deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into security-book-24

Browse Source
This commit is contained in:
Paolo Matarazzo
2024-09-24 08:00:17 -04:00
parent 475b756018 bface93857
commit 8ca4d3c097
1146 changed files with 10947 additions and 56226 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
View File

@ -96,20 +96,6 @@ An attacker might modify the boot manager configuration database (BCD), which is
An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware, and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This can't succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0. To successfully unseal the blob, PCR 11 in the TPM must have a value of 0. However, when the boot manager passes the control to any boot loader (legitimate or rogue), it always changes PCR 11 to a value of 1. Since the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can't unlock the BitLocker key.
To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`.
The PCR values map to:
- `PCR 4: Boot Manager`
- `PCR 7: Secure Boot State`
- `PCR 11: BitLocker access control`
> [!TIP]
> To check what PCRs are in use, execute the following command:
> ```cmd
> manage-bde.exe -protectors -get c:
> ```
## Attacker countermeasures
The following sections cover mitigations for different types of attackers.

BIN
windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-multiple-passwords-multiple-backups.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 63 KiB

After

Width:  |  Height:  |  Size: 64 KiB

3
windows/security/operating-system-security/data-protection/bitlocker/includes/allow-secure-boot-for-integrity-validation.md
View File

@ -26,6 +26,3 @@ When this policy is enabled and the hardware is capable of using Secure Boot for
|--|--|
| **CSP** | Not available |
| **GPO** | **Computer Configuration** > **Administrative Templates** > **Windows Components** > **BitLocker Drive Encryption** > **Operating System Drives** |
> [!NOTE]
> To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`.

2
windows/security/operating-system-security/data-protection/bitlocker/includes/configure-tpm-platform-validation-profile-for-native-uefi-firmware-configurations.md
View File

@ -26,8 +26,6 @@ A platform validation profile consists of a set of PCR indices ranging from 0 to
> [!NOTE]
> When Secure Boot State (PCR7) support is available, the default platform validation profile secures the encryption key using Secure Boot State (PCR 7) and the BitLocker access control (PCR 11).
>
> To prevent boot manger roll-back attacks, Windows updates released on and after July 2024 changed the default PCR Validation Profile for **UEFI with Secure Boot** from `7, 11` to `4, 7, 11`.
The following list identifies all of the available PCRs:

2
windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
View File

@ -38,7 +38,7 @@ If you have access to the recovery key, enter the 48-digits in the preboot recov
If BitLocker recovery keys are stored in Microsoft Entra ID, users can access them using the following URL: https://myaccount.microsoft.com. From the **Devices** tab, users can select a Windows device that they own, and select the option **View BitLocker Keys**.
> [!NOTE]
> By default, users can retrieve their BitLocker reecovery keys from Microsoft Entra ID. This behavior can be modified with the option **Restrict users from recovering the BitLocker key(s) for their owned devices**. For more information, see [Restrict member users' default permissions][ENTRA-1].
> By default, users can retrieve their BitLocker recovery keys from Microsoft Entra ID. This behavior can be modified with the option **Restrict users from recovering the BitLocker key(s) for their owned devices**. For more information, see [Restrict member users' default permissions][ENTRA-1].
### Self-recovery with USB flash drive

49
windows/security/operating-system-security/data-protection/toc.yml
View File

@ -8,51 +8,4 @@ items:
- name: Email Encryption (S/MIME)
href: configure-s-mime.md
- name: Windows Information Protection (WIP)
href: ../../information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
items:
- name: Create a WIP policy using Microsoft Intune
href: ../../information-protection/windows-information-protection/overview-create-wip-policy.md
items:
- name: Create a WIP policy in Microsoft Intune
href: ../../information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
items:
- name: Deploy your WIP policy in Microsoft Intune
href: ../../information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
- name: Associate and deploy a VPN policy for WIP in Microsoft Intune
href: ../../information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
- name: Create and verify an EFS Data Recovery Agent (DRA) certificate
href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
- name: Determine the enterprise context of an app running in WIP
href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
- name: Create a WIP policy using Microsoft Configuration Manager
href: ../../information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
items:
- name: Create and deploy a WIP policy in Configuration Manager
href: ../../information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
- name: Create and verify an EFS Data Recovery Agent (DRA) certificate
href: ../../information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
- name: Determine the enterprise context of an app running in WIP
href: ../../information-protection/windows-information-protection/wip-app-enterprise-context.md
- name: Mandatory tasks and settings required to turn on WIP
href: ../../information-protection/windows-information-protection/mandatory-settings-for-wip.md
- name: Testing scenarios for WIP
href: ../../information-protection/windows-information-protection/testing-scenarios-for-wip.md
- name: Limitations while using WIP
href: ../../information-protection/windows-information-protection/limitations-with-wip.md
- name: How to collect WIP audit event logs
href: ../../information-protection/windows-information-protection/collect-wip-audit-event-logs.md
- name: General guidance and best practices for WIP
href: ../../information-protection/windows-information-protection/guidance-and-best-practices-wip.md
items:
- name: Enlightened apps for use with WIP
href: ../../information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
- name: Unenlightened and enlightened app behavior while using WIP
href: ../../information-protection/windows-information-protection/app-behavior-with-wip.md
- name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
href: ../../information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
- name: Using Outlook Web Access with WIP
href: ../../information-protection/windows-information-protection/using-owa-with-wip.md
- name: Fine-tune WIP Learning
href: ../../information-protection/windows-information-protection/wip-learning.md
- name: Disable WIP
href: ../../information-protection/windows-information-protection/how-to-disable-wip.md
href: /previous-versions/windows/it-pro/windows-10/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip

2
windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md
View File

@ -65,7 +65,7 @@ No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new t
| Name | Details | Security Tools |
|--|--|--|
| Microsoft 365 Apps for enterprise, version 2306 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-m365-apps-for-enterprise-v2306/ba-p/3858702) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
| Microsoft Edge, version 117 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-117/ba-p/3930862) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
| Microsoft Edge, version 128 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-128/ba-p/4237524) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
## Related articles

2
windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md
View File

@ -35,7 +35,7 @@ The Security Compliance Toolkit consists of:
- Office 2016
- Microsoft 365 Apps for Enterprise Version 2206
- Microsoft Edge security baseline
- Microsoft Edge version 114
- Microsoft Edge version 128
- Tools
- Policy Analyzer
- Local Group Policy Object (LGPO)

6
windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
View File

@ -1,8 +1,8 @@
---
title: Configure Windows Firewall logging
title: Configure Windows Firewall logging
description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
ms.topic: how-to
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Configure Windows Firewall logging
@ -137,7 +137,7 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$NewAcl = Get-Acl -Path $LogPath
$NewAcl = Get-Acl -Path $LogPath
$identity = "NT SERVICE\mpssvc"
$fileSystemRights = "FullControl"

2
windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line.md
View File

@ -2,7 +2,7 @@
title: Manage Windows Firewall with the command line
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
ms.topic: how-to
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Manage Windows Firewall with the command line

2
windows/security/operating-system-security/network-security/windows-firewall/configure.md
View File

@ -2,7 +2,7 @@
title: Configure firewall rules with group policy
description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
ms.topic: how-to
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Configure rules with group policy

2
windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
View File

@ -2,7 +2,7 @@
title: Windows Firewall dynamic keywords
description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
ms.topic: how-to
ms.date: 01/16/2024
ms.date: 09/06/2024
---
# Windows Firewall dynamic keywords

2
windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
View File

@ -2,7 +2,7 @@
title: Filter origin audit log
description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
ms.topic: troubleshooting
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Filter origin audit log

20
windows/security/operating-system-security/network-security/windows-firewall/hyper-v-firewall.md
View File

@ -1,8 +1,8 @@
---
title: Hyper-V firewall
title: Hyper-V firewall
description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
ms.topic: how-to
ms.date: 11/21/2023
ms.date: 09/06/2024
appliesto:
-<a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
---
@ -21,18 +21,18 @@ This section describes the steps to manage Hyper-V firewall using PowerShell.
### Obtain the WSL GUID
Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
```powershell
Get-NetFirewallHyperVVMCreator
Get-NetFirewallHyperVVMCreator
```
The output contains a VmCreator object type, which has unique identifier `VMCreatorId` and `friendly name` properties. For example, the following output shows the properties of WSL:
```powershell
PS C:\> Get-NetFirewallHyperVVMCreator
VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
FriendlyName : WSL
VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
FriendlyName : WSL
```
> [!NOTE]
@ -63,7 +63,7 @@ The output contains the following values:
To configure Hyper-V firewall, use the [Set-NetFirewallHyperVVMSetting][PS-2] command. For example, the following command sets the default inbound connection to *Allow*:
```powershell
Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
```
### Firewall Rules
@ -76,10 +76,10 @@ Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
To configure specific rules, use the [Set-NetFirewallHyperVRule][PS-4] cmdlet.
For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
```powershell
New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
```
### Target Hyper-V firewall rules and settings to specific profiles
@ -95,7 +95,7 @@ The policy options are similar to the ones already described, but are applied to
To view the settings per profile, use the following command:
```powershell
Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
```
> [!NOTE]

4
windows/security/operating-system-security/network-security/windows-firewall/index.md
View File

@ -1,8 +1,8 @@
---
title: Windows Firewall overview
title: Windows Firewall overview
description: Learn overview information about the Windows Firewall security feature.
ms.topic: overview
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Windows Firewall overview

4
windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
View File

@ -2,7 +2,7 @@
title: Quarantine behavior
description: Learn about Windows Firewall and the quarantine feature behavior.
ms.topic: concept-article
ms.date: 11/21/2023
ms.date: 09/06/2024
---
# Quarantine behavior
@ -77,7 +77,7 @@ Inside the wfpdiag.xml, search for `netEvents` that have `FWPM_NET_EVENT_TYPE_CL
The characters in the application ID name are separated by periods:
```XML
<asString> \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
<asString> \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
```
The `netEvent` contains more information about the dropped packet, including information about its capabilities, the filter that dropped the packet, and much more.

2
windows/security/operating-system-security/network-security/windows-firewall/rules.md
View File

@ -1,7 +1,7 @@
---
title: Windows Firewall rules
description: Learn about Windows Firewall rules and design recommendations.
ms.date: 11/21/2023
ms.date: 09/06/2024
ms.topic: concept-article
---

2
windows/security/operating-system-security/network-security/windows-firewall/tools.md
View File

@ -1,7 +1,7 @@
---
title: Windows Firewall tools
description: Learn about the available tools to configure Windows Firewall and firewall rules.
ms.date: 11/20/2023
ms.date: 09/06/2024
ms.topic: best-practice
---

22
windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
View File

@ -2,7 +2,7 @@
title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
ms.topic: troubleshooting
ms.date: 11/07/2023
ms.date: 09/06/2024
---
# Troubleshooting UWP App Connectivity Issues
@ -83,7 +83,7 @@ package SID, or application ID name. The characters in the application ID name
will be separated by periods:
```XML
(ex)
(ex)
<asString>
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
@ -118,18 +118,18 @@ remote address, capabilities, etc.
<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
</flags>
<ipVersion>FWP_IP_VERSION_V6</ipVersion>
<ipProtocol>6</ipProtocol>
<localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>
<ipProtocol>6</ipProtocol>
<localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>
<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
<localPort>52127</localPort>
<remotePort>443</remotePort>
<scopeId>0</scopeId>
<appId>
<appId>
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
@ -152,7 +152,7 @@ remote address, capabilities, etc.
<internalFields>
<internalFlags/>
<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
<capabilities numItems="3">
<capabilities numItems="3">
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
@ -195,7 +195,7 @@ allowed by Filter #125918, from the InternetClient Default Rule.
<asString>.+......</asString>
</providerData>
<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey
<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey
<weight>
<type>FWP_EMPTY</type>
</weight>
@ -284,7 +284,7 @@ The important part of this condition is **S-1-15-3-1**, which is the capability
From the **netEvent** capabilities section, capabilities from netEvent, Wfpdiag-Case-1.xml.
```xml
<capabilities numItems="3">
<capabilities numItems="3">
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
@ -575,7 +575,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
<localPort>52998</localPort>
<remotePort>53</remotePort>
<scopeId>0</scopeId>
<appId>
<appId>
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
<localPort>52956</localPort>
<remotePort>53</remotePort>
<scopeId>0</scopeId>
<appId>
<appId>
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>