isolated Devices
[UPDATE 2025.06.05]
Sophos Endpoint: Adaptive Attack Protection Gets Even Better
Network #Some switch commands
On Cisco switches you can review single port configuration
show running-config interface Gi4/0/13
In case you would like to reset single port configuration:
Config t
default interface GigabitEthernet 4/0/13
Network #PKI-4-TRUSTPOOL_EXPIRATION_WARNING
We faced, on several Cisco switches, this warning:
Mar 8 11:11:52.680: %PKI-4-TRUSTPOOL_EXPIRATION_WARNING: The Trustpool will expire in 20 days
Mar 8 11:11:52.680: %PKI-4-TRUSTPOOL_AUTO_UPDATE_DISABLED: Auto-trustpool update is disabled.
In Cisco IOS XE version 17.12.04, the auto-update feature for the PKI trustpool is enabled by default. This means the device will automatically download and update the trustpool bundle from Cisco's servers when necessary.
How Auto-Update
Works
When the PKI trustpool is due
for an update—due to reasons like certificate expiration, reissuance, or the
addition of new trusted certificates—the system will:Cisco
- Attempt to download the updated
trustpool bundle from the configured URL.
- If the download is successful, the
trustpool is updated.
- If the download fails, the system will
retry at increasing intervals: 20 days, 15 days, 10 days, 5 days, 4 days,
3 days, 2 days, 1 day, and then hourly until successful.Cisco
This process ensures that the
device maintains an up-to-date set of trusted root certificates, which is
crucial for secure operations like HTTPS, VPNs, and Smart Licensing.
unfortunately, in our case, this configuration command was missing
crypto pki trustpool policy
cabundle url http://www.cisco.com/security/pki/trs/ios.p7b
revocation-check none
to manual import certificate you must launch, through config t, this command:
crypto pki trustpool import url http://www.cisco.com/security/pki/trs/ios.p7b
to avoid problems we launched this
to view certificate status this is command
show crypto pki trustpool policy
[other articles]
https://community.cisco.com/t5/switching/trustpool-expiration-on-3750-x/m-p/2423362#M286822