PowerShell script for CPU information, incl. CPUID Solved

Page 2 of 7 FirstFirst 1234 ... LastLast
  1.    #11

    But it isn't response to my question; definitely I know what I am doing

    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
      My ComputerSystem Spec

  2.    #12

    muchomurka said: View Post
    But it isn't response to my question; definitely I know what I am doing

    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
    That's why I answered the way I did.
    Since you do face serious performance issues, it's up to you to evaluate the risks and decide what is best for you i.e performance VS security.
      My ComputerSystem Spec

  3.    #13

    muchomurka said: View Post
    So am I alone who refuse to tolerate serious performance drop (at the cost of implementing of new workflow to maintain security on home systems)?
    I never saw any performance drop (that I noticed - I didn't benchmark it). I run a lot of VM (mostly in fact).

    If I had I'd have done the same as you as I don't really feel Spectre/Meldown is a big issue for me. As a home user I don't have unknown programs running (as far as I can tell obviously) so I don't really care.

    I'm not really sure it is a big deal for anyone to be honest (it all seems theoretical) but perhaps I don't understand it well enough.
      My ComputerSystem Spec

  4.    #14

    muchomurka said: View Post
    I decided to disable all that protections... Am I alone?

    ddelo said: View Post
    Since you do face serious performance issues, it's up to you to evaluate the risks and decide what is best for you i.e performance VS security.

    If you don't want to reply directly to simple and unambiguous question then there's really no need to answer.
      My ComputerSystem Spec

  5.    #15

    lx07 said: View Post
    I never saw any performance drop (that I noticed - I didn't benchmark it). I run a lot of VM (mostly in fact).

    It depends. If you have last gen processor and don't need to perform tasks like sql data processing or running virtual machines under nested hypervisors, you perhaps don't notice significant performance drop.
      My ComputerSystem Spec

  6.    #16

    muchomurka said: View Post
    If you don't want to reply directly to simple and unambiguous question then there's really no need to answer.
    My answer is that it's your call. Personally, I would accept some (not major) performance degradation, to have peace of mind from these vulnerabilities. But I do not do SQL data processing, not at home at least. I leave that stuff for the Enterprise servers, in a closed, secure environment.

    If you're alone? I don't know. Maybe for such heavy home use, if the slowdown is significant like yours, then you disable the mitigations, be extra careful and backup regularly.
      My ComputerSystem Spec


  7.    #17

    ddelo said: View Post
    My answer is that it's your call. Personally, I would accept some (not major) performance degradation, to have peace of mind from these vulnerabilities. But I do not do SQL data processing, not at home at least. I leave that stuff for the Enterprise servers, in a closed, secure environment.
    As I already wrote above, I don't need neither advices nor opinions, they both have zero value for me. I already decided and I understand consequencies & responsibilities. So please don't continue this way if you can.

    I'm only curious whether other people made the same decision as I did. This is my only one question, nothing more. So once again:

    muchomurka said: View Post
    Btw after observations of visible performance drop during regular use (and catastrophic while using nested virtualization) I decided to disable all that protections on all my home systems using InSpectre & downgrade BIOSes when necessary. Am I alone?
      My ComputerSystem Spec

  8.    #18

    muchomurka, I have reverted to BIOS F22 (date of Aug 23 2017) for my Gigabyte GA-Z170X Designare board. I built my machine with top performing parts a couple years ago and had not had any crashes or BSOD, just a very stable, smoking fast computer. I was very disappointed that all of that changed when I flashed the BIOS to F23G, installed the microcode software update from Microsoft and installed the latest Intel Management software. I keep meticulous backups as the previous poster mentioned, but that's not really the main issue. A backup might contain your important data, but it won't help when your passwords and personal sensitive information is out in the wild for the highest bidder, and supposedly you won't even know your data was stolen.
      My ComputerSystem Spec

  9.    #19

    Thank you @ddelo.

    If they match like on your screenshot does that mean that the BIOS/UEFI uCode is working and in use even if OS patches are also at the 0x2B level? I did the PowerShell speculation script and posted it here b/c do not understand it at all even with the documentation. Sorry this is sort of a cross-post.

    My guess is that something like this:
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Means what can be protected by my BIOS is the latest version and what can be protected by the OS is being protected by the latest version. But what confuses is why is the Windows OS support enabled if there is hardware mitigation present?

    Also does CPU-info install any modules or scripts in a directory and if so where? Or is it just the one script on the desktop?

    Last the "Set-ExecutionPolicy Bypass -Scope Process –force" just causes that policy for that PowerShell session? When I reopened and did GetList I got:
    Scope ExecutionPolicy
    ----- ---------------
    MachinePolicy Undefined
    UserPolicy Undefined
    Process Undefined
    CurrentUser RemoteSigned
    LocalMachine Undefined
    This is the proper default?
      My ComputerSystem Spec

  10.    #20

    andyouf said: View Post
    Thank you @ddelo.

    If they match like on your screenshot does that mean that the BIOS/UEFI uCode is working and in use even if OS patches are also at the 0x2B level?

    You're most welcome, Andy!
    If BIOS/UEFI microcode revision and Current microcode revision match, it means that the installed update at the BIOS/UEFI level is the same with the one currently running at the OS level. i.e. If you have applied any OS update, this OS update is the same or lower than the one of the BIOS/UEFI, in which case the OS update is discarded.


    andyouf said: View Post
    I did the PowerShell speculation script and posted it here b/c do not understand it at all even with the documentation. Sorry this is sort of a cross-post.

    My guess is that something like this:
    Hardware support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is present: True
    Windows OS support for branch target injection mitigation is enabled: True

    Means what can be protected by my BIOS is the latest version and what can be protected by the OS is being protected by the latest version. But what confuses is why is the Windows OS support enabled if there is hardware mitigation present?
    Hardware support for branch target injection mitigation is present: True
    This line tells you if hardware features are present to support the branch target injection mitigation. The device OEM is responsible for providing the updated BIOS/firmware that contains the microcode provided by CPU manufacturers. If this line is True, the required hardware features are present.

    Windows OS support for branch target injection mitigation is present: True
    This line tells you if Windows operating system support is present for the branch target injection mitigation. If it is True, the operating system supports enabling the branch target injection mitigation (and therefore has installed the appropriate update). Again if the BIOS/UEFI update is later than the available OS update, then OS update is discarded, but at OS level you're protected.

    Windows OS support for branch target injection mitigation is enabled: True
    This line tells you if Windows operating system support is enabled (if it's present from the previous line) for the branch target injection mitigation. If it is True, hardware support and OS support for the branch target injection mitigation is enabled for the device, thus protecting against CVE-2017-5715.

    andyouf said: View Post
    Also does CPU-info install any modules or scripts in a directory and if so where? Or is it just the one script on the desktop?

    It's just a script on your Desktop. Nothing is installed anywhere.


    andyouf said: View Post
    Last the "Set-ExecutionPolicy Bypass -Scope Process –force" just causes that policy for that PowerShell session? When I reopened and did GetList I got:
    This is the proper default?
    Yes, only for this session. (By the -Scope Process switch)

    The default settings are the following:

    Click image for larger version. 

Name:	Default-Exec.Policy.png 
Views:	2 
Size:	12.3 KB 
ID:	207149


    My settings are:

    Click image for larger version. 

Name:	Capture.PNG 
Views:	64 
Size:	20.7 KB 
ID:	207150

    I hope this helps. Cheers. Dimitri
      My ComputerSystem Spec


 
Page 2 of 7 FirstFirst 1234 ... LastLast

Related Threads
The PowerShell script execution policies enables you to determine which Windows PowerShell scripts (if any) will be allowed to run on your computer. Windows PowerShell has four different execution policies: Execution Policy Description ...
One of many PowerShell security features is that you can't run a script simply by double clicking it's icon on desktop or in a folder. Doing so will by default open script in Notepad for editing instead. You can right click script and select Run...
A Powershell Script for HandBrake in Software and Apps
Here's the thing. My system is an age-old i3-530 overclocked to 3.5GHz coupled with GTX 1050 2GB. I have around 1.5TB of tutorial videos that I have to encode due to dearth in HDD space. I want to encode the videos while keeping the folder and...
Hope I'm in the right place! I am trying to get a Powershell script to run daily in the task scheduler. It basically purges a folder on one of my drives: Get-ChildItem –Path “D:\Dropbox\Quicken\Backup” –Recurse | Where-Object CreationTime...
A .ps1 script file is a text file that contains one or more Windows PowerShell commands or expressions. A .ps1 file will open with Notepad by default. To run a .ps1 file with PowerShell, you would right click or press and hold on the .ps1 file and...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:00.
Find Us