All Windows 10 & 11 Users At Risk: SeriousSAM has No Cure Yet!

Microsoft Windows 10 and Windows 11 users are at risk of a new unpatched vulnerability that was recently disclosed publicly.

The vulnerability — SeriousSAM — allows attackers with low-level permissions to access Windows system files to perform a Pass-the-Hash (and potentially Silver Ticket) attack.

Attackers can exploit this vulnerability to obtain hashed passwords stored in the Security Account Manager (SAM) and Registry, and ultimately run arbitrary code with SYSTEM privileges.

SeriousSAM vulnerability, tracked as CVE-2021-36934, exists in the default configuration of Windows 10 and Windows 11, specifically due to a setting that allows ‘read’ permissions to the built-in user’s group that contains all local users.

As a result, built-in local users have access to read the SAM files and the Registry, where they can also view the hashes. Once the attacker has ‘User’ access, they can use a tool such as Mimikatz to gain access to the Registry or SAM, steal the hashes and convert them to passwords. Invading Domain users that way will give attackers elevated privileges on the network.

Because there is no official patch available yet from Microsoft, the best way to protect your environment from SeriousSAM vulnerability is to implement hardening measures.

Mitigating SeriousSAM

According to Sky Houston, CTO at GeeksByTheHour, there are three optional hardening measures:

Delete all users from the built-in users’ group — this is a good place to start from, but won’t protect you if Administrator credentials are stolen.
Restrict SAM files and Registry permissions — allow access only for Administrators. This will, again, only solve part of the problem, as if an attacker steals Admin credentials, you will still be vulnerable to this vulnerability.
Don’t allow the storage of passwords and credentials for network authentication — By implementing this rule, there will be no hash stored in the SAM or registry, thereby mitigating this vulnerability completely.

When using GPOs for implementation, make sure the following UI Path is Enabled:

Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options\Network access: Do not allow storage of passwords and credentials for network authentication

Despite the fact that the last recommendation offers a good solution for SeriousSAM, it may negatively impact your production if not properly tested before it is pushed. When this setting is enabled, applications that use scheduled tasks and need to store users’ hashes locally will fail.

The Best Antivirus for Windows 10 Today (2023) (Is Windows Defender Good Enough?)

The Best Antivirus for Windows Today In 2023: Is Windows Defender Good Enough?

Windows Defender was originally known as Microsoft Security Essentials back in the Windows 7 days when it was offered as a separate download, but now it’s built right into Windows and it’s enabled by default. Many people have been trained to believe that you should always install a third-party antivirus, but that isn’t the best solution for today’s security problems, like ransomware.

If improving Security for your end device is your overall goal and you have a PC (aka Windows-OS device) then you must download and install WINPATROL. There is a FREE limited edition, but if you care for what comes in to your device then for a week's worth of coffee it is HIGHLY SUGGESTED you pay for the Upgrade. I have the paid version on every devices that runs on Windows since Windows 7 came out and it is THE BEST BARGAIN IN PC SECURITY. https://www.bleepingcomputer.com/download/winpatrol/
So, What Is the Best Antivirus Program In 2023?

We definitely recommend you read the entire article so you fully understand why we recommend a combination of Windows Defender and Malwarebytes, but since we know that tons of people will just scroll down and skim, here is our recommendation for how to keep your system secure:

Keep the Built-in Windows Defender for traditional antivirus – but today in 2023, malicious hackers require you to adapt and focus on Ransomware, zero-day attacks, keyloggers, and malware (such as Keyloggers that can copy and use every key stroke on your device for their own purposes) that require the 1-2-3 Defense listed below.

Use Malwarebytes for Anti-Malware and Anti-Exploit – all of the huge malware outbreaks these days are using zero-day flaws in your browser to install ransomware to take over your PC, and only Malwarebytes provides really excellent protection against this with their unique anti-exploit system. There’s no bloatware and it won’t slow you down.

Editor’s Note: This doesn’t even mention the fact that Malwarebytes, the company, is staffed by some really great people that we really respect. Every time we talk to them, they are excited about the mission of cleaning up the internet. It’s not often that we give an official How-To Geek recommendation, but this is our favorite product by far, and something we use ourselves.

A One-Two-Three Punch Equals a Knockout for anyone trying to cause harm: Registry/Windows Defense (WinPatrol), Antivirus (Windows Defender) and Anti-Malware (MalwareBytes)
1. You need antivirus software on your computer, no matter how “carefully” you browse. Being smart isn’t enough to protect you from threats, and security software can help act as another line of defense.

2. However, antivirus itself is no longer adequate security on its own. We recommend you use a good antivirus program and a good anti-malware program. Together, they will protect you from most of the biggest threats on the internet today: viruses, spyware, ransomware, and even potentially unwanted programs (PUPs)—among many others.

3. So which ones should you use, and do you need to pay money for them? Let’s start with the first part of that unified threesome combo: antivirus.

Is Windows Defender Good Enough On Its Own? NO IT IS NOT!

When you install Windows 10 or Windows 11 (not recommended as of this time), you will have an antivirus program already running. Windows Defender comes built-in to Windows 10, and automatically scans programs you open, downloads new definitions from Windows Update, and provides an interface you can use for in-depth scans. Best of all, it doesn’t slow down your system, and mostly stays out of your way—which we can’t say about most other antivirus programs.

For a short while, Microsoft’s antivirus fell behind the others when it came to comparative antivirus software tests—way behind. It was bad enough that we recommended something else, but it’s since bounced back, and now provides very good protection.

So in short, yes: Windows Defender is good enough (as long as you couple it with a good anti-malware program, as we mentioned above—more on that in a minute).

But Is Windows Defender the Best Antivirus? What About Other Programs?

If you look at that antivirus comparison we linked to above, you’ll notice that Windows Defender, while good, does not get the highest ranks in terms of raw protection scores. So why not use something else?

First, let’s look at those scores. AV-TEST found that it still caught 99.9% of the “widespread and prevalent malware” in April 2017, along with 98.8% percent of the zero-day attacks. Avira, one of AV-TEST’s top rated antivirus programs, has the exact same scores for April—but slightly higher scores in past months, so its overall rating is (for some reason) much higher. But Windows Defender isn’t nearly as crippled as AV-TEST’s 4.5-out-of-6 rating would have you believe.

Furthermore, security is about more than raw protection scores. Other antivirus programs may occasionally do a bit better in monthly tests, but they also come with a lot of bloat, like browser extensions that actually make you less safe, registry cleaners that are terrible and unnecesary, loads of unsafe junkware, and even the ability to track your browsing habits so they can make money. Furthermore, the way they hook themselves into your browser and operating system often causes more problems than it solves. Something that protects you against viruses but opens you up to other vectors of attack is not good security.

Just look at all the extra garbage Avast tries to install alongside its antivirus.

Windows Defender does not do any of these things—it does one thing well, for free, and without getting in your way. Plus, Windows 10 already includes the various other protections introduced in Windows 8, like the SmartScreen filter that should prevent you from downloading and running malware, whatever antivirus you use. Chrome and Firefox, similarly, include Google’s Safe Browsing, which blocks many malware downloads.

If you hate Windows Defender for some reason and want to use another antivirus, you can use Avira. It has a free version that works fairly well, a pro version with a few extra features, and it provides great protection scores and only has the occasional popup ad (but it does have popup ads, which are annoying). The biggest problem is that you need to be sure to uninstall the browser extension it tries to force on you, which makes it hard to recommend to non-technical people.

Antivirus Isn’t Enough: Use Malwarebytes, Too

Antivirus is important, but today, it is far more important that you use a good anti-exploit program to protect your web browser and plug-ins, which are the most targeted by attackers. Malwarebytes is the program we recommend here.

Unlike traditional antivirus programs, Malwarebytes is good at finding “potentially unwanted programs” (PUPs) and other junkware. As of version 3.0, it also contains an anti-exploit feature, which aims to block common exploits in programs, even if they are zero-day attacks that have never seen before—like those nasty Flash zero-day attacks. It also contains anti-ransomware, to block extortion attacks like CryptoLocker. The latest version of Malwarebytes combines these three tools into one easy-to-use package for $40 per year.

Malwarebytes claims to be able to replace your traditional antivirus entirely, but we disagree with this. It uses completely different strategies for protecting you: antivirus will block or quarantine harmful programs that find their way to your computer, while Malwarebytes attempts to stop harmful software from ever reaching your computer in the first place. Since it doesn’t interfere with traditional antivirus programs, we recommend you run both programs for the best protection.

Update: The Premium version of Malwarebytes now registers itself as the system’s security program by default. In other words, it will handle all your anti-malware scanning and Windows Defender won’t run in the background. You can still run both at once if you like. Here’s how: In Malwarebytes, open Settings, click the “Security” tab, and disable the “Always register Malwarebytes in the Windows Security Center” option. With this option disabled, Malwarebytes won’t register itself as the system’s security application and both Malwarebytes and Windows Defender will run at the same time.

Note that you can get some of Malwarebytes’ features for free, but with caveats. For example, the free version of Malwarebytes program will only scan for malware and PUPs on-demand—it won’t scan in the background like the premium version does. In addition, it doesn’t contain the anti-exploit or anti-ransomware features of the premium version.

You can only get all three features in the full $40 version of Malwarebytes, which we recommend. But if you’re willing to forego anti-ransomware and always-on malware scanning, the free versions of Malwarebytes and Anti-Exploit are better than nothing, and you should definitely use them.

There you have it: with a combination of a good antivirus program, Malwarebytes, and some common sense, you’ll be pretty well protected. Just remember that antivirus is only one of the standard computer security practices you should be following. Good digital hygiene isn’t a replacement for antivirus, but it is essential to making sure your antivirus can do its job.

Lock Your Computer Down In 10 Easy Steps

10 Ways to Lock Your Windows 10 PC

Locking your Windows 10 PC is the best way to secure your computer when you step away. This won’t quit or interrupt any running applications, and you have to type your PIN or password to get past the lock screen. Here are 10 ways you can lock your computer.

I. Lock Your Computer in the Start Menu

Unsurprisingly, the Start Menu offers an option for locking your PC. Just click the Start button (the Windows icon), select your account name, and then click “Lock.”

II. Use the Windows Key

Almost every Windows PC has a Windows key on the keyboard. As you’ve probably guessed, it’s the one with the Windows icon. You can press Windows+L to lock your computer.

III. Ctrl+Alt+Delete

The Ctrl+Alt+Delete keyboard shortcut is commonly used to kill unresponsive software, but you can also use it to lock your computer. Press Ctrl+Alt+Delete, and then click “Lock” in the menu that appears.

Click "Lock" in the menu.

IV. Lock Your Computer in Task Manager

You can also lock your PC in Task Manager. Pressing Ctrl+Alt+Delete, and then click “Task Manager.” You can also type “Task Manager” in the Windows Search box, and then select it in the search results.

Click “Disconnect” at the bottom right.

A popup appears asking if you’re sure you want to disconnect; click “Disconnect User” to confirm.

V. Lock It From the Command Prompt

You can also type “CMD” in the Windows Search box to open the Command Prompt. Click “Command Prompt” in the search results.

Type the following command:

Rundll32.exe user32.dll,LockWorkStation

Once this executes, your PC will be locked.

VI. Use the Run Prompt

This method is exactly the same as the Command Prompt method above, except you use Run. Just type “run” in the Windows Search box, and then click “Run” in the search results.

In the “Run” window, type the following command, and then click “OK”:

Rundll32.exe user32.dll,LockWorkStation

Once this executes, your PC will be locked.

VII. Create a Desktop Icon to Lock Your Computer

If you’d rather lock your PC with just a click, you can create a desktop icon. To do so, right-click your desktop, hover over “New,” and then select “Shortcut.”

In the “Create Shortcut” window that appears, type the following command in the “Type the Location of the Item” text box, and then click “Next”:

Rundll32.exe user32.dll,LockWorkStation

Give your icon a name, and then click “Finish.”

Your icon will appear on your desktop—double-click it any time to lock your PC.

VIII. Set It Up in the Screen Saver Settings

You can set your PC to lock after the screen saver has been on for a certain amount of time. To do so, type “Screen Saver” in the Windows Search box. Click “Change Screen Saver” in the search results.

In the “Screen Saver Settings” menu, select the checkbox next to the “On Resume, Display Logon Screen” option. Use the Arrow buttons in the “Wait:” box to select how many minutes should pass before your PC locks, and then click “Apply.”

GeeksByTheHour does not recommend this method for security reasons. It’s always best to lock your PC before you step away from it.

IX. Use Dynamic Lock

Dynamic Lock is a feature that automatically locks your PC after you step away from it. It does this by detecting the strength of the Bluetooth signal. When the signal drops, Windows assumes you’ve left the immediate area of your PC and locks it for you.

To use Dynamic Lock, you’ll first need to pair your smartphone with your PC. To do this, go to Settings > Bluetooth (on both Android or iOS) and toggle-On the slider. On your PC, go to Settings > Devices > Bluetooth and Other Devices, and then click “Add Bluetooth or Other Device.” Select your phone, confirm the PIN, and they’ll be paired.

Now all that’s left to do is enable the Dynamic Lock feature. Head to Settings > Accounts > Sign-in Options and scroll down to the “Dynamic Lock” section. Select the checkbox next to the “Allow Windows to Automatically Lock Your Device When You’re Away ” option.

Your PC will now lock if you move too far away.

X. Last And Certainly Not Least: Use the Remote Lock Feature

The Remote Lock feature should only be used in a worst-case scenario. We always recommend locking your PC before you step away from it. However, we all forget things sometimes.If you have left your PC accessible, Microsoft has provided a way for you to lock it remotely.

However, this will only work if you’ve enabled “Find My Device” on your PC, you have a Microsoft account on the device with admin privileges, and the device is connected to the internet.

To use the Remote Lock feature, sign in to your Microsoft account, and then click “Show Details” under the device you want to lock.

Next, click the “Find My Device” tab, and then click “Lock.”

Click the "Find My Device" tab, and then click "Lock."

Confirm in all the messages that appear to finish locking your PC.

When it comes to Cyber Security, you are the first layer of defense! GeeksByTheHour.com Geeks are always here if you need help, tips or tricks to help you at GeeksByTheHour.com or SkyTheTechGuy.com

It does not matter which of these 10 Easy Lock Down methods you choose to lock your PC, as long as you actually do it. Also, be sure to configure your PC to automatically lock itself if you forget.

Why You Should Update Your Web Browser right NOW!

Have you updated your web browser recently? Most browsers update themselves, but be sure to check that your browser is handling it! Regular updates are vital for everything, from making sure you can see the modern web to protecting your devices and privacy.

Browser Updates Are The Easiest Way To Protect Your Computers and Devices!

Today in 2021, there are TWO primary ways for anyone in the world to access/compromise your Device/Computer: a. Your Web Browser and b. Your Modem/Router. In this exclusive Cyber Security Article, we will be reviewing your Browser. Specifically, the primary focus is to ENSURE YOUR WEB BROWSER IS UP TO DATE NOW AND ON A REGULAR BASIS (AT LEAST ONCE EVERY MONTH).

You should be aware that running an out-of-date web browser could put your system at risk. Bad actors will use vulnerabilities in web browsers to target users with malware such as ransomware, privacy exploits, and other attacks.

So-called “drive-by downloads” will attempt to download malicious content onto your computer regardless of whether you consent to it. All you need to do is visit a compromised website or be served a malicious advert, and you don’t even need to be visiting unsavory corners of the web, since many of these attacks are spread via social media.

Then there’s the practice known as “malvertising,” which inserts malicious code into legitimate-looking adverts. According to a report by the leading cyber security news source Confiant, 1 in 200 online advertisements is malicious. Depending on where you live in the world, you might see many more malicious adverts. Patching your browser can help defend against such vulnerabilities, particularly once they become common knowledge.

Extensions and plugins that you have installed alongside a browser could also pose a risk. Adobe finally put Flash to rest in January of 2021, with security vulnerabilities playing a large part in that decision. All versions of Flash since May of 2020 have had a killswitch in them that disabled the plugin permanently after December 31, 2020.

If you’re running a version of Flash released prior to this (32.0.0.371 or earlier) on a browser that hasn’t been updated since then, you’re assuming a huge level of risk every time you browse the web. If you’re holding out because you’re fond of Flash, you should know that there are ways of using Flash that don’t put you at risk.

Browser updates can disable extensions and plugins with known vulnerabilities or change the underlying code in a way that renders these exploits ineffective.

Privacy exploits in browsers are also common. In May of 2021, FingerprintJS discovered a vulnerability in Safari, Chrome, Firefox, and Tor Browser that could link a user’s identity across different desktop browsers, effectively bypassing privacy protections put in place by those same browsers. By the time FingerprintJS had discovered the issue, Chrome’s developers had already added a fix to their update roadmap. Of course, you won’t get the benefit if you don’t apply the update.

Browser-based attacks can also do some pretty eyebrow-raising things when taken to extremes. There are many examples of devices being jailbroken that use browser exploits, such as the iPhone OS 3 jailbreak that exploited a flaw in the way that Safari rendered PDF files. This provided hackers with the system-level access that they needed to install custom firmware on Apple’s smartphone.

Even if you’re not attempting to jailbreak, from a security standpoint, Safari is probably your iPhone’s weakest link.

Outdated Browser? You Could Be Missing Out

Another great reason to update your browser is to ensure that you’re getting the best possible web browsing experience. Web technologies are constantly changing, with technologies like HTML5 and WebGL pushing the boundaries of what’s possible on a web page.

It was through HTML5’s <video> tags that YouTube and other streaming sites were able to move beyond Flash. This move massively improved page performance and device compatibility, providing a plugin-free video streaming experience. These modern browser advancements make it possible to run emulators and games in your browser without having to download and maintain additional software like Flash or Java. Per our previous GeeksByTheHour.com article on Windows 11, Android Apps will run integrated with it (aka without a 3rd Party Software Emulator needed for Windows OS up to Windows 10) such as the award-winning BlueStacks found here: https://www.bluestacks.com/

Playing DOS Games in the Internet Archive via a Browser

An outdated browser can also present you with website compatibility problems. Sometimes, this manifests as page instability, crashing, or rendering issues where the page doesn’t display correctly. Other times, you’ll see a “your browser isn’t supported” error message without being able to access the website at all.

If you’re heavily reliant on web apps like Google Docs or Microsoft 365, then you’ll want the latest updates to ensure that browser-based software runs as smoothly as possible.

Don’t forget about the features baked into the browser, too. Apple regularly adds new features to Safari with each major operating system upgrade, like the ability to share tabs seamlessly between devices or pay for items on your desktop using Apple Pay on an iPhone. Google also rolls out new features regularly, with some web apps reliant on the latest version of Chrome to unlock features like offline mode.

Gmail Offline Mode

Version mismatches can also be a headache—for example, running an outdated version of Safari on your Mac and the latest version on your iPhone. Features like Handoff and iCloud Keychain might not work correctly if you’re running an outdated version (We GeeksByTheHour.com geeks have seen this happen ourselves internally during testing).

There’s a reason that developers implore users to update to the latest version of their apps if they’re having technical issues. It’s one of the first places you should start when troubleshooting any tech issue.

How to Update Your Web Browser

Most browsers update automatically in the background, but you can always force an update by manually checking. In some cases, browser updates are tied to operating system upgrades, with a few caveats for security updates.

How to Manually Update Google Chrome

By default, Chrome will update itself.

If you want to make certain it is updated (very recommended):

You can run a manual update check using Chrome’s “Safety check” tool. To access this, launch Chrome, and then click on the “three dots” menu button in the top-right corner of the window.

Click “Settings” and look for the “Safety check” section.Click on the “Check Now” button, and Chrome will check for any new updates.

Update Google Chrome

How to Update Mozilla Firefox

Firefox will also try to update itself, but you can search for a Firefox update manually, too:

First, click the “three lines” menu button in the top-right corner of the window, and then click the “Preferences” option. In the “General” section, scroll down to “Firefox Updates” and wait.

Firefox will download any available updates. If an update is applied, you will see a “Restart to Update Firefox” button, which you can use to finalize the update. You can also manually enable “Automatically install updates” below if it’s disabled for some reason.

Update Firefox

How to Update Apple Safari

Updating Safari can be a bit confusing depending on which version of macOS you are running. Generally speaking, Safari is kept up to date using regular macOS updates, which you can find under System Preferences > Software Update.

Update Safari via Software Update

Major new versions of Safari are delivered via major new releases of macOS, usually each fall. Security updates are still delivered to older versions of Safari using the aforementioned Software Update tool in your Mac’s System Preferences.

Caveat: If you are running an older version of macOS (or OS X), you might find that updates are delivered via the Updates tab in the App Store.

How to Update Microsoft Edge

If you use Microsoft Edge, you can manually check for an Edge update by first launching the browser and then using the “Help” drop-down menu at the top of the window (on Windows) or screen (on a Mac), and then clicking the “Update Microsoft Edge” button.

Shortcut: You can also get there using the ellipsis “…” icon, followed by Settings > About Microsoft Edge. Update Microsoft Edge

Update Your Mobile Browsers, Too

Your mobile browser is just as important as your desktop browser. Both Android and Apple’s mobile ecosystem have had their fair share of attacks and vulnerabilities, so make sure that you’re applying updates across all devices.

If you use an iPhone or iPad, make sure that you install the latest iOS or iPadOS updates, since these will update the rendering engine that’s used by all browser apps on the system. You can do this under Settings > General > System Update.

iOS System Update Notification

For Android, make sure that your browser of choice is kept updated via the Google Play store. Launch the Play Store app, and then tap on the “three lines” menu button, followed by “My apps & games” in the top-left corner. Find your browser in the “Updates” section and tap “Update” to manually apply the latest version.

Update Automatically and Forget About It

Automatic updates take a lot of the pain out of keeping your software in great shape. Since most browser information is now synced with the cloud by default to make tab retrieval and bookmark sharing simple, there is little risk in allowing software to update itself (even if something goes wrong).

Staying ahead of security and feature updates applies not only to your browser but to your operating system, too. Allowing us GeeksByTheHour to help you keep Windows, Android and Mac/Apple Browsers up to date will significant;y assist the security of your technology.

How to Add Exclusions in Windows Defender on Windows 10

Windows Defender

The Windows Defender main page is pictured above (all content and images are the rights of SkyTheTechGuy.com and GeeksByTheHour.com respectively). Windows Defender is intentionally fully integrated into Windows 10, constantly running in the background by default and scanning your files for malware against its Cloud database per updates in real time unless one disables it (not recommended).

Geeks aka Windows experts like Dr. Sky and John do not take responsibility in any way if you attempt to exclude any file or files from Windows Defender. We usually only do this to improve performance for tasks like compiling programming code, running virtual machines, etc. DO NOT DISABLE GROUPS OF FILE TYPES, only specific files unless you consult experts like us at GeeksByTheHour.com

Exclusions can also help if you’re running into false positives where Windows Defender marks legitimate files as malware.

Warning: Be careful about what you exclude. Windows Defender won’t scan your excluded files and directories for malware. You wouldn’t want to exclude everything in your Downloads folder, for example!

I. First, we need to launch Windows Security to change some settings. Open the Start menu and type “Windows Security.” Then, select the “Windows Security” app.

Launch Windows Security from Start menu in Windows 10

II. In Windows Security, navigate to “Virus & Threat Protection.” Then, click “Manage Settings.”

Click manage settings in Windows Security on Windows 10

III. In “Virus & Threat Protection Settings,” scroll down to the very bottom of the page, and click “Add or Remove Exclusions.”

IV. On the Exclusions page, you can add or remove files that you want to exclude from Windows Defender scans. To add an exclusion, click the “Add An Exclusion” button beside the large plus symbol (+).

–>A small menu will pop up allowing you to define your exclusion by File, Folder, File type, or Process.

V. What you choose depends on what type of exclusion you are trying to make. Here’s what each choice does.

File: If you select this, a box will pop up allowing you to browse your computer to select a single file that will be excluded from future scans. Select the file you’d like, then click “Open.”
Folder: Like the File option, this will let your browse your computer for a specific folder to exclude from scans. The folder’s contents and subfolders will be excluded as well.
File type: A box will pop up asking you to enter a file extension (e.g., “.MID”) representing the file type that you’d like to exclude. All files of that type will be excluded from future scans. This one is dangerous because you might accidentally exclude a large class of potentially hazardous files, such as PDF or DOC files.
Process: A pop-up will ask you to enter the name of a process (a running program, i.e., “explorer.exe”) to exclude from scans. If a certain program you know is safe keeps getting flagged by Defender, you can enter it here.

Select one of these options and make the necessary selections in the pop-up dialog that follows.

VI. Once you add an exclusion, it will show up in a list on the Exclusions page.

VII. If you’d like to remove an exclusion you’ve already defined, hover your mouse cursor over the item until the downward-pointing carat arrow appears, then click the “Remove” button that pops up.

ALL DONE!

Now that you are all done, close Windows Security and your settings will be saved automatically. The next time your system does a Defender scan, the item(s) you added to the exclusions list will no longer cause trouble and will be bypassed from Defender and can be ran and used as needed.

Welcome To Windows 11: Minimum Requirements To Run It

What Are the Minimum System Requirements to Run Windows 11?

Microsoft

With Windows 11 arriving at the end of 2021, Microsoft announced the minimum system specifications required to run the new operating system. Knowing this, you can see if your Windows 10 PC is up to the task. Let’s take a look.

Windows 11 System Requirements

According to Microsoft, if your computer doesn’t meet the following requirements, your device will not be able to run Windows 11. If that’s the case, you’ll need to buy a new PC to run the new operating system.

Processor: 1 GHz or faster with 2 or more cores on a compatible 64-bit processor. (Microsoft provides a list of compatible processors on its website).
RAM: 4 gigabytes or more
Storage: 64 GB or larger storage device (such as a hard drive or SSD)
System Firmware: UEFI and Secure Boot capable
TPM: Trusted Platform Module 2.0 (common on motherboards manufactured after 2016)
Graphics Card: Compatible with DirectX 12 or later with WDDM 2.0 driver
Display: An HD display at least 720p (1280×720) resolution larger than 9″ diagonal, 8-bits per color channel
Internet Connection and Microsoft Accounts: Windows 11 Home edition requires an internet connection and a Microsoft account to set up the device on first use. Switching a device out of Windows 11 S mode also requires an internet connection.

Of all these features, the requirement for TPM 2.0 might be the most unexpected reason your slightly older Windows 10 PC can’t run Windows 11. You can check your system’s TPM version by running tpm.msc in the Run dialog.

Differences Between Windows 10 and 11 System Requirements?

Compared to Windows 10’s system requirements, Windows 11 relies on several new standards and capabilities that might leave your machine out of this upgrade cycle. Here’s a look at each one.

Processor: Windows 10 supports 32-bit CPUs, while Windows 11 only supports 64-bit CPUs.
RAM: Windows 10 requires 1 gigabyte of RAM, Windows 11 requires 4 gigabytes.
Storage: Windows 10 32-bit and 64-bit only require 16 GB and 20 GB of storage, respectively. Windows 11 requires 64 GB.
System Firmware and TPM: Unlike Windows 11, Windows 10 does not require UEFI, Secure Boot, or TPM by default. Those are required only if you use features such as BitLocker.
Graphics Card: Windows 10 requires DirectX 9 with WDDM 1.0 support. Windows 11 ups that to DirectX 12 or later with WDDM 2.0.
Display: Windows 10 only requires an 800×600 display, while Windows 11 requires 1280×720 or higher.
Internet Connection: Windows 10 does not require an internet connection to set it up for first use, and it does not require a Microsoft account. Windows 11 Home requires BOTH an internet connection and a Microsoft account to set up the system on first use!

How to Check if Your PC Can Run Windows 11

Microsoft has provided a free PC Health Check app to help you see if your Windows 10 PC is compatible with Windows 11. To use it, download the app and install it on your Windows 10 PC.

When you run it, locate the “Introducing Windows 11” section near the top of the window and click “Check Now.”

Click "Check Now" in the PC Health Check app.

The PC Health Check app will run a quick check of your system. After a few moments, you’ll see the result. If the message says, “This PC can run Windows 11,” then you’re good to go.

A "This PC Can Run Windows 11" Message in the PC Health Check app

If you see a message that reads, “This PC can’t run Windows 11,” then your device doesn’t meet the system requirements for Windows 11. Microsoft mentions that you’ll still get Windows 10 updates going forward. Windows 10 will continue to be supported through October 14, 2025.

If your PC failed this test unexpectedly, make sure Secure Boot is enabled in your BIOS, then restart Windows and run the PC Health Check test again. If that didn’t work, consult the list of system requirements above. Good luck!

Windows 11: Everything You Need To Know!

WELCOME TO WINDOWS 11: EVERYTHING YOU NEED TO KNOW FROM GEEKSBYTHEHOUR.COM

Two features from the Xbox Series X are making their way to PC via Windows 11:

The first is Auto HDR, which will help “over 1000” previous-generation games look better by automatically enabling HDR. Without this feature, only games built to support HDR would use HDR on an HDR-compatible display. Microsoft showed it off in Skyrim, where it made the colors much more vivid and vibrant.
The second is DirectStorage. Some Windows 11 PCs will be “DirectStorage Optimized”—they will need a high-performance NVMe SSD and appropriate drivers. On these PCs, games can quickly load data from system storage directly to the graphics card without taxing the CPU. Just like the Xbox did, this bypass will speed up game load times and make faster loading of assets during gameplay possible going forward.

A Smart Upgrade

Windows 11 seems pretty good so far! It’s full of other smart changes, too.

For example, Cortana is being removed from the PC setup experience, something that will no doubt please many system administrators like Dr. Sky Houston, who can’t stand Cortana and all of its headaches!

We here at GeeksByTheHour have given the Insiders Preview Build of Windows 11 a test drive and we are confident that:

Microsoft is getting more serious on Security. Windows 11 requires a Camera to operate (at least in the factory installation process) and we are assuming this is based on a “mandatory” type of Biometrics Security Approach, at least as a philosophy if not in a configurable application.
Requiring a PC with UEFI firmware that is 64-bit, Secure Boot capable and a version 2.0 TPM module chip, for example are positive Security requirements for today’s computing environment going forward.
One of the major questions is how much privacy information will MSN require upon setup (MSN is now mandatory for Windows 11) And remember, it also requires a decent and stable Internet Connection as soon as you begin installing it that was optional in all previous Windows OS versions!