Software to prompt when something change windows 10

RickC said:

The 'unknown' reason is very probably SIH - Server Initiated Healing. This is a methodology that Windows uses to revert settings to what Microsoft believes is required. You can see it happening in Task Manager when TrustedInstaller appears for no apparent reason.

SIH appears to be the mechanism which subsequently triggers tools such as Windows Update Medic Service and the recently released Windows Update Health Tools. I believe the same happens accross the board, including Local Security Policy.

AFAIK it is NOT possible to carry out by remote access as someone would have to find a way to invoke TrustedInstaller locally to carry out changes to registry keys that are secured from change even by Administrators.

For example, look at the proliferation of registry keys now protected by a Security sub-key - even nonsense services like AJRouter:
Attachment 384273

(In Windows 10 1809 there were 171 keys within HKLM\SYSTEM\CurrentControlSet protected by a Security sub-key. In Windows 10 22H2 there are 176.)

IMO it's not outside actors out to get you, it's Microsoft.

Oh, and to answer your question specifically... yes, of course Windows Update can do that.

Thanks. I had scrcons.exe running in taskmanager and i never seen that in task before, and then i found this site Diary of a Detection Engineer: Babysitting child processes

So maybe someone was doing what they talk about in that webpage? Hence, the changes in my windows? Maybe it is. Why would Windows update or Microsoft change a very important security setting in secpol and revert just that part and not the other settings? If it was a non security setting, I would believe it, but an important one?

- - - Updated - - -

I got so paranoid I disabled WMI and I know a lot needs WMI but at this point I don't care, I don't see any negative impact though. Disabling wmi would disable all wmi attacks/exploits, right?

BlackVen0m said:

Thanks. I had scrcons.exe running in taskmanager and i never seen that in task before, and then i found this site Diary of a Detection Engineer: Babysitting child processes

So maybe someone was doing what they talk about in that webpage? Hence, the changes in my windows? Maybe it is. Why would Windows update or Microsoft change a very important security setting in secpol and revert just that part and not the other settings? If it was a non security setting, I would believe it, but an important one?

- - - Updated - - -

I got so paranoid I disabled WMI and I know a lot needs WMI but at this point I don't care, I don't see any negative impact though. Disabling wmi would disable all wmi attacks/exploits, right?

You asked what could change registry settings. That's what my answer tried to address, nothing more.

I've always thought that devices with little or no security don't appear 'interesting' to 'bad guys' whilst heavily protected devices must often make them think... 'hmm, I wonder what's so important it has to be protected' and thus more inquisitive. It's almost like inviting probes.

RickC said:

You asked what could change registry settings. That's what my answer tried to address, nothing more.

I've always thought that devices with little or no security don't appear 'interesting' to 'bad guys' whilst heavily protected devices must often make them think... 'hmm, I wonder what's so important it has to be protected' and thus more inquisitive. It's almost like inviting probes.

Yes, and thanks for that. :)

I was not being negative against your answer, just that I genuinely wondered about why Microsoft would reverse a critical setting for security.

I just want to be secured because I'm paranoid about being hacked. It's like a compulsion I have. So I try my best.

x509 said:

I guess I'm concerned because truly locking down a system, personal Joe User system, seems to be overly complex. The automated tools that this STIG Guide company sells look very nice, but they are clearly aimed at enterprises and governments. Whenever I see the phrase, "email us for a quote," I know not to bother, because the price will have at least four digits.

What is needed is some open source version of ConfigOS-Cybersecurity or even a NortonLifelock product at a consumer price.

Did you see my post "I found a GREAT webpage to help secure your Windows a must see " i posted here? Is that why you bring up STIG?? :) This link you put here seems amazing, in the way that in a click of a button it does all those STIG and CIS so you don't need to manually do it as I wrote in my post. I have not checked out the price yet, I'm guessing it's expensive, though.

x509 said:

That's the point. If I have to do each STIG/CIS change manually for each of 4 PCs in my house, then those changes won't be done, any more than an IT guy in a large organization would want to do those changes manually. I just don't have the time left over after the usual responsibilities and obligations. "Expensive" is another way to say that I can't afford the software, even with my entire beer budget.

Yeah same here! =/ They are like "email us" wtf, like you said, because of that sentence you know it's going to be really expensive. But I had the time to do it because it's only my own pc, so I went through it, it was not that much really. But that's because I have 1 pc like I said. I went through group policy ones and then secpol. For 1 pc, it was easy.

x509 said:

I guess I'm concerned because truly locking down a system, personal Joe User system, seems to be overly complex. The automated tools that this STIG Guide company sells look very nice, but they are clearly aimed at enterprises and governments. Whenever I see the phrase, "email us for a quote," I know not to bother, because the price will have at least four digits.

What is needed is some open source version of ConfigOS-Cybersecurity or even a NortonLifelock product at a consumer price.

HEY!! Look what i found! GitHub - 0x6d69636b/windows_hardening: HardeningKitty and Windows Hardening settings and configurations
Amazing! Its 100% free! Does the things we would want but can't pay for.

"The project started as a simple hardening list for Windows 10. After some time, HardeningKitty was created to simplify the hardening of Windows. Now, HardeningKitty supports guidelines from Microsoft, CIS Benchmarks, DoD STIG and BSI SiSyPHuS Win10. And of course my own hardening list."