Scantide Local PC Security Check

Computer: DESKTOP-REDACTED | User: CORP\\user.redacted | Generated: 2026-06-11 (anonymized for publishing) | v3.5.164
Local Risk Score
100
Findings
75
Installed Software
136
Software CVE Matches
15
Listening Ports
33
Shares
3
Shared Printers
1
Pending Reboot
Yes
Admin Context
Limited
Completeness of local checks
Check Level
Advanced
Preset plus selected modules
Total Runtime
177.68 s
43 ran, 0 skipped, 0 failed
External IP
Skipped
Blacklist: Skipped
Endpoint Posture
143
Remote/firewall/PATH review items
Certificates
111
Expired/soon expiring
Click a summary card, tab, or quick filter.

Important Disclaimer

Read this first: Important disclaimer: Scantide Local Check and Scantide Local Watch are assessment and awareness tools. They are not an EDR, antivirus, patch manager, compliance certification, or proof of compromise. Installed-software CVE matches are review leads based on local inventory display names and versions; verify the exact product, edition, build and exposure before treating a match as confirmed. Public IP blacklist checks are indicators only and can be affected by NAT, VPNs, proxies, shared ISP addresses and stale DNSBL data. Missing or unknown data means not checked or not available, not clean.

Executive Findings

Scan scope: Limited local check - not running as Administrator
The script is not running elevated. The report is still useful, but several checks may be incomplete, unavailable, or shown as Unknown. Do not treat missing data as clean.
Checks that may be incomplete: Firewall policy details; Defender/AV internals; SMB server/client configuration; BitLocker; local users/admins; some shares/printers; some listening-process ownership; protected registry policy keys
Local endpoint posture check. Installed software CVE matching should be treated as a review item unless exact product/version matching is confirmed. CVE status: Scantide CVE API queried in 20 parallelized batch(es), batch size 5, parallelism 4. Items: 100, matches with CVEs: 15.
SeverityAreaFinding / EvidenceRecommendation
HighServicesService runs from user-writable path: ZoomCptService
"C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"		Move service binaries to protected paths and verify permissions.
HighUsersPassword not required: DefaultAccount
PasswordRequired=False		Require local account passwords.
HighUsersPassword not required: CorpGuest.REDACTED
PasswordRequired=False		Require local account passwords.
InfoAntivirusMicrosoft Defender appears disabled/passive because another AV/EDR is registered
Registered AV/EDR: CrowdStrike Falcon Sensor		Verify the third-party AV/EDR is managed and healthy.
InfoBitLockerBitLocker was not fully checked
Admin required; Run elevated to query BitLocker		Run elevated to check BitLocker protection state.
InfoDevice ControlUSB storage appears enabled
USBSTOR Start=3		Confirm removable media policy matches the organization policy.
InfoEvent LogsRecent Application error: C:\ProgramData\Azure\AzCopy\azcopy.exe / 0
Review if the error repeats, affects security controls, or maps to failed services, drivers, updates or authentication.
InfoEvent LogsRecent Application error: HCP Port Monitor / 0
Review if the error repeats, affects security controls, or maps to failed services, drivers, updates or authentication.
InfoEvent LogsRecent Application error: HCP Port Monitor / 0
Review if the error repeats, affects security controls, or maps to failed services, drivers, updates or authentication.
InfoEvent LogsRecent Application error: VSS / 13
Volume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied. ]		Review if the error repeats, affects security controls, or maps to failed services, drivers, updates or authentication.
InfoGhost DevicesNon-present device: Generic volume shadow copy
Class=VolumeSnapshot; InstanceId=STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: HID-compliant consumer control device
Class=HIDClass; InstanceId=HID\VID_0B0E&PID_030B&MI_03&COL03\8&35AECF77&0&0002		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: Jabra Evolve 65
Class=MEDIA; InstanceId=USB\VID_0B0E&PID_030B&MI_00\7&30FD822B&0&0000		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: MIDI 2.0 Service Tests
Class=SoftwareDevice; InstanceId=SWD\MIDISRV\MIDIU_DIAG_TRANSPORT		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: PS/2 Compatible Mouse
Class=Mouse; InstanceId=ACPI\DLL0A5B\4&77AFA20&0		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: Service Test Loopback A
Class=SoftwareDevice; InstanceId=SWD\MIDISRV\MIDIU_DIAG_LOOPBACK_A		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: Service Test Loopback B
Class=SoftwareDevice; InstanceId=SWD\MIDISRV\MIDIU_DIAG_LOOPBACK_B		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: Speakers (Jabra Evolve 65)
Class=AudioEndpoint; InstanceId=SWD\MMDEVAPI\{0.0.0.00000000}.{D9EA0B81-ABB1-4919-929A-D798006EC989}		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: USB Composite Device
Class=USB; InstanceId=USB\VID_0B0E&PID_030B\50C2ED067EBE		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoGhost DevicesNon-present device: USB Input Device
Class=HIDClass; InstanceId=USB\VID_0B0E&PID_0311\50C2ED067EBE		Review if stale devices are unexpected, especially old NICs, storage, VPN, security or remote access devices.
InfoInstalled Software CVE ReviewReview signal: AD Info Free Edition 1.7.92
1 CVE(s); highest=MEDIUM 6.8; top=CVE-2021-20876. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
InfoInstalled Software CVE ReviewReview signal: Intel(R) LMS 1.0.0.0
1 CVE(s); highest=MEDIUM 6.4; top=CVE-2020-8704. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
InfoInstalled Software CVE ReviewReview signal: Intel(R) Management Engine Driver 1.0.0.0
1 CVE(s); highest=MEDIUM 5.5; top=CVE-2021-33087. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
InfoInstalled Software CVE ReviewReview signal: Microsoft Edge 149.0.4022.62
2 CVE(s); highest=MEDIUM 5; top=CVE-2015-6057, CVE-2015-6058. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
InfoUSB StorageUSB mass storage appears enabled
USBSTOR Start=3		Confirm removable media policy matches the organization policy.
LowCertificatesExpired certificate: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Store=Cert:\LocalMachine\Root; NotAfter=05/30/2020 12:48:38		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Store=Cert:\CurrentUser\Root; NotAfter=05/30/2020 12:48:38		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US
Store=Cert:\CurrentUser\Root; NotAfter=01/01/2000 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: CN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US
Store=Cert:\LocalMachine\Root; NotAfter=01/01/2000 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US
Store=Cert:\LocalMachine\Root; NotAfter=07/09/2019 20:40:36		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US
Store=Cert:\CurrentUser\Root; NotAfter=07/09/2019 20:40:36		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network
Store=Cert:\LocalMachine\Root; NotAfter=01/08/2004 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: OU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network
Store=Cert:\CurrentUser\Root; NotAfter=01/08/2004 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network
Store=Cert:\LocalMachine\Root; NotAfter=12/31/1999 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowCertificatesExpired certificate: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network
Store=Cert:\CurrentUser\Root; NotAfter=12/31/1999 00:59:59		Remove expired/unneeded certificates or renew if still used.
LowInstalled Software CVE ReviewReview signal: Dell Display and Peripheral Manager 2.1.0.24
2 CVE(s); highest=HIGH 7.3; top=CVE-2025-46430, CVE-2026-21419. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: Fiddler 4.4.9.2
1 CVE(s); highest=HIGH 8.8; top=CVE-2020-13661. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: Intel(R) Wireless Bluetooth(R) 23.30.0.3
5 CVE(s); highest=HIGH 7.8; top=CVE-2020-0555, CVE-2019-14620, CVE-2024-24984, CVE-2023-47859, CVE-2023-45845. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: ISS_Drivers_x64 3.10.100.4446
1 CVE(s); highest=HIGH 7.1; top=CVE-2024-50035. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: Microsoft Intune Management Extension 1.101.111.0
1 CVE(s); highest=HIGH 8.1; top=CVE-2021-31980. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: Notepad++ 8.9.6.4
4 CVE(s); highest=HIGH 8.4; top=CVE-2025-56383, CVE-2026-25866, CVE-2025-49144, CVE-2007-5145. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowInstalled Software CVE ReviewReview signal: OpenSSL 3.4.1
4 CVE(s); highest=HIGH 7.5; top=CVE-2004-0079, CVE-2003-0851, CVE-2004-0081, CVE-2004-0112. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
LowListening PortsListening RPC Endpoint Mapper / 135
Address=0.0.0.0; Process=svchost; Context=Common local listening service. Confirm it is expected and firewall-scoped.		Confirm the service is expected, patched, and restricted by host firewall or network policy.
LowListening PortsListening RPC Endpoint Mapper / 135
Address=::; Process=svchost; Context=Common local listening service. Confirm it is expected and firewall-scoped.		Confirm the service is expected, patched, and restricted by host firewall or network policy.
LowPrintersShared printer:
Share=; Driver=		Confirm the printer share and driver are required.
LowRemote AccessRemote access indicator: TeamViewer Host
Installed software; TeamViewer		Confirm this remote access tool/service is expected and managed.
LowUpdatesPending reboot detected
Pending file rename		Reboot during maintenance.
LowWindows Security BaselineLSASS protection is not clearly enabled
RunAsPPL=2		Consider enabling LSA protection where compatible.
MediumFirewall RulesRisky inbound allow rule: Core Networking - Teredo (ICMPv6-In)
Ports=; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Microsoft 365 Copilot
Ports=; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Microsoft Edge (mDNS-In)
Ports=5353; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Microsoft Edge (mDNS-In)
Ports=5353; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Teamviewer Remote Control Application
Ports=*; Remote=*; Profile=Private		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Teamviewer Remote Control Application
Ports=*; Remote=*; Profile=Private		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Teamviewer Remote Control Service
Ports=*; Remote=*; Profile=Private		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Teamviewer Remote Control Service
Ports=*; Remote=*; Profile=Private		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Windows App
Ports=*; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumFirewall RulesRisky inbound allow rule: Windows App
Ports=*; Remote=*; Profile=Domain,Private,Public		Confirm the rule is required and scope it to trusted networks.
MediumInstalled Software CVE ReviewReview signal: 7-Zip 24.08
5 CVE(s); highest=CRITICAL 9.3; top=CVE-2008-3075, CVE-2016-3646, CVE-2002-0370, CVE-2009-1782, CVE-2004-2348. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
MediumInstalled Software CVE ReviewReview signal: 7-Zip 26.01.00.0
5 CVE(s); highest=CRITICAL 9.3; top=CVE-2008-3075, CVE-2016-3646, CVE-2002-0370, CVE-2009-1782, CVE-2004-2348. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
MediumInstalled Software CVE ReviewReview signal: GlobalProtect 6.2.8
10 CVE(s); highest=CRITICAL 9.8; top=CVE-2016-3657, CVE-2017-7945, CVE-2017-9458, CVE-2016-3656, CVE-2017-7409. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
MediumInstalled Software CVE ReviewReview signal: Mozilla Firefox 151.0.4
2 CVE(s); highest=CRITICAL 10; top=CVE-2004-0904, CVE-2004-0905. Local installed-software matching is weaker evidence than service/banner matching.		Verify exact product, edition, build and exposure before treating this as a confirmed vulnerability.
MediumListening PortsListening SMB / 445
Address=::; Process=System; Context=Common local listening service. Confirm it is expected and firewall-scoped.		Confirm the service is expected, patched, and restricted by host firewall or network policy.
MediumLock ScreenAutomatic lock / screensaver posture needs review
Screensaver is enabled but password on resume is not required.		Require automatic lock and password on resume. Recommended maximum timeout is 15 minutes or less.
MediumPATH HijackWritable PATH directory: C:\Users\user.redacted\AppData\Local\Microsoft\WindowsApps
User-writable-looking PATH directory		Remove writable directories from PATH or harden permissions.
MediumPATH HijackWritable PATH directory: C:\Users\user.redacted\AppData\Local\Microsoft\WindowsApps
User-writable-looking PATH directory		Remove writable directories from PATH or harden permissions.
MediumPATH HijackWritable PATH directory: C:\Users\user.redacted\AppData\Local\Programs\Fiddler
User-writable-looking PATH directory		Remove writable directories from PATH or harden permissions.
MediumScan ScopeLocal check was not run as Administrator
The script is not running elevated. The report is still useful, but several checks may be incomplete, unavailable, or shown as Unknown. Do not treat missing data as clean.		Re-run from an elevated PowerShell session for complete checks. Limited areas: Firewall policy details; Defender/AV internals; SMB server/client configuration; BitLocker; local users/admins; some shares/printers; some listening-process ownership; protected registry policy keys
MediumScheduled TasksTask runs from user-writable path: CleanupTemporaryState
%windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState		Review task action and remove if not required.
MediumWi-FiWeak Wi-Fi profile: BSMH-Guest
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.
MediumWi-FiWeak Wi-Fi profile: CARE4U
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.
MediumWi-FiWeak Wi-Fi profile: Hyatt_Guest
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.
MediumWi-FiWeak Wi-Fi profile: IHG ONE REWARDS Free WI-FI
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.
MediumWi-FiWeak Wi-Fi profile: PowhatanWiFi
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.
MediumWi-FiWeak Wi-Fi profile: Qualityguest
Authentication=Open; Cipher=None		Remove old weak Wi-Fi profiles and prefer WPA2/WPA3.

System Overview

ComputerDESKTOP-REDACTEDUserCORP\\user.redacted
Domain / WorkgroupWORKGROUPPart of domainFalse
ManufacturerDell Inc.ModelLatitude 9420
Serial number68SG3M3System typex64-based PC
BIOS version1.46.0BIOS release date2026-03-31 02:00:00
BaseboardDell Inc. 0CP3KMBaseboard serial/68SG3M3/CNCMK0021D0128/
Operating systemMicrosoft Windows 11 EnterpriseOS version / build10.0.26200 / 26200
Architecture64-bitInstall date2026-02-27 16:00:31
Last boot2026-06-09 08:37:44Time zone(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
CPU11th Gen Intel(R) Core(TM) i7-1185G7 @ 3.00GHzCores / logical processors4 / 8
Total RAM15.7 GBMemory slots used8
Memory modules2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE | 2.0 GB / 4267 MHz / H9HCNNNCPMMLXR-NEE
Local disksC: 474.7 GB total, 253.6 GB free
AdminFalsePending rebootPending file rename

Scan Completeness / Privilege

Running as AdministratorFalseStatusLimited local check - not running as Administrator
ImpactThe script is not running elevated. The report is still useful, but several checks may be incomplete, unavailable, or shown as Unknown. Do not treat missing data as clean.
Checks that may be incompleteFirewall policy details; Defender/AV internals; SMB server/client configuration; BitLocker; local users/admins; some shares/printers; some listening-process ownership; protected registry policy keys

Check Modules and Runtime

Runtime explanation:This table shows which modules ran, which were skipped or failed, and where time was spent. Long runtimes are usually caused by SoftwareCve because it calls the Scantide CVE API in batches. Total scan runtime: 177.68 seconds.
CheckStatusSecondsNote
SystemInfoOK1.91
UpdatePolicyOK0.28
RemoteAccessToolsOK2.21
AntivirusOK0.96
UpdatesOK2.39
BrowserPostureOK0.35
RecoveryPostureOK0.67
CredentialExposureOK0.73
DeveloperAdminToolsOK5.55
RiskyFirewallRulesOK1.17
NetworkOK12.23
AuditLoggingOK0.41
RemoteManagementOK5.73
DeviceControlOK0.23
UsbStorageOK0.23
ProxyVpnOK1.9
TimeSyncOK0.52
ScheduledTasksOK4.47
WritableServicesOK4.28
ExternalIpOK0.05
UACOK0.28
UsersOK2.07
LockScreenOK0.39
PathHijackOK0.24
SMBOK3.21
BrowserExtensionsOK0.39
SharesOK2.88
SoftwareInventoryOK0.8
ListeningPortsOK11.12
FirewallOK4.92
GhostDevicesOK5.69
WindowsSecurityBaselineOK0.3
LapsOK0.46
CertificatesOK0.76
BitLockerOK0.04
RDPOK0.32
PowerShellOK0.59
SecureBootTpmOK0.81
StartupOK0.33
EventLogErrorsOK0.46
PrintersOK2.84
WifiProfilesOK6.52
SoftwareCveOK136.44

Network and External IP

Network explanation:This section shows local adapters, DNS servers, default routes and public IP reputation when enabled. Treat public IP blacklist data as an indicator only; VPNs, NAT and shared ISP addresses can affect it.

External IP / Reputation

External IPCountryRegionCityOrgSourceBlacklistedListed onNote
SkippedSkippedSkippedExternal IP/reputation check skipped by user setting.

Adapters

InterfaceDescriptionIPv4IPv6GatewayDNS servers
Wi-FiIntel(R) Wi-Fi 6E AX210 160MHz10.X.X.REDACTED10.X.X.REDACTED10.X.X.REDACTED, 10.X.X.REDACTED
Ethernet 7Realtek USB GbE Family Controller #3169.254.212.78fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3
Bluetooth Network ConnectionBluetooth Device (Personal Area Network)169.254.188.231fec0:0:0:ffff::1, fec0:0:0:ffff::2, fec0:0:0:ffff::3

DNS Servers

InterfaceAddress familyDNS servers
Ethernet 72
Local Area Connection* 92
Local Area Connection* 102
Wi-Fi210.X.X.REDACTED, 10.X.X.REDACTED
Bluetooth Network Connection2
Loopback Pseudo-Interface 12
Teredo Tunneling Pseudo-Interface2

Default Routes

InterfaceNext hopMetric
Wi-Fi10.X.X.REDACTED0

Firewall

NameEnabledDefault InDefault Out
DomainTrueNotConfiguredNotConfigured
PrivateTrueNotConfiguredNotConfigured
PublicTrueNotConfiguredNotConfigured

Antivirus / EDR

NameSourceEnabledRealtimeSig AgeStateDetails
CrowdStrike Falcon Sensorroot\SecurityCenter2266240C:\Program Files\CrowdStrike\CSFalconController.exe
Microsoft DefenderGet-MpComputerStatusFalseFalse65535AMService=False; Behavior=False
Windows Defenderroot\SecurityCenter2393472windowsdefender://

SMB

SMB1 ServerSMB1 ClientRequire SigningSigning EnabledInsecure Guest
FalseUnknownTrueFalseFalse

RDP / BitLocker / UAC

CheckValue
RDP EnabledFalse/Unknown
NLA RequiredFalse/Unknown
UAC EnableLUA1

Listening TCP Ports

Listening port explanation:These are services accepting TCP connections. A listening port is not automatically bad, but it should be expected, patched and scoped by firewall policy. Localhost-only listeners are usually lower risk than 0.0.0.0 or :: listeners.
ProtocolAddressPortPIDProcessUsuallyCategoryRiskExplanationGuidance
::135svchostRPC Endpoint MapperFallbackLowCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.0135svchostRPC Endpoint MapperFallbackLowCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::445SystemSMBFallbackMediumCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::623LMSIntel AMT / IPMI RMCPFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.0623LMSIntel AMT / IPMI RMCPFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.05040svchostUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::5357SystemWSDAPIFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.15939TeamViewer_ServiceUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.17311hcpclientcoreUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::7680svchostWindows Delivery OptimizationFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.18884SystemUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
10.X.X.REDACTED10001agentid-serviceUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.110001agentid-serviceUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::16992LMSIntel AMT / LMSFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.016992LMSIntel AMT / LMSFallbackInfoCommon local listening service. Confirm it is expected and firewall-scoped.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.128385SystemUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.128390SystemUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::142050OneDrive.Sync.ServiceUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.149350esrv_svcUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
127.0.0.149351esrvUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49667lsassUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049667lsassUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49668wininitUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049668wininitUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49669svchostUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049669svchostUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49670svchostUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049670svchostUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49672spoolsvUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049672spoolsvUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::149673jhi_serviceUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
::49723servicesUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.
0.0.0.049723servicesUnknown / customFallbackInfoNo curated helper metadata was available for this port. Confirm the owning process and whether it should listen.Confirm the service is expected, patched, and restricted by host firewall or network policy.

Shares

NamePathDescriptionTypeSpecial
ADMIN$C:\WINDOWSRemote AdminFileSystemDirectoryTrue
C$C:\Default shareFileSystemDirectoryTrue
IPC$Remote IPCInterprocessCommunicationTrue

Shared Printers

NameShareDriverPort

Local Administrators

NameClassSource
CORP\\user.redactedUserAzureAD
DESKTOP-REDACTED\AdministratorUserLocal
S-1-12-1-REDACTEDOtherAzureAD
S-1-12-1-REDACTEDOtherAzureAD

Local Users

NameEnabledPassword RequiredPassword Last SetLast Logon
AdministratorFalseTrue07/21/2021 03:58:2201/22/2022 15:53:26
DefaultAccountFalseFalse
CorpGuest.REDACTEDFalseFalse
JuffeTrueTrue05/31/2022 09:51:24
WDAGUtilityAccountFalseTrue07/21/2021 00:13:53

Recent Windows Updates

HotFixDescriptionInstalledBy
KB5092762Security Update05/18/2026 00:00:00NT AUTHORITY\SYSTEM
KB5089466Security Update05/18/2026 00:00:00NT AUTHORITY\SYSTEM
KB5087051Update05/18/2026 00:00:00NT AUTHORITY\SYSTEM
KB5083769Security Update04/20/2026 00:00:00NT AUTHORITY\SYSTEM
KB5054156Update02/27/2026 00:00:00NT AUTHORITY\SYSTEM

BitLocker

MountVolumeProtectionMethod
Not checkedAdmin requiredUnknownRun elevated to query BitLocker

PowerShell Policy / Logging

VersionExecution PolicyTranscriptionModule LoggingScriptBlock Logging
5.1.26100.8115Undefined1

Endpoint Hardening and Local Risk

Check level:Advanced / Hardening checks were selected for this run.
Hardening explanation:These checks look for local posture issues that a network scan may not see: lock/screen policy, security baseline, remote management, certificates, Wi-Fi profiles, credential exposure, ghost devices, writable services, PATH risk and device-control policy.

Lock Screen / Screensaver Policy

Plain English:The device should automatically lock after a reasonable idle period and require a password or Windows Hello on resume. Missing policy does not always mean unsafe, but it means the lock behavior may be user-controlled.
Screensaver activePassword on resumeScreensaver timeoutInactivity timeoutDisplay AC timeoutSleep AC timeoutRiskNote
19009000MediumScreensaver is enabled but password on resume is not required.

Windows Security Baseline Signals

Plain English:These settings indicate whether Windows is hardened against common credential-theft and legacy-authentication risks. Some values may be managed by Intune, GPO or security baselines.
LSASS PPLWDigest plaintext cacheLM compatibilityRestrict anonymousCached logonsVBSCredential GuardNote
2051011Security baseline indicators captured from local registry.

Remote Management Exposure

NameDisplay nameStatusStart typeRiskNote
WinRMWindows Remote Management (WS-Management)StoppedManualInfoRemote management related service.
RemoteRegistryRemote RegistryStoppedDisabledInfoRemote management related service.
TermServiceRemote Desktop ServicesStoppedManualInfoRemote management related service.
RemoteAccessRouting and Remote AccessStoppedDisabledInfoRemote management related service.

Audit Logging Posture

CategorySettingSourceRiskNote
Process command line loggingRegistryInfoLogging policy indicator.
PowerShell ScriptBlock Logging1RegistryOKLogging policy indicator.
PowerShell TranscriptionRegistryInfoLogging policy indicator.

Time / NTP Health

Service statusStart typeSourceTime zoneRiskNote
RunningAutomaticThe following error occurred: Access is denied. (0x80070005)(UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, ViennaInfoTime synchronization indicators captured.

Recent Application/System Errors

Plain English:This shows the five newest Error events from the Application log and the five newest Error events from the System log. Single errors are not automatically security findings, but repeated driver, service, update, authentication or security-control errors are worth reviewing.
LogTimeProviderIDLevelMessageRiskNote
Application06/11/2026 17:28:26VSS13ErrorVolume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied. ]InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
Application06/11/2026 17:19:40HCP Port Monitor0ErrorInfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
Application06/11/2026 16:19:40HCP Port Monitor0ErrorInfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
Application06/11/2026 16:00:01C:\ProgramData\Azure\AzCopy\azcopy.exe0ErrorInfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
Application06/11/2026 15:52:55VSS13ErrorVolume Shadow Copy Service information: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started. [0x80070005, Access is denied. ]InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
System06/11/2026 11:41:44Microsoft-Windows-HAL21ErrorThe hardware real-time clock was not set because evaluation of the ACPI Time and Alarm Device method failed. Status: 0xC00000BB.InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
System06/11/2026 11:41:44Microsoft-Windows-HAL20ErrorThe hardware real-time clock was not queried because evaluation of the ACPI Time and Alarm Device method failed. Status: 0xC00000BB.InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
System06/11/2026 11:07:43Service Control Manager7009ErrorA timeout was reached (30000 milliseconds) while waiting for the Intel(R) SUR QC Software Asset Manager service to connect.InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
System06/11/2026 09:21:14Microsoft-Windows-Security-Kerberos11ErrorThe Distinguished Name in the subject field of your smart card logon certificate does not contain enough information to identify the appropriate domain on an non-domain joined computer. Contact your system administrator.InfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.
System06/11/2026 09:17:03Microsoft-Windows-NDIS10317ErrorMiniport Microsoft Wi-Fi Direct Virtual Adapter #2, {be6e2561-4c3e-4eb3-96c9-93e81cbe9447}, had event Fatal error: The miniport has failed a power transition to operational powerInfoOne of the five newest Error events in this log. Review repeated or security-relevant errors.

Credential Exposure Indicators

Plain English:This does not dump passwords. It only checks for signs that credentials, tokens or risky saved targets may exist and should be reviewed.
SourceTargetTypeUserRiskNote
Credential ManagerMicrosoftAccount:target=SSO_POP_User:user=user@corp-redacted.comGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerMicrosoftAccount:target=SSO_POP_DeviceGeneric02piqpsfhbqqcqszInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=WindowsLive:(token):name=user@corp-redacted.com;serviceuri=http://passport.net/purposeGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=Microsoft_OneDrive_Cookies_v2_Business1_https://corp-redacted-my.sharepoint.com/GenericInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=Olk/PushNotificationsBackupKeyGenericOlk/PushNotificationsBackupKeyInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=Microsoft_OneDrive_Cookies_v2_Business1_https://corp-redacted.sharepoint.com/GenericInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=autodiscover.corp-redacted.seDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerDomain:name=user@corp-redacted.comDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=TERMSRV/SRV-REDACTED.CORP.REDACTED.COMDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=ScantideAuditor.ServiceNowGenericcmdb.apiInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=OneDrive Cached Credential Business - Business1Generic91a08a3e-ea1f-4406-a7f3-a2782cfd5a70InfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=MS.Outlook.15:user@corp-redacted.com:PUTGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=MicrosoftAccount:user=user@corp-redacted.comGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=defrsrv294.corp.corp-redacted.comDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=ScantideAuditor.ServiceNow.InstanceGenericinstanceInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=ScantideAuditor.ApiGenerichelpdesk@corp-redacted.seInfoSaved credential target present; secret value not read.
Credential ManagerWindowsLive:target=virtualapp/didlogicalGeneric02piqpsfhbqqcqszInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=Olk/PushNotificationsKeyGenericOlk/PushNotificationsKeyInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=TERMSRV/RDWEB.CORP-REDACTED.SEDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=TERMSRV/europa.corp-redacted.comGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=crushftp.corp-redacted.seGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=TERMSRV/*.corp-redacted.seGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=teamsIv/teamsGenericteamsInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=*.CORP.CORP-REDACTED.COMDomain PasswordCORP.CORP-REDACTED.COM\admuser.redactedInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=autodiscover.redcloud-redacted.seDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=rdweb.corp-redacted.seGenericuser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=teamsKey/teamsGenericteamsInfoSaved credential target present; secret value not read.
Credential ManagerLegacyGeneric:target=MicrosoftOffice16_Data:SSPI:user@corp-redacted.comGenericInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=mail.corp-redacted.seDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.
Credential ManagerDomain:target=EXCHANGE.corp-redacted.seDomain Passworduser@corp-redacted.comInfoSaved credential target present; secret value not read.

Browser Security Posture

BrowserPolicy pathPassword managerSafe browsingSmartScreenDeveloper toolsRiskNote
EdgeHKLM:\SOFTWARE\Policies\Microsoft\Edge11InfoBrowser policy indicators captured when present.
ChromeHKLM:\SOFTWARE\Policies\Google\ChromeInfoBrowser policy indicators captured when present.
FirefoxHKLM:\SOFTWARE\Policies\Mozilla\FirefoxInfoBrowser policy indicators captured when present.

Recovery / Backup Posture

AreaStatusEvidenceRiskNote
Windows Recovery EnvironmentUnknownThis command can only be executed from an elevated command prompt.; InfoRecovery environment status.
System RestoreNo restore points returnedInfoSystem restore point indicator.
VSS ShadowsPresentvssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool; (C) Copyright 2001-2013 Microsoft Corp.; ; Error: You don't have the correct permissions to run this command. Please run this utility from a command; window that has elevated administrator privileges.; InfoVSS snapshot indicator.

Device Control Posture

Plain English:This checks policy indicators for removable media, AutoRun/AutoPlay and device installation restrictions. It does not prove all USB use is safe or unsafe by itself.
AreaSettingValueRiskNote
USB storageUSBSTOR Start3Info3 normally means enabled; 4 disabled.
Removable storageDeny_AllInfoPolicy indicator for removable storage deny all.
AutoRun / AutoPlayNoDriveTypeAutoRun255InfoAutorun policy indicator.
Device install restrictionsDenyUnspecifiedInfoDevice installation restriction policy indicator.

Update Policy / Management

PolicyValueSourceRiskNote
WUServerHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
WUStatusServerHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
TargetReleaseVersionHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
TargetReleaseVersionInfoHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
ProductVersionHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
DeferFeatureUpdatesPeriodInDaysHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
DeferQualityUpdatesPeriodInDaysHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdateInfoWindows Update policy indicator.
UseWUServerHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUInfoWindows Update AU policy indicator.
NoAutoUpdateHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUInfoWindows Update AU policy indicator.
AUOptionsHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUInfoWindows Update AU policy indicator.
AlwaysAutoRebootAtScheduledTimeHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUInfoWindows Update AU policy indicator.
NoAutoRebootWithLoggedOnUsersHKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUInfoWindows Update AU policy indicator.
MDM/Intune enrollment indicators; ; ; ; ; ; ; ; ; HKLM:\SOFTWARE\Microsoft\EnrollmentsInfoEnrollment indicators found.

Non-present / Ghost Devices

Plain English:Ghost devices are devices Windows remembers but does not currently see. They are often harmless after docking stations, VPNs, USB adapters or old hardware, but stale network, storage, security or remote-access devices can be useful review items.
ClassFriendly nameInstance IDStatusPresentRiskNote
HIDClassUSB Input DeviceUSB\VID_0B0E&PID_0311\50C2ED067EBEUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassHID-compliant consumer control deviceHID\VID_0B0E&PID_030B&MI_03&COL03\8&35AECF77&0&0002UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceMIDI 2.0 Service TestsSWD\MIDISRV\MIDIU_DIAG_TRANSPORTUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
MousePS/2 Compatible MouseACPI\DLL0A5B\4&77AFA20&0UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
AudioEndpointSpeakers (Jabra Evolve 65)SWD\MMDEVAPI\{0.0.0.00000000}.{D9EA0B81-ABB1-4919-929A-D798006EC989}UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
MEDIAJabra Evolve 65USB\VID_0B0E&PID_030B&MI_00\7&30FD822B&0&0000UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
USBUSB Composite DeviceUSB\VID_0B0E&PID_030B\50C2ED067EBEUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceService Test Loopback ASWD\MIDISRV\MIDIU_DIAG_LOOPBACK_AUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceService Test Loopback BSWD\MIDISRV\MIDIU_DIAG_LOOPBACK_BUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
VolumeSnapshotGeneric volume shadow copySTORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
VolumeSnapshotGeneric volume shadow copySTORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
VolumeSnapshotGeneric volume shadow copySTORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
VolumeSnapshotGeneric volume shadow copySTORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceService Test Ping (Internal)SWD\MIDISRV\MIDIU_DIAG_PINGUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SystemACPI Power ButtonACPI\PNP0C0C\2&DABA3FF&1UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
AudioEndpointMicrophone (Jabra Evolve 65)SWD\MMDEVAPI\{0.0.1.00000000}.{8B266551-A131-4C9A-8C6A-C0DA41E02C39}UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassHID-compliant headsetHID\VID_0B0E&PID_030B&MI_03&COL01\8&35AECF77&0&0000UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceMIDI 2.0 Virtual DevicesSWD\MIDISRV\MIDIU_APP_TRANSPORTUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
SoftwareDeviceMIDI 2.0 Loop DevicesSWD\MIDISRV\MIDIU_LOOP_TRANSPORTUnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassHID-compliant vendor-defined deviceHID\VID_0B0E&PID_030B&MI_03&COL02\8&35AECF77&0&0001UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassUSB Input DeviceUSB\VID_0B0E&PID_030B&MI_03\7&30FD822B&0&0003UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
USBDeviceHub Feature ControllerUSB\VID_0424&PID_2840\6&28CFAB54&0&6UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassHID-compliant vendor-defined deviceHID\VID_0B0E&PID_0311&COL02\7&F8EBAF7&0&0001UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.
HIDClassHID-compliant consumer control deviceHID\VID_0B0E&PID_0311&COL01\7&F8EBAF7&0&0000UnknownFalseInfoNon-present PnP device. Usually normal after hardware/dock/USB changes; review stale network/storage/security devices.

Secure Boot / TPM

Secure BootTPM presentTPM readyTPM enabledTPM activated
Unavailable or legacy BIOS

Risky Inbound Firewall Rules

NameProfileProgramPortsRemote addressReasonSource
Core Networking - Teredo (ICMPv6-In)Domain,Private,PublicSystem*public/any profile; broad remote addressFirewall COM
Teamviewer Remote Control ServicePrivateC:\Program Files\TeamViewer\TeamViewer_Service.exe**broad remote addressFirewall COM
Teamviewer Remote Control ServicePrivateC:\Program Files\TeamViewer\TeamViewer_Service.exe**broad remote addressFirewall COM
Teamviewer Remote Control ApplicationPrivateC:\Program Files\TeamViewer\TeamViewer.exe**broad remote addressFirewall COM
Teamviewer Remote Control ApplicationPrivateC:\Program Files\TeamViewer\TeamViewer.exe**broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\149.0.4022.62\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe5353*public/any profile; broad remote addressFirewall COM
Microsoft 365 CopilotDomain,Private,Public*public/any profile; broad remote addressFirewall COM
Windows AppDomain,Private,PublicC:\Program Files\WindowsApps\MicrosoftCorporationII.Windows365_2.0.1193.0_x64__8wekyb3d8bbwe\msrdc\msrdc.exe**public/any profile; broad remote addressFirewall COM
Windows AppDomain,Private,PublicC:\Program Files\WindowsApps\MicrosoftCorporationII.Windows365_2.0.1193.0_x64__8wekyb3d8bbwe\msrdc\msrdc.exe**public/any profile; broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\149.0.4022.52\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Google Chrome (mDNS-In)Domain,Private,PublicC:\Program Files\Google\Chrome\Application\chrome.exe5353*public/any profile; broad remote addressFirewall COM
@{Microsoft.StorePurchaseApp_22604.1401.3.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.StorePurchaseApp/Resources/DisplayTitle}Domain,Private*broad remote addressFirewall COM
@{Microsoft.ZuneMusic_11.2604.10.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneMusic/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.96\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Microsoft StoreDomain,Private,Public*public/any profile; broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.83\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Microsoft TeamsDomain,Private,Public*public/any profile; broad remote addressFirewall COM
@{Microsoft.ZuneVideo_10.26041.10031.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME}Domain,Private*broad remote addressFirewall COM
Microsoft TeamsDomain,Private,PublicC:\Program Files\WindowsApps\MSTeams_26106.1911.4707.3286_x64__8wekyb3d8bbwe\ms-teams.exe**public/any profile; broad remote addressFirewall COM
Microsoft TeamsDomain,Private,PublicC:\Program Files\WindowsApps\MSTeams_26106.1911.4707.3286_x64__8wekyb3d8bbwe\ms-teams.exe**public/any profile; broad remote addressFirewall COM
Game BarDomain,Private,Public*public/any profile; broad remote addressFirewall COM
Airhost service for Zoom Video MeetingsDomain,Private,PublicC:\Program Files\Zoom\bin\airhost.exe5353,7200-17210,8889*public/any profile; broad remote addressFirewall COM
Airhost service for Zoom Video MeetingsDomain,Private,PublicC:\Program Files\Zoom\bin\airhost.exe5000,7000,7100,50000,7200-17210,8888*public/any profile; broad remote addressFirewall COM
Hybrid Conference for Zoom Video MeetingsDomain,Private,PublicC:\Program Files\Zoom\bin\ZoomHybridConf.exe7200-17210*public/any profile; broad remote addressFirewall COM
Zoom Video MeetingDomain,Private,PublicC:\Program Files\Zoom\bin\Zoom.exe7200-17210*public/any profile; broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.70\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\148.0.3967.54\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
Solitaire & Casual GamesDomain,Private*broad remote addressFirewall COM
@{Microsoft.WindowsFeedbackHub_1.2603.26301.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
Microsoft Edge (mDNS-In)Domain,Private,PublicC:\Program Files (x86)\Microsoft\EdgeWebView\Application\147.0.3912.98\msedgewebview2.exe5353*public/any profile; broad remote addressFirewall COM
@{Microsoft.CompanyPortal_11.2.1787.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.CompanyPortal/AppConstants/ApplicationName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.WindowsAlarms_11.2512.0.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsAlarms/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.WindowsCamera_2025.2510.2.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/LensSDK/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.BingWeather_4.54.63040.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding}Domain,Private*broad remote addressFirewall COM
@{Microsoft.DesktopAppInstaller_1.28.240.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.DesktopAppInstaller/Resources/appDisplayName}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.OOBE_1000.26100.40.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.OOBE/resources/ProductPkgDisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{MicrosoftWindows.Client.Core_1000.26100.86.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.Core/Resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.CBS_1000.26100.297.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CBS/resources/ProductPkgDisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{Microsoft.Windows.ShellExperienceHost_10.0.26100.8115_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}Domain,Private*broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePrivateC:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe7000*broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePublicC:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe7000*public/any profile; broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePrivateC:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe7000*broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePublicC:\WINDOWS\SystemApps\MicrosoftWindows.Client.OOBE_cw5n1h2txyewy\OobeHostApp.exe7000*public/any profile; broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePrivateC:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe7000*broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePublicC:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe7000*public/any profile; broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePrivateC:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe7000*broad remote addressFirewall COM
ms-resource:ProductPkgDisplayNamePublicC:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\WindowsBackupClient.exe7000*public/any profile; broad remote addressFirewall COM
RICOH Print Support ApplicationDomain,Private*broad remote addressFirewall COM
@{Microsoft.SecHealthUI_1000.29554.1001.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.SecHealthUI/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Todos_2.175.6901.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Todos/Resources/app_name_ms_todo}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.Photon_1000.26100.10.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.Photon/Resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.StartMenuExperienceHost_10.0.26100.4768_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.StartMenuExperienceHost/StartMenuExperienceHost/PkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.CBS_1000.22700.1067.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CBS/resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.Core_1000.22700.1017.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.Core/resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftStickyNotes/Resources/StickyNotesStoreAppName}Domain,Private*broad remote addressFirewall COM
Microsoft Teams (personal)Domain,Private,PublicC:\Program Files\WindowsApps\MicrosoftTeams_24334.1105.3318.5002_x64__8wekyb3d8bbwe\msteams.exe**public/any profile; broad remote addressFirewall COM
Microsoft Teams (personal)Domain,Private,PublicC:\Program Files\WindowsApps\MicrosoftTeams_24334.1105.3318.5002_x64__8wekyb3d8bbwe\msteams.exe**public/any profile; broad remote addressFirewall COM
@{Microsoft.MicrosoftStickyNotes_6.1.4.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.MicrosoftStickyNotes/Resources/StickyNotesStoreAppName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.StartMenuExperienceHost_10.0.22621.4249_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.StartMenuExperienceHost/StartMenuExperienceHost/PkgDisplayName}Domain,Private*broad remote addressFirewall COM
Microsoft Teams SlimCoreVdiDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.Teams.SlimCoreVdi.win-x64.2024.30_2024.30.1.19_x64__8wekyb3d8bbwe\MsTeamsVdi.exe**public/any profile; broad remote addressFirewall COM
Microsoft Teams SlimCoreVdiDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.Teams.SlimCoreVdi.win-x64.2024.30_2024.30.1.19_x64__8wekyb3d8bbwe\MsTeamsVdi.exe**public/any profile; broad remote addressFirewall COM
@{MicrosoftWindows.Client.LKG_1000.22621.3880.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.LKG/resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
Digi RealPort Network ServicePublicC:\Windows\SysWOW64\dgrpencx.exe**public/any profile; broad remote addressFirewall COM
Digi RealPort Network ServicePublicC:\Windows\SysWOW64\dgrpencx.exe**public/any profile; broad remote addressFirewall COM
@{Microsoft.Windows.CloudExperienceHost_10.0.22621.2506_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}Domain,Private*broad remote addressFirewall COM
Firefox (C:\Program Files\Mozilla Firefox)PrivateC:\Program Files\Mozilla Firefox\firefox.exe**broad remote addressFirewall COM
Firefox (C:\Program Files\Mozilla Firefox)PrivateC:\Program Files\Mozilla Firefox\firefox.exe**broad remote addressFirewall COM
@{Microsoft.Win32WebViewHost_10.0.22621.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.Win32WebViewHost/resources/DisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
Quick Assist Firewall ExceptionDomain,Private,PublicC:\Program Files\Remote help\RHService.exe*public/any profile; broad remote addressFirewall COM
Quick Assist RDP Firewall ExceptionDomain,Private,PublicC:\Program Files\Remote help\RemoteHelpRDP.exe*public/any profile; broad remote addressFirewall COM
Remote help Firewall ExceptionDomain,Private,PublicC:\Program Files\Remote help\RemoteHelp.exe*public/any profile; broad remote addressFirewall COM
Microsoft Power BI Desktop (x64): Analysis Services ComponentDomain,Private,PublicC:\Program Files\Microsoft Power BI Desktop\bin\msmdsrv.exe*LocalSubnetpublic/any profileFirewall COM
Printix IPP Print, TCPDomain,Private,Public21339*public/any profile; broad remote addressFirewall COM
Printix UI Communication, TCPDomain,Private,Public21338*public/any profile; broad remote addressFirewall COM
Printix Redirector, TCPDomain,Private,Public21336*public/any profile; broad remote addressFirewall COM
Printix Jobforward, TCPDomain,Private,Public21335*public/any profile; broad remote addressFirewall COM
Printix PDP, UDPDomain,Private,Public21337*public/any profile; broad remote addressFirewall COM
@{Microsoft.Windows.CloudExperienceHost_10.0.19041.1265_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.StartMenuExperienceHost_10.0.19041.1023_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.StartMenuExperienceHost/StartMenuExperienceHost/PkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.AAD.BrokerPlugin_1000.19041.1023.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.Search_1.16.0.22000_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Search/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
teams.exePrivate,PublicC:\users\user.redacted\appdata\local\microsoft\teams\current\teams.exe**public/any profile; broad remote address; user-writable program pathFirewall COM
teams.exePrivate,PublicC:\users\user.redacted\appdata\local\microsoft\teams\current\teams.exe**public/any profile; broad remote address; user-writable program pathFirewall COM
@{Microsoft.Windows.CloudExperienceHost_10.0.22000.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}Domain,Private*broad remote addressFirewall COM
@{Microsoft.AAD.BrokerPlugin_1000.19580.1000.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
@{MicrosoftWindows.Client.CBS_1000.22000.675.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.Client.CBS/resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.StartMenuExperienceHost_10.0.22000.37_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.StartMenuExperienceHost/StartMenuExperienceHost/PkgDisplayName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.Windows.Search_1.16.0.22000_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Search/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
CortanaDomain,Private,Public*public/any profile; broad remote addressFirewall COM
Microsoft EdgeDomain,Private*broad remote addressFirewall COM
@{microsoft.windowscommunicationsapps_16005.14326.20970.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{Microsoft.Windows.Photos_2021.21120.8011.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.Windows.Photos/Resources/AppStoreName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
Microsoft StoreDomain,Private,Public*public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.89.3403.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.90.3407.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3404.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3406.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.93.3408.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
SkypeDomain,Private,PublicC:\Program Files\WindowsApps\Microsoft.SkypeApp_15.94.3422.0_x86__kzf8qxf38zg5c\Skype\Skype.exe**public/any profile; broad remote addressFirewall COM
@{Microsoft.Win32WebViewHost_10.0.26100.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.Win32WebViewHost/resources/DisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{Microsoft.Windows.CloudExperienceHost_10.0.26100.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}Domain,Private*broad remote addressFirewall COM
@{Microsoft.AAD.BrokerPlugin_1000.19580.1000.2_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}Domain,Private*broad remote addressFirewall COM
@{microsoft.windowscommunicationsapps_16005.14326.22342.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDesktop_DisplayName}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
@{MicrosoftWindows.LKG.DesktopSpotlight_1000.26100.3775.0_x64__cw5n1h2txyewy?ms-resource://MicrosoftWindows.LKG.DesktopSpotlight/Resources/ProductPkgDisplayName}Domain,Private*broad remote addressFirewall COM
PAN ADEM Inbound ICMPv4 Type 11 Firewall RuleDomain,Private,Public*public/any profile; broad remote addressFirewall COM
Dell SupportAssist for Home PCsDomain,Private*broad remote addressFirewall COM
SkypeDomain,Private*broad remote addressFirewall COM
@{Microsoft.RemoteDesktop_10.2.4012.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.RemoteDesktop/Resources/Appname}Domain,Private,Public*public/any profile; broad remote addressFirewall COM
Microsoft Office OutlookPrivateC:\Program Files\Microsoft Office\root\Office16\outlook.exe6004*broad remote addressFirewall COM
@{Microsoft.WindowsCamera_2025.2510.2.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsCamera/LensSDK/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
@{Microsoft.WindowsAlarms_11.2512.0.0_x64__8wekyb3d8bbwe?ms-resource://Microsoft.WindowsAlarms/Resources/AppStoreName}Domain,Private*broad remote addressFirewall COM
WFD ASP Coordination Protocol (UDP-In)Domain,Private,PublicC:\WINDOWS\system32\svchost.exe7235LocalSubnetpublic/any profileFirewall COM
WFD Driver-only (UDP-In)Domain,Private,PublicSystem**public/any profile; broad remote addressFirewall COM
WFD Driver-only (TCP-In)Domain,Private,PublicSystem**public/any profile; broad remote addressFirewall COM
Cast to Device streaming server (RTSP-Streaming-In)PublicC:\WINDOWS\system32\mdeserver.exe23554,23555,23556*public/any profile; broad remote addressFirewall COM
Cast to Device streaming server (HTTP-Streaming-In)PublicSystem10246*public/any profile; broad remote addressFirewall COM
Cast to Device streaming server (HTTP-Streaming-In)DomainSystem10246*broad remote addressFirewall COM
Cast to Device streaming server (RTCP-Streaming-In)PublicC:\WINDOWS\system32\mdeserver.exe**public/any profile; broad remote addressFirewall COM
Cast to Device UPnP Events (TCP-In)PublicSystem2869*public/any profile; broad remote addressFirewall COM
Cast to Device SSDP Discovery (UDP-In)PublicC:\WINDOWS\system32\svchost.exePly2Disc,*public/any profile; broad remote addressFirewall COM
Cast to Device functionality (qWave-TCP-In)Private,PublicC:\WINDOWS\system32\svchost.exe2177*public/any profile; broad remote addressFirewall COM
Cast to Device functionality (qWave-UDP-In)Private,PublicC:\WINDOWS\system32\svchost.exe2177*public/any profile; broad remote addressFirewall COM
Cast to Device streaming server (RTSP-Streaming-In)DomainC:\WINDOWS\system32\mdeserver.exe23554,23555,23556*broad remote addressFirewall COM
Cast to Device streaming server (RTCP-Streaming-In)DomainC:\WINDOWS\system32\mdeserver.exe**broad remote addressFirewall COM
mDNS (UDP-In)PublicC:\WINDOWS\system32\svchost.exe5353LocalSubnetpublic/any profileFirewall COM
mDNS (UDP-In)DomainC:\WINDOWS\system32\svchost.exe5353*broad remote addressFirewall COM
Core Networking - Time Exceeded (ICMPv6-In)Domain,Private,PublicSystem*public/any profile; broad remote addressFirewall COM
Core Networking - Multicast Listener Report (ICMPv6-In)Domain,Private,PublicSystemLocalSubnetpublic/any profileFirewall COM
Core Networking - Multicast Listener Query (ICMPv6-In)Domain,Private,PublicSystemLocalSubnetpublic/any profileFirewall COM
Core Networking - Multicast Listener Report v2 (ICMPv6-In)Domain,Private,PublicSystemLocalSubnetpublic/any profileFirewall COM

Wi-Fi Profiles

SSIDAuthenticationCipherSecurity keyRisk
HomeNetwork2-RedactedWPA2-PersonalCCMPPresentOK
SpectrumSetup-F2WPA2-PersonalCCMPPresentOK
PowhatanWiFiOpenNoneAbsentHigh
#MyBWI-FiUnknownOK
QualityguestOpenNoneAbsentHigh
B053-GuestWPA2-PersonalCCMPPresentOK
AndroidAPWPA2-PersonalCCMPPresentOK
genesisWPA2-EnterpriseCCMPAbsentOK
Hyatt_GuestOpenNoneAbsentHigh
IHG ONE REWARDS Free WI-FIOpenNoneAbsentHigh
CARE4UOpenNoneAbsentHigh
BSMH-GuestOpenNoneAbsentHigh
HomeNetwork-RedactedWPA2-PersonalCCMPPresentOK
CorpNet_FWWPA2-PersonalCCMPPresentOK

Local Certificates Expired / Expiring

StoreSubjectIssuerNot afterStatusThumbprint
Cert:\LocalMachine\RootOU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust NetworkOU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network12/31/1999 00:59:59Expired245C97DF7514E7CF2DF8BE72AE957B9E04741E85
Cert:\CurrentUser\RootOU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust NetworkOU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Time Stamping Service Root, OU=Microsoft Corporation, O=Microsoft Trust Network12/31/1999 00:59:59Expired245C97DF7514E7CF2DF8BE72AE957B9E04741E85
Cert:\CurrentUser\RootCN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=USCN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US01/01/2000 00:59:59Expired7F88CD7223F3C813818C994614A89C99FA3B5247
Cert:\LocalMachine\RootCN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=USCN=Microsoft Authenticode(tm) Root Authority, O=MSFT, C=US01/01/2000 00:59:59Expired7F88CD7223F3C813818C994614A89C99FA3B5247
Cert:\CurrentUser\RootOU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust NetworkOU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network01/08/2004 00:59:59Expired18F7C1FCC3090203FD5BAA2F861A754976C8DD25
Cert:\LocalMachine\RootOU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust NetworkOU="NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.", OU=VeriSign Time Stamping Service Root, OU="VeriSign, Inc.", O=VeriSign Trust Network01/08/2004 00:59:59Expired18F7C1FCC3090203FD5BAA2F861A754976C8DD25
Cert:\LocalMachine\RootCN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=USCN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US07/09/2019 20:40:36ExpiredE12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Cert:\CurrentUser\RootCN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=USCN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US07/09/2019 20:40:36ExpiredE12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
Cert:\LocalMachine\RootCN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SECN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE05/30/2020 12:48:38Expired02FAF3E291435468607857694DF5E45B68851868
Cert:\CurrentUser\RootCN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SECN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE05/30/2020 12:48:38Expired02FAF3E291435468607857694DF5E45B68851868
Cert:\LocalMachine\RootCN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.12/31/2020 08:00:00ExpiredA43489159A520F0D93D032CCAF37E7FE20A8B419
Cert:\CurrentUser\RootCN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.CN=Microsoft Root Authority, OU=Microsoft Corporation, OU=Copyright (c) 1997 Microsoft Corp.12/31/2020 08:00:00ExpiredA43489159A520F0D93D032CCAF37E7FE20A8B419
Cert:\CurrentUser\RootCN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZACN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA01/01/2021 00:59:59ExpiredBE36A4562FB2EE05DBB3D32323ADF445084ED656
Cert:\LocalMachine\RootCN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZACN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, S=Western Cape, C=ZA01/01/2021 00:59:59ExpiredBE36A4562FB2EE05DBB3D32323ADF445084ED656
Cert:\CurrentUser\RootCN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BMCN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM03/17/2021 19:33:33ExpiredDE3F40BD5093D39B6C60F6DABC076201008976C9
Cert:\LocalMachine\RootCN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BMCN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM03/17/2021 19:33:33ExpiredDE3F40BD5093D39B6C60F6DABC076201008976C9
Cert:\LocalMachine\RootCN=Microsoft Root Certificate Authority, DC=microsoft, DC=comCN=Microsoft Root Certificate Authority, DC=microsoft, DC=com05/10/2021 01:28:13ExpiredCDD4EEAE6000AC7F40C3802C171E30148030C072
Cert:\CurrentUser\RootCN=Microsoft Root Certificate Authority, DC=microsoft, DC=comCN=Microsoft Root Certificate Authority, DC=microsoft, DC=com05/10/2021 01:28:13ExpiredCDD4EEAE6000AC7F40C3802C171E30148030C072
Cert:\LocalMachine\RootCN=DST Root CA X3, O=Digital Signature Trust Co.CN=DST Root CA X3, O=Digital Signature Trust Co.09/30/2021 16:01:15ExpiredDAC9024F54D8F6DF94935FB1732638CA6AD77C13
Cert:\CurrentUser\RootCN=DST Root CA X3, O=Digital Signature Trust Co.CN=DST Root CA X3, O=Digital Signature Trust Co.09/30/2021 16:01:15ExpiredDAC9024F54D8F6DF94935FB1732638CA6AD77C13
Cert:\CurrentUser\MyCN=user@corp-redacted.com, CN=S-1-12-1-REDACTED, DC=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxCN=MS-Organization-P2P-Access [2021]03/17/2022 14:14:24Expired7D62CBE5C81546A608C997AA341A25DE3FB7D9C2
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20Expired7E78E721F45E7D828EEDDC007AFB0C72C443C779
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20Expired72BB500E2613AE652D81001A58CED0759F963505
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20ExpiredAF3ACBA1394F65C0C807FAE7F5D3BD77C426F2C6
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20Expired83292A32FE8B318A3411EB6DEEDDD79BE3799F6B
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20Expired467C625F25D9C220EA260EDEF6A042DFAB3326E7
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com05/09/2022 13:21:20Expired6142EC0B80640231846657DEEB580BCFEDC94330
Cert:\CurrentUser\MyCN=*.corp-redacted.seCN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US10/07/2022 17:32:21Expired4B00EC9033645BAC0D9334FF17DB01B1AAE8F0F9
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com02/10/2023 10:16:17Expired45BC39A3248126F048A9C9EB04747103EA47DFD4
Cert:\CurrentUser\MyCN=*.bing.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:19ExpiredE174F6733A9B34F9B5753902D72E865CC3C517B7
Cert:\CurrentUser\MyCN=*.edge.skype.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:55Expired9BA485B2DCF05B7B3B1051230E70611E8ACF2933
Cert:\CurrentUser\MyCN=*.activity.windows.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:55Expired2D30C1753C0AC1D29943E2BDCFB0A488067F1EBE
Cert:\CurrentUser\MyCN=*.pipe.aria.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:56ExpiredC0F39C88C90DDCD21FDCF472DA781C9A33870D13
Cert:\CurrentUser\MyCN=*.sharepoint.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:56Expired079CB14167F023BE0CE152E649694C31293E6241
Cert:\CurrentUser\MyCN=*.cdn.office.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:57Expired3BE3AF1EEE08F12E182319CCED767E514BD9615B
Cert:\CurrentUser\MyCN=www.clarity.ms, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:58ExpiredC2F3467B9E86F12D7C392E19CF9F53C06405E313
Cert:\CurrentUser\MyCN=*.google.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:58Expired7195330EF2B834669F863AA98D0DF3B9455D579C
Cert:\CurrentUser\MyCN=westeurope1-sphomep.svc.ms, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:59ExpiredC042D35A29CD9DDA92E5E35838990BDD1B306678
Cert:\CurrentUser\MyCN=*.microsoftonline.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:52:59Expired4CE49E867512F4081E3EBE860FCB9922540D929F
Cert:\CurrentUser\MyCN=*.msn.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:00Expired3F52836BF101664BC736DE1986C4BC8FEF042DAB
Cert:\CurrentUser\MyCN=*.corp-redacted.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:00Expired9EB50E8FCD3E512BE1DDD019963C73D8E4BFA2E5
Cert:\CurrentUser\MyCN=*.smartscreen.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:01Expired822F86BE815626205A255B789418C12E03F2EFD0
Cert:\CurrentUser\MyCN=*.googletagmanager.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:02Expired7C081D950641E319BD41601168FD43B91DF92F8D
Cert:\CurrentUser\MyCN=*.delve.office.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:02Expired88F82449CC292C603145235C6F783A5AC0FAD416
Cert:\CurrentUser\MyCN=*.nel.measure.office.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:03ExpiredDAC9BF2F94909C9EBFB35355C98A9B016D0D6ECC
Cert:\CurrentUser\MyCN=*.office.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:03ExpiredB153538D1495EE4271E3C9A12F2B928B12430CD4
Cert:\CurrentUser\MyCN=k.clarity.ms, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:04Expired97C1B3BE76722B97E88728B64A1CED3E57D8F83E
Cert:\CurrentUser\MyCN=*.presence.teams.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:23ExpiredE90B16BB2E01DB839875B61674D11A04448831CD
Cert:\CurrentUser\MyCN=*.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:26ExpiredC73DB440BE35408455152A0D83E6209EADE2FF6A
Cert:\CurrentUser\MyCN=*.ng.msg.teams.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:32ExpiredAAE03A1BBB8BFEC9198E1F66DCCE03F4D0541B2E
Cert:\CurrentUser\MyCN=*.akamaized.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:35Expired6DD7EB937F0412B398A3B19821A186FE2CEE8FCF
Cert:\CurrentUser\MyCN=*.scorecardresearch.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:35Expired11BDE9809278E29C65B8430B9A7A4E814FE0F569
Cert:\CurrentUser\MyCN=*.events.data.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:53:52ExpiredC19E673CB17EE3F4CD668A9C3FABACE6E57EA2CD
Cert:\CurrentUser\MyCN=*.nelreports.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 10:54:01Expired309C14C50029C72CE8F3BF173E9439F2F2EB5F2C
Cert:\CurrentUser\MyCN=*.cloudsink.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 11:11:54ExpiredC26A0873A5E9864AB28B8FE6817EC3CFC8E06706
Cert:\CurrentUser\MyCN=*.blob.core.windows.net, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 15:17:58Expired980F186C882C2D12AC681376FC69057209D5DC5C
Cert:\CurrentUser\MyCN=*.data.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 15:18:41ExpiredB339E362E3A3AEE9E5FF46916A7A47C7F95C7AF6
Cert:\CurrentUser\MyCN=*.notifications.teams.microsoft.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 15:18:41Expired6209253C704F00DE8702807EC05AF6C25CFF0148
Cert:\CurrentUser\MyCN=a.clarity.ms, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 15:19:11Expired19E9C349290EA7E049E6832A14051425D7CF3919
Cert:\CurrentUser\MyCN=*.googleapis.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com02/21/2023 15:20:23Expired63B92B53B64F54B59DBDD52F0161BB454DE1F752
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com03/28/2023 08:13:22Expired21F2FAD6689D979F67B67E6469C6424FC58062EC
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com04/25/2023 09:11:16Expired8865870AF74BC0578A709B68DCC3B7658C50D9DA
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com06/14/2023 10:44:43ExpiredE4A1444534C38A6CF25D8D5DE309FF849EF59848
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com07/07/2023 13:21:58Expired92082D10F91D7203261EC048BFC384AB84BA232B
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com08/26/2023 21:21:44Expired6C0489AA7311CEFA6B62458E353F1AE2307F6F07
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com09/19/2023 09:18:21Expired3C644767E519B72C848F553A5774573B318DB37D
Cert:\CurrentUser\RootOU=Security Communication RootCA1, O=SECOM Trust.net, C=JPOU=Security Communication RootCA1, O=SECOM Trust.net, C=JP09/30/2023 06:20:49Expired36B12B49F9819ED74C9EBC380FC6568F5DACB2F7
Cert:\LocalMachine\RootOU=Security Communication RootCA1, O=SECOM Trust.net, C=JPOU=Security Communication RootCA1, O=SECOM Trust.net, C=JP09/30/2023 06:20:49Expired36B12B49F9819ED74C9EBC380FC6568F5DACB2F7
Cert:\CurrentUser\MyCN=uatsuppliercomplianceportal.corp-redacted.comCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB10/30/2023 00:59:59ExpiredB7413D98DCD9EC5D68847E90E70B9AA4FCC796D0
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com11/08/2023 09:09:05ExpiredD5C6FA2AD251CF3F3845B3AA3C015EE6E1EF404A
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com01/02/2024 12:24:18Expired0804ABAA94757B6AAB371A6EC08DDC419DC21AE3
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com01/17/2024 09:07:48Expired0AA3F4EBE4472723D90F47FC01613F7B98E3F7D6
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com03/15/2024 12:49:48Expired5D60FCA6BE2A343AD60257092531741ECAE93785
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com03/30/2024 09:36:45Expired1D28BC2810569A89533885CECD681CCB49C39B0E
Cert:\CurrentUser\RootCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com05/21/2024 11:51:32Expired1E633DEC18D7E84DB59527912EDB685B3B1B034D
Cert:\CurrentUser\RootCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com05/21/2024 11:51:32Expired1E633DEC18D7E84DB59527912EDB685B3B1B034D
Cert:\LocalMachine\RootCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com05/21/2024 11:51:32Expired1E633DEC18D7E84DB59527912EDB685B3B1B034D
Cert:\CurrentUser\MyCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.comCN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com05/21/2024 11:51:32Expired1E633DEC18D7E84DB59527912EDB685B3B1B034D
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com05/28/2024 09:25:27Expired9F9BEF12662519CC5175815344FAD3B976942756
Cert:\CurrentUser\MyCN=user@corp-redacted.com, CN=S-1-12-1-REDACTED, DC=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxCN=MS-Organization-P2P-Access [2023]05/30/2024 10:01:09Expired8045A761EF24EAE2DE3D21777990C540BC5BC39C
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com06/12/2024 09:12:56Expired831E88E200BFDA42AD4FB14D1AFD4F956848BE4E
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com08/09/2024 13:56:59ExpiredB1CA3D90043816D0AFC7EF170F0227E039986237
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com08/24/2024 10:43:19ExpiredE89308EEED6EF783BEF00DAE1D9CA7DD6DC20B3E
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com11/19/2024 09:41:08Expired3FC2B659C645A31C520FD8E642D86EE8A4BA4834
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com11/19/2024 09:41:09Expired56031FAF712AFE60DCB0BB13E134F15F9DDFAEAB
Cert:\CurrentUser\MyCN=14a3253f-e7d9-4066-843c-8483653a8341CN=14a3253f-e7d9-4066-843c-8483653a834103/25/2025 09:27:59ExpiredD14C2683E81C24F03476E94F8A39CE19CE326C95
Cert:\LocalMachine\RootCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IECN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE05/13/2025 01:59:00ExpiredD4DE20D05E66FC53FE1A50882C78DB2852CAE474
Cert:\CurrentUser\RootCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IECN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE05/13/2025 01:59:00ExpiredD4DE20D05E66FC53FE1A50882C78DB2852CAE474
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com07/04/2025 09:13:54Expired611CECF33943EDB86B2DF41137EC105CB77DBD89
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com07/04/2025 09:13:57Expired90180B6E125B3EB17B9C61C36427749E89747189
Cert:\LocalMachine\MyCN=azeu-gp-internal.corp.corp-redacted.comCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB07/15/2025 01:59:59Expired68E1E46A8A810CC82F5F0DE5F77CAE4F4F7C7734
Cert:\LocalMachine\MyCN=azeu2-gp-internal.corp.corp-redacted.comCN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB07/15/2025 01:59:59Expired67BCD438A033F26260F82350853725CEA77E956F
Cert:\LocalMachine\MyCN=prisma.corp-redacted.comCN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB08/17/2025 01:59:59Expired8382D2680683306DB2786EEA458EED0D680688AA
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredBA3DA1DD2A3EAFDE9E47DD8BCE57B8149CF292A9
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredF7B1AE4DB953F20DDDFD10EFE428D846B44F883D
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredEEFBA4A284ED53CD6660E580745CE8CB8335E005
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredEE36A9F7EBCFD927B3BA6700E0387DAB5B40BE44
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredE6A6224E834CFF4A39F2ABDF7C222F3E3E7CFD11
Cert:\LocalMachine\MyCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=comCN=Corp-Redacted.com Root CA G210/15/2025 11:52:24ExpiredCFF8DFB87E8BA3F93E6DB17923453BDAA2FED750
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24Expired84FC898510F3C8B42AF383738FEE2655993EB0F9
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24Expired9512F1A68866722332C461149695B47140751CD2
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27aeCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24Expired76168FB3CDB851B5ADB5FDE9345DDFBACE0993B5
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24ExpiredEB61154C226D523272B82FA57655CC506306D181
Cert:\LocalMachine\MyCN=Corp-Client-Cert, O=Corp-Redacted International AB, L=REDACTED, S=REDACTED, C=SECN=Corp-Redacted.com Issuing CA 01 G2, DC=corp, DC=corp-redacted, DC=com10/15/2025 11:52:24Expired81838B31571EEB1F8D5DA3CAE5C7D0000D2C6D46
Cert:\CurrentUser\MyCN=user@corp-redacted.com, CN=S-1-12-1-REDACTED, DC=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxCN=MS-Organization-P2P-Access [2025]12/11/2025 10:57:36Expired5197A1ACBA53DF74E82AD38E0D1B0332493BD5EE
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com02/26/2026 09:22:19Expired12D17940AAD7DEE5F7CC590E5A95C263B2DB39BA
Cert:\CurrentUser\MyOID.1.3.6.1.4.1.25461.4.49.2=834782572, OID.1.3.6.1.4.1.25461.4.49.1=01790025991, C=US, S=CA, L=Santa Clara, O=Palo Alto Networks, CN=01790025991C=US, O=Palo-Alto-Networks-Inc., CN=USW-Client-Issuing-CA2-G503/21/2026 13:50:19Expired5A87B4C4FF8F718ED2B285490DBC01F08BE985C1
Cert:\LocalMachine\MyCN=120ae221-3914-4721-ad0a-5aa00a1b27ae, DC=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxCN=MS-Organization-P2P-Access [2025]06/12/2026 13:54:43Expiring <=30d4D5CDBADE2A166AEDB4C064E4B49DE5B5E81931B
Cert:\CurrentUser\MyCN=User.RedactedCN=Corp-Redacted.com Issuing CA 02, DC=corp, DC=corp-redacted, DC=com06/24/2026 17:18:10Expiring <=30d6C59287CB544D064CF8B3A514AA6E91741BE7856
Cert:\CurrentUser\RootCN=Microsoft Intune Root Certification AuthorityCN=Microsoft Intune Root Certification Authority08/12/2026 02:00:00Expiring <=90d9EA77BA6D30BB2AB2DECE2DFDC2470429DCC3677
Cert:\LocalMachine\RootCN=Microsoft Intune Root Certification AuthorityCN=Microsoft Intune Root Certification Authority08/12/2026 02:00:00Expiring <=90d9EA77BA6D30BB2AB2DECE2DFDC2470429DCC3677

Remote Access Indicators

SourceNameVersionEvidenceRisk
Installed softwareTeamViewer Host15.78.4TeamViewerReview

Developer / Admin Tools

ToolVersionPublisherWhy it matters
Npcap1.79Nmap ProjectUseful admin/developer tool; confirm expected and patched.
OpenSSL 3.4.1 Light (64-bit)3.4.1OpenSSL Win64 Installer TeamUseful admin/developer tool; confirm expected and patched.
PowerShell 7.4.7.0-x647.4.7.0Microsoft CorporationUseful admin/developer tool; confirm expected and patched.
PowerShell 7-x647.6.2.0Microsoft CorporationUseful admin/developer tool; confirm expected and patched.
PuTTY release 0.81 (64-bit)0.81.0.0Simon TathamUseful admin/developer tool; confirm expected and patched.
USBPcap 1.5.4.01.5.4.0Tomasz MonUseful admin/developer tool; confirm expected and patched.
Windows Subsystem for Linux2.4.12.0Microsoft CorporationUseful admin/developer tool; confirm expected and patched.
Windows Subsystem for Linux Update5.10.102.1Microsoft CorporationUseful admin/developer tool; confirm expected and patched.
Windows Subsystem for Linux WSLg Preview1.0.27Microsoft CorporationUseful admin/developer tool; confirm expected and patched.
Wireshark 4.6.6 x644.6.6The Wireshark developer community, https://www.wireshark.orgUseful admin/developer tool; confirm expected and patched.

Scheduled Tasks for Review

TaskPathStateActionRisk
OneDrive Per-Machine Standalone Update Task\ReadyC:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe Review
OneDrive Reporting Task-S-1-12-1-REDACTED\ReadyC:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reportingReview
OneDrive Startup Task-S-1-12-1-REDACTED\ReadyC:\Program Files\Microsoft OneDrive\26.088.0510.0004\OneDriveLauncher.exe /startInstancesReview
Cloud Managed Desktop Extension Health Evaluation\Microsoft\CMD\ReadyC:\Program Files\Microsoft Cloud Managed Desktop Extension\CMDExtension\ClientHealth\Microsoft.Management.Services.CloudManagedDesktop.Agent.ClientHealth.exe Review
Intune Management Extension Health Evaluation\Microsoft\Intune\ReadyC:\Program Files (x86)\Microsoft Intune Management Extension\ClientHealthEval.exe Review
Office Actions Server\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe availabilitycheckReview
Office Automatic Updates 2.0\Microsoft\Office\ReadyC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=FalseReview
Office Background Push Maintenance\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe /pushregistrationReview
Office ClickToRun Service Monitor\Microsoft\Office\ReadyC:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchServiceReview
Office Feature Updates\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe Review
Office Feature Updates Logon\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogonReview
Office Performance Monitor\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe Review
Office Serviceability Manager\Microsoft\Office\ReadyC:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe /checkinReview
Office Startup Maintenance\Microsoft\Office\ReadyC:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe wacheckReview
.NET Framework NGEN v4.0.30319\Microsoft\Windows\.NET Framework\Ready Review
.NET Framework NGEN v4.0.30319 64\Microsoft\Windows\.NET Framework\Ready Review
RecoverabilityToastTask\Microsoft\Windows\AccountHealth\Ready Review
AD RMS Rights Policy Template Management (Manual)\Microsoft\Windows\Active Directory Rights Management Services Client\Ready Review
MareBackup\Microsoft\Windows\Application Experience\Ready%windir%\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc | %windir%\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun | %windir%\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareDataReview
Microsoft Compatibility Appraiser Exp\Microsoft\Windows\Application Experience\Ready%windir%\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun expressReview
PcaPatchDbTask\Microsoft\Windows\Application Experience\Ready%windir%\system32\rundll32.exe %windir%\system32\PcaSvc.dll,PcaPatchSdbTaskReview
SdbinstMergeDbTask\Microsoft\Windows\Application Experience\Ready%windir%\system32\sdbinst.exe -mmReview
StartupAppTask\Microsoft\Windows\Application Experience\Ready%windir%\system32\rundll32.exe Startupscan.dll,SusRunTaskReview
appuriverifierdaily\Microsoft\Windows\ApplicationData\Ready%windir%\system32\AppHostRegistrationVerifier.exe Review
appuriverifierinstall\Microsoft\Windows\ApplicationData\Ready%windir%\system32\AppHostRegistrationVerifier.exe Review
CleanupTemporaryState\Microsoft\Windows\ApplicationData\Ready%windir%\system32\rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateHigh
DsSvcCleanup\Microsoft\Windows\ApplicationData\Ready%windir%\system32\dstokenclean.exe Review
Backup\Microsoft\Windows\AppListBackup\Ready Review
BackupNonMaintenance\Microsoft\Windows\AppListBackup\Ready Review
Proxy\Microsoft\Windows\Autochk\Ready%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperationsReview
BitLocker Encrypt All Drives\Microsoft\Windows\BitLocker\Ready Review
BitLocker MDM policy Refresh\Microsoft\Windows\BitLocker\Ready Review
UninstallDeviceTask\Microsoft\Windows\Bluetooth\ReadyBthUdTask.exe $(Arg0)Review
BgTaskRegistrationMaintenanceTask\Microsoft\Windows\BrokerInfrastructure\Ready Review
maintenancetasks\Microsoft\Windows\capabilityaccessmanager\Ready%windir%\system32\rundll32.exe %windir%\system32\CapabilityAccessManager.dll,CapabilityAccessManagerDoStoreMaintenanceReview
UserTask\Microsoft\Windows\CertificateServicesClient\Ready Review
UserTask-Roam\Microsoft\Windows\CertificateServicesClient\Ready Review
ProactiveScan\Microsoft\Windows\Chkdsk\Ready Review
SyspartRepair\Microsoft\Windows\Chkdsk\Ready%windir%\system32\bcdboot.exe %windir% /sysrepairReview
CreateObjectTask\Microsoft\Windows\CloudExperienceHost\Ready Review
Backup\Microsoft\Windows\CloudRestore\Ready Review
Restore\Microsoft\Windows\CloudRestore\Ready Review
UnifiedConsentSyncTask\Microsoft\Windows\ConsentUX\UnifiedConsent\Ready Review
CmCleanup\Microsoft\Windows\Containers\Ready Review
Consolidator\Microsoft\Windows\Customer Experience Improvement Program\Ready%SystemRoot%\System32\wsqmcons.exe Review
UsbCeip\Microsoft\Windows\Customer Experience Improvement Program\Ready Review
Data Integrity Check And Scan\Microsoft\Windows\Data Integrity Scan\Ready Review
Data Integrity Scan\Microsoft\Windows\Data Integrity Scan\Ready Review
Data Integrity Scan for Crash Recovery\Microsoft\Windows\Data Integrity Scan\Ready Review
ScheduledDefrag\Microsoft\Windows\Defrag\Ready%windir%\system32\defrag.exe -c -h -o -$Review
Device\Microsoft\Windows\Device Information\Ready%windir%\system32\devicecensus.exe SystemCxtReview
Device User\Microsoft\Windows\Device Information\Ready%windir%\system32\devicecensus.exe UserCxtReview
RecommendedTroubleshootingScanner\Microsoft\Windows\Diagnosis\Ready Review
Scheduled\Microsoft\Windows\Diagnosis\Ready Review
UnexpectedCodepath\Microsoft\Windows\Diagnosis\Ready%windir%\system32\UCConfigTask.exe Review
DirectXDatabaseUpdater\Microsoft\Windows\DirectX\Ready%windir%\system32\directxdatabaseupdater.exe Review
DXGIAdapterCache\Microsoft\Windows\DirectX\Ready%windir%\system32\dxgiadaptercache.exe Review
SilentCleanup\Microsoft\Windows\DiskCleanup\Ready%windir%\system32\cleanmgr.exe /autocleanstoragesense /d %systemdrive%Review
Diagnostics\Microsoft\Windows\DiskFootprint\Ready%windir%\system32\disksnapshot.exe -zReview
StorageSense\Microsoft\Windows\DiskFootprint\Ready Review
dusmtask\Microsoft\Windows\DUSM\Ready%SystemRoot%\System32\dusmtask.exe Review
EDP App Launch Task\Microsoft\Windows\EDP\Ready Review
EDP Auth Task\Microsoft\Windows\EDP\Ready Review
EDP Inaccessible Credentials Task\Microsoft\Windows\EDP\Ready Review
StorageCardEncryption Task\Microsoft\Windows\EDP\Ready Review
Login Schedule created by enrollment client\Microsoft\Windows\EnterpriseMgmt\88EECD34-0B9A-4941-87A5-318825AD21BA\Ready%windir%\system32\deviceenroller.exe /o "88EECD34-0B9A-4941-87A5-318825AD21BA" /c /lfReview
PushLaunch\Microsoft\Windows\EnterpriseMgmt\88EECD34-0B9A-4941-87A5-318825AD21BA\Ready%windir%\system32\deviceenroller.exe /o "88EECD34-0B9A-4941-87A5-318825AD21BA" /c /zReview
PushRenewal\Microsoft\Windows\EnterpriseMgmt\88EECD34-0B9A-4941-87A5-318825AD21BA\Ready%windir%\system32\deviceenroller.exe /o "88EECD34-0B9A-4941-87A5-318825AD21BA" /c /yReview
PushUpgrade\Microsoft\Windows\EnterpriseMgmt\88EECD34-0B9A-4941-87A5-318825AD21BA\Ready%windir%\system32\deviceenroller.exe /o "88EECD34-0B9A-4941-87A5-318825AD21BA" /c /PushUpgradeReview
Login Schedule created by enrollment client\Microsoft\Windows\EnterpriseMgmt\FC5071E4-D929-4FA6-945C-A699D2DB51B6\Ready%windir%\system32\deviceenroller.exe /o "FC5071E4-D929-4FA6-945C-A699D2DB51B6" /c /lfReview
PushLaunch\Microsoft\Windows\EnterpriseMgmt\FC5071E4-D929-4FA6-945C-A699D2DB51B6\Ready%windir%\system32\deviceenroller.exe /o "FC5071E4-D929-4FA6-945C-A699D2DB51B6" /c /zReview
PushRenewal\Microsoft\Windows\EnterpriseMgmt\FC5071E4-D929-4FA6-945C-A699D2DB51B6\Ready%windir%\system32\deviceenroller.exe /o "FC5071E4-D929-4FA6-945C-A699D2DB51B6" /c /yReview
PushUpgrade\Microsoft\Windows\EnterpriseMgmt\FC5071E4-D929-4FA6-945C-A699D2DB51B6\Ready%windir%\system32\deviceenroller.exe /o "FC5071E4-D929-4FA6-945C-A699D2DB51B6" /c /PushUpgradeReview
ExploitGuard MDM policy Refresh\Microsoft\Windows\ExploitGuard\Ready Review
DmClient\Microsoft\Windows\Feedback\Siuf\Ready%windir%\system32\dmclient.exe Review
DmClientOnScenarioDownload\Microsoft\Windows\Feedback\Siuf\Ready%windir%\system32\dmclient.exe utcwnfReview
File History (maintenance mode)\Microsoft\Windows\FileHistory\Ready Review
GovernedFeatureUsageProcessing\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
ReconcileConfigs\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
ReconcileFeatures\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
UsageDataFlushing\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
UsageDataReceiver\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
UsageDataReporting\Microsoft\Windows\Flighting\FeatureConfig\Ready Review
RefreshCache\Microsoft\Windows\Flighting\OneSettings\Ready Review
Monitoring\Microsoft\Windows\Hotpatch\Ready%systemroot%\system32\cmd.exe /d /c %systemroot%\system32\hpatchmonTask.cmdReview
InputSettingsRestoreDataAvailable\Microsoft\Windows\input\Ready Review
LocalUserSyncDataAvailable\Microsoft\Windows\input\Ready Review
MouseSyncDataAvailable\Microsoft\Windows\input\Ready Review
PenSyncDataAvailable\Microsoft\Windows\input\Ready Review
RemoteMouseSyncDataAvailable\Microsoft\Windows\input\Ready Review
RemotePenSyncDataAvailable\Microsoft\Windows\input\Ready Review
RemoteTouchpadSyncDataAvailable\Microsoft\Windows\input\Ready Review
syncpensettings\Microsoft\Windows\input\Ready Review
TouchpadSyncDataAvailable\Microsoft\Windows\input\Ready Review
RestoreDevice\Microsoft\Windows\InstallService\Ready Review
ScanForUpdates\Microsoft\Windows\InstallService\Ready Review
ScanForUpdatesAsUser\Microsoft\Windows\InstallService\Ready Review
Synchronize Language Settings\Microsoft\Windows\International\Ready Review
La57Cleanup\Microsoft\Windows\Kernel\Ready%windir%\system32\la57setup.exe Review
Installation\Microsoft\Windows\LanguageComponentsInstaller\Ready Review
ReconcileLanguageResources\Microsoft\Windows\LanguageComponentsInstaller\Ready Review
Notifications\Microsoft\Windows\Location\Ready%windir%\System32\LocationNotificationWindows.exe Review
WindowsActionDialog\Microsoft\Windows\Location\Ready%windir%\System32\WindowsActionDialog.exe Review
WinSAT\Microsoft\Windows\Maintenance\Ready Review
Cellular\Microsoft\Windows\Management\Provisioning\Ready%windir%\system32\ProvTool.exe /turn 7 /source CellStateChangeTaskReview
Logon\Microsoft\Windows\Management\Provisioning\Ready%windir%\system32\ProvTool.exe /turn 5 /source LogonIdleTaskReview
MapsToastTask\Microsoft\Windows\Maps\Ready Review
AutomaticOfflineMemoryDiagnostic\Microsoft\Windows\MemoryDiagnostic\Ready Review
ProcessMemoryDiagnosticEvents\Microsoft\Windows\MemoryDiagnostic\Ready Review
MNO Metadata Parser\Microsoft\Windows\Mobile Broadband Accounts\Ready%SystemRoot%\System32\MbaeParserTask.exe Review
LPRemove\Microsoft\Windows\MUI\Ready%windir%\system32\lpremove.exe Review
SystemSoundsService\Microsoft\Windows\Multimedia\Running Review
NcsiIdentifyUserProxies\Microsoft\Windows\Network Connectivity Status Indicator\Ready Review
WiFiTask\Microsoft\Windows\NlaSvc\Ready%SystemRoot%\System32\WiFiTask.exe nlaReview
PCR Prediction Framework Firmware Update Task\Microsoft\Windows\PCRPF\Ready%windir%\system32\rundll32.exe %windir%\system32\pcrpf.dll,NotifyFirmwareUpdateStagedReview
RequestTrace\Microsoft\Windows\PerformanceTrace\Ready Review
WhesvcToast\Microsoft\Windows\PerformanceTrace\Ready Review
Device Install Group Policy\Microsoft\Windows\Plug and Play\Ready Review
Device Install Reboot Required\Microsoft\Windows\Plug and Play\Ready Review
Sysprep Generalize Drivers\Microsoft\Windows\Plug and Play\Ready%SystemRoot%\System32\drvinst.exe 6Review
AnalyzeSystem\Microsoft\Windows\Power Efficiency Diagnostics\Ready Review
EduPrintProv\Microsoft\Windows\Printing\Ready%windir%\system32\eduprintprov.exe Review
PrinterCleanupTask\Microsoft\Windows\Printing\Ready Review
Initialization\Microsoft\Windows\ReFsDedupSvc\Ready Review
RegIdleBackup\Microsoft\Windows\Registry\Ready Review
Report update status\Microsoft\Windows\RemoteApp and Desktop Connections Update\user@corp-redacted.com\Ready%SYSTEMROOT%\System32\RUNDLL32 tsworkspace,WorkspaceStatusNotify2Review
Start Workspace Runtime at logon\Microsoft\Windows\RemoteApp and Desktop Connections Update\user@corp-redacted.com\Ready Review
Update connections\Microsoft\Windows\RemoteApp and Desktop Connections Update\user@corp-redacted.com\Ready%SYSTEMROOT%\System32\RUNDLL32 tsworkspace,TaskUpdateWorkspaces2Review
IntelligentPwdlessTask\Microsoft\Windows\Security\Pwdless\Ready Review
StartComponentCleanup\Microsoft\Windows\Servicing\Ready Review
PITRTask\Microsoft\Windows\Setup\Ready Review
SetupRecoveryDataTask\Microsoft\Windows\Setup\Ready Review
CreateObjectTask\Microsoft\Windows\Shell\Ready Review
FamilySafetyMonitor\Microsoft\Windows\Shell\Ready%windir%\System32\wpcmon.exe Review
FamilySafetyRefreshTask\Microsoft\Windows\Shell\Ready Review
IndexerAutomaticMaintenance\Microsoft\Windows\Shell\Ready Review
ThemesSyncedImageDownload\Microsoft\Windows\Shell\Ready Review
UninstallSMB1ClientTask\Microsoft\Windows\SMB\Ready%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"Review
UninstallSMB1ServerTask\Microsoft\Windows\SMB\Ready%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& %windir%\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"Review
SpaceAgentTask\Microsoft\Windows\SpacePort\Ready%windir%\system32\SpaceAgent.exe Review
SpaceManagerTask\Microsoft\Windows\SpacePort\Ready%windir%\system32\spaceman.exe /WorkReview
MaintenanceTasks\Microsoft\Windows\StateRepository\Ready%windir%\system32\rundll32.exe %windir%\system32\Windows.StateRepositoryClient.dll,StateRepositoryDoMaintenanceTasksReview
Storage Tiers Management Initialization\Microsoft\Windows\Storage Tiers Management\Ready Review
EnableLicenseAcquisition\Microsoft\Windows\Subscription\Ready%SystemRoot%\system32\ClipRenew.exe -eReview
LicenseAcquisition\Microsoft\Windows\Subscription\Ready%SystemRoot%\system32\ClipRenew.exe Review
PowerGridForecastTask\Microsoft\Windows\Sustainability\Ready Review
SustainabilityTelemetry\Microsoft\Windows\Sustainability\Ready Review
ResPriStaticDbSync\Microsoft\Windows\Sysmain\Ready Review
WsSwapAssessmentTask\Microsoft\Windows\Sysmain\Ready%windir%\system32\rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskReview
SR\Microsoft\Windows\SystemRestore\Ready%windir%\system32\srtasks.exe ExecuteScheduledSPPCreationReview
Interactive\Microsoft\Windows\Task Manager\Ready Review
MsCtfMonitor\Microsoft\Windows\TextServicesFramework\Ready Review
ForceSynchronizeTime\Microsoft\Windows\Time Synchronization\Ready Review
SynchronizeTime\Microsoft\Windows\Time Synchronization\Ready%windir%\system32\sc.exe start w32time task_startedReview
SynchronizeTimeZone\Microsoft\Windows\Time Zone\Ready%windir%\system32\tzsync.exe Review
UPnPHostConfig\Microsoft\Windows\UPnP\Readysc.exe config upnphost start= autoReview
Usb-Notifications\Microsoft\Windows\USB\Ready Review
WiFiTask\Microsoft\Windows\WCM\Ready%SystemRoot%\System32\WiFiTask.exe Review
ResolutionHost\Microsoft\Windows\WDI\Ready Review
Windows Defender Cache Maintenance\Microsoft\Windows\Windows Defender\Ready%ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenanceReview
Windows Defender Cleanup\Microsoft\Windows\Windows Defender\Ready%ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanupReview
Windows Defender Scheduled Scan\Microsoft\Windows\Windows Defender\Ready%ProgramFiles%\Windows Defender\MpCmdRun.exe Scan -ScheduleJobReview
Windows Defender Verification\Microsoft\Windows\Windows Defender\Ready%ProgramFiles%\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerificationReview
QueueReporting\Microsoft\Windows\Windows Error Reporting\Ready%windir%\system32\wermgr.exe -uploadReview
BfeOnServiceStartTypeChange\Microsoft\Windows\Windows Filtering Platform\Ready%windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChangeReview
UpdateLibrary\Microsoft\Windows\Windows Media Sharing\Ready"%ProgramFiles%\Windows Media Player\wmpnscfg.exe" Review
Calibration Loader\Microsoft\Windows\WindowsColorSystem\Ready Review
Scheduled Start\Microsoft\Windows\WindowsUpdate\Ready%systemroot%\System32\sc.exe start wuauservReview
CacheTask\Microsoft\Windows\Wininet\Running Review
CDSSync\Microsoft\Windows\WlanSvc\Ready Review
MoProfileManagement\Microsoft\Windows\WlanSvc\Ready Review
Work Folders Logon Synchronization\Microsoft\Windows\Work Folders\Ready Review
Work Folders Maintenance Work\Microsoft\Windows\Work Folders\Ready Review
Device-Sync\Microsoft\Windows\Workplace Join\Ready Review
NotificationTask\Microsoft\Windows\WwanSvc\Ready%SystemRoot%\System32\WiFiTask.exe wwanReview
OobeDiscovery\Microsoft\Windows\WwanSvc\Ready Review
XblGameSaveTask\Microsoft\XblGameSave\Ready%windir%\System32\XblGameSaveTask.exe standbyReview
Firefox Background Update S-1-12-1-REDACTED 308046B0AF4A39CB\Mozilla\ReadyC:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdateReview
SoftLandingCreativeManagementTask\SoftLanding\S-1-12-1-REDACTED\Ready Review

Services Running From Writable/Suspicious Paths

NameDisplay nameStateStart modePathRisk
hcpclientcoreHCP client core serviceRunningAuto"C:\Program Files\Ricoh\PMC Client\hcpclientcore.exe" run --service --config \\?\C:\ProgramData\hcpclientcore\hcpclientcore.confReview - ProgramData path
ZoomCptServiceZoom Sharing ServiceRunningAuto"C:\Program Files\Common Files\Zoom\Support\CptService.exe" -user_path "C:\Users\Default\AppData\Roaming\Zoom"High - user-writable path

PATH Hijack Risk

PathRiskReason
C:\Users\user.redacted\AppData\Local\Microsoft\WindowsAppsHighUser-writable-looking PATH directory
C:\Users\user.redacted\AppData\Local\Programs\FiddlerHighUser-writable-looking PATH directory
C:\Users\user.redacted\AppData\Local\Microsoft\WindowsAppsHighUser-writable-looking PATH directory

USB Storage Policy

USBSTOR StartUSB storage enabledRemovable storage deny allNote
3TrueNot configuredUSBSTOR Start=4 usually means USB mass storage disabled.

Proxy / VPN

Proxy enabledProxy server
0
NameServerTunnel typeSplit tunnelingAll-user
No data captured.

Domain / LAPS

Domain joinedDomainLAPS policy
FalseWORKGROUPConfigured/Policy present

Browser Extensions

Mild suggestion: Browser extension inventory only shows what is installed locally. For browser-side website risk review, Scantide Observe can complement this by checking cookies, headers, scripts, iframes, forms and tracking beacons while browsing. It does not replace endpoint security, patching, or browser extension governance.
BrowserProfileExtension IDNameVersion
ChromeDefaultblojlgglhfcmpigjbkllcgjmhincdjhbSnow Web Application Metering1.0.8_0
ChromeDefaultcdblaggcibgbankgilackljdpdhhcine__MSG_appName__6.1.14_0
ChromeDefaultghbmnnjooekpmoecnnnilnnbdlolhkhi__MSG_extName__1.104.1_0
ChromeDefaulthaofejeafnajjfidaekiaejelpompjknScantide Observe3.1.10_0
ChromeDefaultmiinajhilmmkpdoaimnoncdiliaejpdkNexthink26.4.4_0
ChromeDefaultnmmhkkegccagdldgiimedpiccmgmieda__MSG_APP_NAME__1.0.0.6_0
EdgeDefaultcgjgjfacjflmgphhhepmbhhbgjieaecnMicrosoft Edge Unminification Extension135.0.3176.0_0
EdgeDefaultfmammgdlmljodabkafnkpagekcigmabkSnow Web Application Metering1.0.8_0
EdgeDefaulthigleibocjmgcnbikjneplkibiopjnkpNexthink26.5.1_0
EdgeDefaultjmjflgjpcpepeafmmgdpfkogkghcpihaEdge relevant text changes1.2.1_0
EdgeDefaultkfbdpdaobnofkbopebjglnaadopfikhhMicrosoft Edge DevTools Enhancements113.0.1765.0_0
EdgeProfile 1jmjflgjpcpepeafmmgdpfkogkghcpihaEdge relevant text changes1.2.1_0
EdgeProfile 2jmjflgjpcpepeafmmgdpfkogkghcpihaEdge relevant text changes1.2.1_0
Firefoxidjefsxd.default-releasescantide-observe@example.comScantide Observe3.1.11
Firefoxidjefsxd.default-releasecloudmetering@snowsoftware.comSnow Web Application Metering1.2.5
Firefoxidjefsxd.default-releaseformautofill@mozilla.orgForm Autofill1.0.1
Firefoxidjefsxd.default-releasepictureinpicture@mozilla.orgPicture-In-Picture1.0.0
Firefoxidjefsxd.default-releaseaddons-search-detection@mozilla.comAdd-ons Search Detection3.0.0
Firefoxidjefsxd.default-releasewebcompat@mozilla.orgWeb Compatibility Interventions151.6.0
Firefoxidjefsxd.default-releasenewtab@mozilla.orgNew Tab151.4.0
Firefoxidjefsxd.default-releaseipp-activator@mozilla.comIPP Activator0.1
Firefoxidjefsxd.default-releasedata-leak-blocker@mozilla.comData Leak Blocker144.0.0
Firefoxidjefsxd.default-releasedefault-theme@mozilla.orgSystem theme — auto1.4.2
Firefoxidjefsxd.default-releaseaddons-search-detection@mozilla.comAdd-ons Search Detection3.0.0
Firefoxidjefsxd.default-releasefirefox-compact-light@mozilla.orgLight1.3.4
Firefoxidjefsxd.default-releasefirefox-compact-dark@mozilla.orgDark1.3.4
Firefoxidjefsxd.default-releasefirefox-alpenglow@mozilla.orgFirefox Alpenglow1.5.2
Firefoxidjefsxd.default-releasenewtab@mozilla.orgNew Tab153.1.20260528.133333

Installed Software CVE Review

What this means: Installed software names from Windows are less precise than service banners. Treat these as review leads only. Do not treat old CVEs returned for a modern product name as confirmed without checking exact affected version ranges, product edition and exposure.
Scantide CVE API queried in 20 parallelized batch(es), batch size 5, parallelism 4. Items: 100, matches with CVEs: 15. Results are based on installed-software display names and versions, so treat them as review evidence unless the product/version match is exact.
ProductVersionInstalled display nameCVE ReviewHighest severityHighest scoreTop CVEsStatus
GlobalProtect6.2.8GlobalProtectPossible Critical CVE signal (10)CRITICAL9.8CVE-2016-3657, CVE-2017-7945, CVE-2017-9458, CVE-2016-3656, CVE-2017-7409OK
7-Zip26.01.00.07-Zip 26.01 (x64 edition)Possible Critical CVE signal (5)CRITICAL9.3CVE-2008-3075, CVE-2016-3646, CVE-2002-0370, CVE-2009-1782, CVE-2004-2348OK
7-Zip24.087-Zip 24.08 (x64)Possible Critical CVE signal (5)CRITICAL9.3CVE-2008-3075, CVE-2016-3646, CVE-2002-0370, CVE-2009-1782, CVE-2004-2348OK
Intel(R) Wireless Bluetooth(R)23.30.0.3Intel(R) Wireless Bluetooth(R)Possible High CVE signal (5)HIGH7.8CVE-2020-0555, CVE-2019-14620, CVE-2024-24984, CVE-2023-47859, CVE-2023-45845OK
Notepad++8.9.6.4Notepad++ (64-bit x64)Possible High CVE signal (4)HIGH8.4CVE-2025-56383, CVE-2026-25866, CVE-2025-49144, CVE-2007-5145OK
OpenSSL3.4.1OpenSSL 3.4.1 Light (64-bit)Possible High CVE signal (4)HIGH7.5CVE-2004-0079, CVE-2003-0851, CVE-2004-0081, CVE-2004-0112OK
Dell Display and Peripheral Manager2.1.0.24Dell Display and Peripheral ManagerPossible High CVE signal (2)HIGH7.3CVE-2025-46430, CVE-2026-21419OK
Microsoft Edge149.0.4022.62Microsoft EdgePossible Medium CVE signal (2)MEDIUM5CVE-2015-6057, CVE-2015-6058OK
Mozilla Firefox151.0.4Mozilla Firefox (x64 en-US)Possible Critical CVE signal (2)CRITICAL10CVE-2004-0904, CVE-2004-0905OK
AD Info Free Edition1.7.92AD Info Free EditionPossible Medium CVE signal (1)MEDIUM6.8CVE-2021-20876OK
Fiddler4.4.9.2FiddlerPossible High CVE signal (1)HIGH8.8CVE-2020-13661OK
Intel(R) LMS1.0.0.0Intel(R) LMSPossible Medium CVE signal (1)MEDIUM6.4CVE-2020-8704OK
Intel(R) Management Engine Driver1.0.0.0Intel(R) Management Engine DriverPossible Medium CVE signal (1)MEDIUM5.5CVE-2021-33087OK
ISS_Drivers_x643.10.100.4446ISS_Drivers_x64Possible High CVE signal (1)HIGH7.1CVE-2024-50035OK
Microsoft Intune Management Extension1.101.111.0Microsoft Intune Management ExtensionPossible High CVE signal (1)HIGH8.1CVE-2021-31980OK

Installed Software Inventory

What this means: This is the registry-based installed software inventory used for local review and CVE matching. Rows with a light red/orange background have possible local CVE review signals and should be verified against exact affected version ranges before being treated as confirmed.
NameVersionPublisherInstall DateCVE Review
„Microsoft 365“ programos įmonėms - lt-lt.proof16.0.20026.20168Microsoft CorporationNot matched
7-Zip 24.08 (x64)24.08Igor PavlovPossible Critical CVE signal (5)
7-Zip 26.01 (x64 edition)26.01.00.0Igor Pavlov20260428Possible Critical CVE signal (5)
AD Info Free Edition1.7.92Cjwdev20220414Possible Medium CVE signal (1)
Angry IP Scanner3.8.2Angry IP ScannerNot matched
Aplicaciones de Microsoft 365 para empresas - es-es.proof16.0.20026.20168Microsoft CorporationNot matched
Aplicații Microsoft 365 pentru întreprindere - ro-ro.proof16.0.20026.20168Microsoft CorporationNot matched
Aplikacje Microsoft 365 dla przedsiębiorstw - pl-pl.proof16.0.20026.20168Microsoft CorporationNot matched
Citrix XenCenter7.0.1Citrix Systems, Inc.20231006Not matched
CPU Speed Pro version 33CPU Speed Pro20240416Not matched
CrowdStrike Device Control7.35.20865.0CrowdStrike, Inc.20260609Not matched
CrowdStrike Firmware Analysis7.14.18456.0CrowdStrike, Inc.20241003Not matched
CrowdStrike Sensor Platform7.36.20805.0CrowdStrike, Inc.20260609Not matched
CrowdStrike Windows Sensor7.36.20805.0CrowdStrike, Inc.20260609Not matched
Dell Active Pen Service7.7.1.117Wacom Technology Corp.Not matched
Dell Command | Update for Windows Universal5.7.0Dell Inc.20260415Not matched
Dell ControlVault Host Components Installer 64 bit5.15.14.19Broadcom Limited20250916Not matched
Dell Core Services1.14.149.0Dell, Inc.20260415Not matched
Dell Display and Peripheral Manager2.1.0.24Dell Technologies20260122Possible High CVE signal (2)
Dell Peripheral Core2.1.0.356Dell Inc.Not matched
Dell SupportAssist5.1.1.3567Dell Inc.20260609Not matched
Dell SupportAssist OS Recovery Plugin for Dell Update5.5.16.1Dell Inc.20260519Not matched
Digi Device DiscoveryNot matched
Documentation Manager23.30.0.6Intel Corporation20240325Not matched
Dynamic Application Loader Host Interface Service1.0.0.0Intel Corporation20250820Not matched
eM Client10.0.3530.0eM Client Inc.20241008Not matched
Fiddler4.4.9.2TelerikPossible High CVE signal (1)
GlobalProtect6.2.8Palo Alto Networks20250806Possible Critical CVE signal (10)
Google Chrome149.0.7827.103Google LLC20260610Not matched
Intel Driver && Support Assistant26.1.0.2Intel20260401Not matched
Intel(R) Computing Improvement Program2.4.10965Intel Corporation20250214Not matched
Intel(R) Graphics Software & Drivers1.0.1168.2Intel(R) CorporationNot matched
Intel(R) LMS1.0.0.0Intel Corporation20250820Possible Medium CVE signal (1)
Intel(R) Management Engine Components1.0.0.0Intel Corporation20250820Not matched
Intel(R) Management Engine Components2514.7.16.0Intel CorporationNot matched
Intel(R) Management Engine Driver1.0.0.0Intel Corporation20250820Possible Medium CVE signal (1)
Intel(R) ME WMI Provider1.0.0.0Intel Corporation20250820Not matched
Intel(R) SOL LMS Extension1.0.0.0Intel Corporation20250820Not matched
Intel(R) Wireless Bluetooth(R)23.30.0.3Intel Corporation20240325Possible High CVE signal (5)
Intel(R) Wireless Manageability Driver1.0.0.0Intel Corporation20250820Not matched
Intel(R) Wireless Manageability Driver Extension1.0.0.0Intel Corporation20250820Not matched
Intel® Driver & Support Assistant26.1.0.2Intel20260401Not matched
Intel® Integrated Sensor Solution3.10.100.4446Intel CorporationNot matched
Intel® Software Installer23.30.0.6Intel CorporationNot matched
ISS_Drivers_x643.10.100.4446Intel Corporation20220427Possible High CVE signal (1)
Kurumlar için Microsoft 365 Uygulamaları - tr-tr.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft .NET Host - 8.0.27 (x86)64.108.52182Microsoft Corporation20260518Not matched
Microsoft .NET Host - 8.0.28 (x64)64.112.53549Microsoft Corporation20260611Not matched
Microsoft .NET Host - 9.0.16 (x64)72.64.52183Microsoft Corporation20260518Not matched
Microsoft .NET Host FX Resolver - 8.0.27 (x86)64.108.52182Microsoft Corporation20260518Not matched
Microsoft .NET Host FX Resolver - 8.0.28 (x64)64.112.53549Microsoft Corporation20260611Not matched
Microsoft .NET Host FX Resolver - 9.0.16 (x64)72.64.52183Microsoft Corporation20260518Not matched
Microsoft .NET Runtime - 8.0.27 (x86)64.108.52182Microsoft Corporation20260518Not matched
Microsoft .NET Runtime - 8.0.28 (x64)64.112.53549Microsoft Corporation20260611Not matched
Microsoft .NET Runtime - 9.0.16 (x64)72.64.52183Microsoft Corporation20260518Not matched
Microsoft 365 Apps for enterprise - da-dk.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for Enterprise - de-de.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - en-us16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - en-us.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - fr-fr.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - it-it.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - ja-jp.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps for enterprise - nb-no.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps para Grandes Empresas - pt-pt.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 Apps pro velké organizace - cs-cz.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 programmas lieluzņēmumiem - lv-lv.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 -sovellukset suuryrityksille - fi-fi.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 suurettevõtterakendused - et-ee.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365 企业应用版 - zh-cn.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365-appar för företag - sv-se.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft 365-apps voor ondernemingen - nl-nl.proof16.0.20026.20168Microsoft CorporationNot matched
Microsoft ASP.NET Core 8.0.27 - Shared Framework (x86)8.0.27.26230Microsoft CorporationNot matched
Microsoft ASP.NET Core 8.0.27 Shared Framework (x86)8.0.27.26230Microsoft Corporation20260518Not matched
Microsoft Cloud Managed Desktop Extension1.2.02664.211Microsoft Corporation20240626Not matched
Microsoft Device Inventory Agent26.5.24.2000Microsoft Corporation20260609Not matched
Microsoft Edge149.0.4022.62Microsoft Corporation20260611Possible Medium CVE signal (2)
Microsoft Edge WebView2 Runtime149.0.4022.62Microsoft Corporation20260611Not matched
Microsoft Intune Management Extension1.101.111.0Microsoft Corporation20260522Possible High CVE signal (1)
Microsoft OneDrive26.088.0510.0004Microsoft CorporationNot matched
Microsoft Power BI Desktop (x64)2.102.845.0Microsoft Corporation20220303Not matched
Microsoft PowerBI Desktop (x64)2.102.845.0Microsoft CorporationNot matched
Microsoft Purview Information Protection3.2.57.0Microsoft Corporation20260327Not matched
Microsoft Teams Meeting Add-in for Microsoft Office1.26.08901Microsoft20260506Not matched
Microsoft Update Health Tools5.72.0.0Microsoft Corporation20231106Not matched
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.51.3624714.51.36247Microsoft Corporation20260611Not matched
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.51.3624714.51.36247Microsoft Corporation20260611Not matched
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.51.3624714.51.36247Microsoft Corporation20260611Not matched
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.51.3624714.51.36247Microsoft Corporation20260611Not matched
Microsoft Visual C++ v14 Redistributable (x64) - 14.51.3624714.51.36247.0Microsoft CorporationNot matched
Microsoft Visual C++ v14 Redistributable (x86) - 14.51.3624714.51.36247.0Microsoft CorporationNot matched
Microsoft Windows Desktop Runtime - 8.0.27 (x86)64.108.52193Microsoft Corporation20260518Not matched
Microsoft Windows Desktop Runtime - 8.0.27 (x86)8.0.27.36030Microsoft CorporationNot matched
Microsoft Windows Desktop Runtime - 8.0.28 (x64)64.112.53617Microsoft Corporation20260611Not matched
Microsoft Windows Desktop Runtime - 8.0.28 (x64)8.0.28.36119Microsoft CorporationNot matched
Microsoft Windows Desktop Runtime - 9.0.16 (x64)72.64.52194Microsoft Corporation20260518Not matched
Microsoft Windows Desktop Runtime - 9.0.16 (x64)9.0.16.36030Microsoft CorporationNot matched
Mozilla Firefox (x64 en-US)151.0.4MozillaPossible Critical CVE signal (2)
Mozilla Maintenance Service151.0.4MozillaNot matched
Mozilla Thunderbird ESR (x64 en-US)140.11.1MozillaNot matched
Nagyvállalati Microsoft 365-alkalmazások - hu-hu.proof16.0.20026.20168Microsoft CorporationNot matched
Nexthink Finder6.30.14.1Nexthink S.A.20230320Not matched
Notepad++ (64-bit x64)8.9.6.4Notepad++ TeamPossible High CVE signal (4)
Novabench5.5.1Novabench Inc.20240325Not matched
Npcap1.79Nmap ProjectNot matched
NTP Query ToolNot matched
NTP ScanNot matched
Office 16 Click-to-Run Extensibility Component16.0.20026.20076Microsoft Corporation20260520Not matched
OpenSSL 3.4.1 Light (64-bit)3.4.1OpenSSL Win64 Installer Team20250311Possible High CVE signal (4)
PerformanceTest v11.011.0.1014.0Passmark Software20240416Not matched
PhotoPad Image Editor11.67NCH SoftwareNot matched
PMC Client3.31.0RicohNot matched
PowerShell 7.4.7.0-x647.4.7.0Microsoft CorporationNot matched
PowerShell 7-x647.6.2.0Microsoft Corporation20260525Not matched
PuTTY release 0.81 (64-bit)0.81.0.0Simon Tatham20240614Not matched
Qualys Cloud Security Agent6.4.1.22Qualys, Inc.20260409Not matched
Realtek Audio Driver10.X.X.REDACTEDRealtek Semiconductor Corp.20250304Not matched
Realtek Card Reader10.0.26100.21374Realtek Semiconductor Corp.20250121Not matched
Realtek USB Ethernet Controller All-In-One Windows Driver11.17.20.1030Realtek20250414Not matched
Remote help3.8.0.12Microsoft Corporation20220308Not matched
Scripting Tools for Windows PowerShell: iLO Cmdlets1.5.1.0Hewlett Packard Enterprise20241107Not matched
Scripting Tools for Windows PowerShell: iLO Cmdlets4.0.0.0Hewlett Packard Enterprise20241022Not matched
Snow Inventory Agent for Windows7.5.0Snow Software20260310Not matched
TeamViewer Host15.78.4TeamViewerNot matched
TreeSize Free V4.5.34.5.3JAM Software20220509Not matched
Uninstall UUByte DMG Editor1.5.8UUByte20220629Not matched
USBPcap 1.5.4.01.5.4.0Tomasz MonNot matched
Webex43.6.0.26407Cisco Systems, Inc20240126Not matched
Win32DiskImager version 1.0.01.0.0ImageWriter Developers20220629Not matched
Windows Subsystem for Linux2.4.12.0Microsoft Corporation20250320Not matched
Windows Subsystem for Linux Update5.10.102.1Microsoft Corporation20220428Not matched
Windows Subsystem for Linux WSLg Preview1.0.27Microsoft Corporation20230320Not matched
Wireshark 4.6.6 x644.6.6The Wireshark developer community, https://www.wireshark.orgNot matched
Zoom Workplace (64-bit)7.0.38856Zoom20260519Not matched
Приложения Microsoft 365 для предприятий - ru-ru.proof16.0.20026.20168Microsoft CorporationNot matched
Програми Microsoft 365 для підприємств - uk-ua.proof16.0.20026.20168Microsoft CorporationNot matched
엔터프라이즈용 Microsoft 365 앱 - ko-kr.proof16.0.20026.20168Microsoft CorporationNot matched

Startup Items

SourceNameCommand
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunSecurityHealthC:\WINDOWS\system32\SecurityHealthSystray.exe
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunRtkAudUService"C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_babf1584c40a3d53\RtkAudUService64.exe" -background
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWavesSvc"C:\WINDOWS\System32\DriverStore\FileRepository\wavesapo10de.inf_amd64_db3f3288eba6a142\WavesSvc64.exe" -Jack
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunPMC ClientC:\Program Files\Ricoh\PMC Client\hcpclient.exe
HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunGlobalProtect"C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPA.exe"
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOneDrive"C:\Program Files\Microsoft OneDrive\OneDrive.exe" /background
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunCiscoMeetingDaemon"C:\Users\user.redacted\AppData\Local\WebEx\WebexHost.exe" /daemon /runFrom=autorun
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunMicrosoft.ListsC:\Program Files\Microsoft OneDrive\26.088.0510.0004\OneDrive.Sync.Service.exe
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\Runcom.squirrel.Postman-Agent.PostmanAgentC:\Users\user.redacted\AppData\Local\Postman-Agent\Postman Agent.exe
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunCiscoSparkC:\Users\user.redacted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Webex\Webex.lnk /minimized /autostartedWithWindows=true
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunBlueMailC:\WINDOWS\explorer.exe me.blueone.win:noopt:hidden
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunTeams"C:\Users\user.redacted\AppData\Local\Microsoft\WindowsApps\MSTeams_8wekyb3d8bbwe\ms-teams.exe" msteams:system-initiated
HKCU:\SOFTWARE\Microsoft\Windows\CurrentVersion\RunMicrosoftEdgeAutoLaunch_996CAB29764A7E71C494B428A956D1DD"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
Generated by Scantide Local PC Security Check v3.5.164