secureworks redcloak high cpu

2019-06-03 22:23:38, Info CSI 000032c0 [SR] Verifying 100 components 2019-06-03 22:21:23, Info CSI 00002971 [SR] Verifying 100 components When we execute the standard Red Cloak Test methodology, alerts were fired off no problem. It remains steady and doesn't decay so there was something wrong with the OS, etc. . 2019-06-03 22:19:44, Info CSI 0000240e [SR] Verifying 100 components Secureworks (NASDAQ: SCWX) is a technology-driven cybersecurity leader that protects organizations in the digitally connected world. 2019-06-03 22:28:39, Info CSI 00004790 [SR] Verifying 60 components 2019-06-03 22:23:11, Info CSI 000030b4 [SR] Beginning Verify and Repair transaction If your topic is closed and you still need assistance, send me or any Moderator a Private Message with a link to your topic. 2019-06-03 22:28:00, Info CSI 000044b7 [SR] Beginning Verify and Repair transaction 2019-06-03 22:10:26, Info CSI 000004e3 [SR] Verifying 100 components 2019-06-03 22:16:54, Info CSI 000019eb [SR] Verify complete 2019-06-03 22:23:01, Info CSI 00002fe5 [SR] Verifying 100 components . Follow the on-screen instructions to restore your computer to before the settings were modified for the Clean Boot. I assume since I also was involved in all 3 machines, a similar rogue or trojan must be present on this machine as well, as the PC and gateway laptop was resolved. Trivial local bypass of Secure Works Red Cloak telemetry discovered August 2019. 2019-06-03 22:24:18, Info CSI 0000360d [SR] Verifying 100 components 2019-06-03 22:25:20, Info CSI 00003a47 [SR] Beginning Verify and Repair transaction This may take some time. 2019-06-03 22:26:44, Info CSI 00004004 [SR] Beginning Verify and Repair transaction 2019-06-03 22:22:17, Info CSI 00002ce4 [SR] Verify complete 2019-06-03 22:22:52, Info CSI 00002f16 [SR] Verify complete I am reaching the conclusion that I have a defective system. We have been really unhappy with their responses and in general any guidance on security responses for our servers and network. 2019-06-03 22:28:39, Info CSI 00004791 [SR] Beginning Verify and Repair transaction SFC will begin scanning your system for damaged system files. 2019-06-03 22:09:54, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction 2019-06-03 22:14:55, Info CSI 0000126b [SR] Verify complete We have a keycloak HA setup with 3 pods running in kubernetes environment. . Internet speed on wireless , same exact spot went from 35Mbps to 1Mbps 2019-06-03 22:10:01, Info CSI 00000340 [SR] Beginning Verify and Repair transaction 2019-06-03 22:20:36, Info CSI 000026dd [SR] Verifying 100 components 2019-06-03 22:24:38, Info CSI 0000374c [SR] Verifying 100 components The adware programs should be uninstalled manually. Secureworks (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks Taegis, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers' ability to detect advanced threats, streamline and collaborate on investigations, and . 2019-06-03 22:16:38, Info CSI 00001903 [SR] Beginning Verify and Repair transaction I've got a 2010 Dell Studio laptop, Intel processor, 4GB ram, 320 GM hard drive (180 GB consumed)running Win 7 and IE 11that is giving me CPU usage problems. See how Secureworks Taegis XDR helps security analysts detect, investigate and respond to threats across their endpoints, network and cloud. 2019-06-03 22:10:32, Info CSI 0000054b [SR] Verifying 100 components Knowledge gained from more than 1,000 incident response engagements per year informs the continuously updated threat intelligence and analytics used to recognize malicious activity. 2019-06-03 22:23:11, Info CSI 000030b3 [SR] Verifying 100 components Once complete, let me know if it finds integrity violations or not. Secureworks Red Cloak - YouTube 2019-06-03 22:12:02, Info CSI 00000a23 [SR] Verify complete ), It is not currently known what version this logic bug was introduce in, or if it existed from the start of the Red Cloak product line. Also, please check if there is backup software or antivirus scan which runs on the system when the issue reoccurs. 2019-06-03 22:14:05, Info CSI 00000f18 [SR] Verify complete 2019-06-03 22:09:50, Info CSI 00000271 [SR] Beginning Verify and Repair transaction 2019-06-03 22:14:48, Info CSI 000011fa [SR] Beginning Verify and Repair transaction 2019-06-03 22:22:52, Info CSI 00002f18 [SR] Beginning Verify and Repair transaction Alternatives? 2019-06-03 22:19:57, Info CSI 000024ee [SR] Verifying 100 components 2019-06-03 22:24:06, Info CSI 00003536 [SR] Verifying 100 components Creating the log file in the folder structure failed because the system account Red Cloak was using couldnt write to that folder. . 2019-06-03 22:21:13, Info CSI 00002902 [SR] Beginning Verify and Repair transaction 2019-06-03 22:12:28, Info CSI 00000b7c [SR] Verify complete The issue resolved when I upgraded to Win10 on that machine. 2019-06-03 22:28:00, Info CSI 000044b5 [SR] Verify complete 2019-06-03 22:22:01, Info CSI 00002bf8 [SR] Beginning Verify and Repair transaction 2019-06-03 22:24:18, Info CSI 0000360e [SR] Beginning Verify and Repair transaction 2019-06-03 22:22:35, Info CSI 00002de1 [SR] Beginning Verify and Repair transaction 2019-06-03 22:14:05, Info CSI 00000f19 [SR] Verifying 100 components Agent 2.0.7.9 was released October 29th, in advance of the industry-accepted 90 day window. 2019-05-31 08:59:28, Info CSI 00000012 [SR] Verify complete 2019-06-03 22:27:32, Info CSI 0000430c [SR] Verify complete ), (If an entry is included in the fixlist, only the ADS will be removed. 2019-06-03 22:15:27, Info CSI 00001486 [SR] Verify complete 2019-06-03 22:26:31, Info CSI 00003f32 [SR] Beginning Verify and Repair transaction Start Free Trial. 2019-06-03 22:17:13, Info CSI 00001b3c [SR] Verify complete very short, lack of details. 2019-06-03 22:25:43, Info CSI 00003bf2 [SR] Verify complete 2019-06-03 22:17:33, Info CSI 00001c29 [SR] Verify complete 2019-06-03 22:28:12, Info CSI 00004584 [SR] Verifying 100 components 2019-06-03 22:17:33, Info CSI 00001c2a [SR] Verifying 100 components Here is the eSET log. Secureworks' Red Cloak TDR software applies a variety of machine and deep learning techniques to a vast network of data, making it easier to find hard-to-detect threats across an entire IT landscape. The problem was temporarily (a day or two) fixed by the reinstall. 2019-06-03 22:11:11, Info CSI 000007b9 [SR] Verifying 100 components 2019-06-03 22:28:35, Info CSI 0000472a [SR] Beginning Verify and Repair transaction 2019-06-03 22:23:30, Info CSI 00003256 [SR] Verify complete 2019-05-31 08:59:32, Info CSI 0000001e [SR] Verify complete The CPU usage increased and there were continuous CPU spikes at every 30 minute interval whenever the refresh token was used to acquire access tokens (30 min access token lifespan). For more information, reference SHA-2 Code Signing Support requirement for Windows and WSUS ( 2019 SHA-2 Code Signing Support requirement for Windows and WSUS ). 2019-06-03 22:17:33, Info CSI 00001c2b [SR] Beginning Verify and Repair transaction ), Tcpip\Parameters: [DhcpNameServer] 192.168.1.1, ==================== Services (Whitelisted) ====================, R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183480 2017-08-10] (Intel Wireless Connectivity Solutions -> Intel Corporation), ===================== Drivers (Whitelisted) ======================, R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22824 2017-06-06] (WDKTestCert Andy_Chen6,131219483243550933 -> OSR Open Systems Resources, Inc.), ==================== NetSvcs (Whitelisted) ===================, (If an entry is included in the fixlist, the file/folder will be moved. CredGuard False Positive - C:\Program Files (x86)\Dell SecureWorks\Red 2019-06-03 22:23:56, Info CSI 00003467 [SR] Verifying 100 components 2019-06-03 22:25:24, Info CSI 00003ab3 [SR] Verifying 100 components If no objects are detected, close the AdwCleaner window. 2019-06-03 22:19:19, Info CSI 0000225d [SR] Verifying 100 components 2019-06-03 22:14:27, Info CSI 000010a9 [SR] Verifying 100 components These risks and uncertainties include, but are not limited to, competitive uncertainties and general economic and business conditions in Secureworks' markets as well as the other risks and uncertainties that are described in Secureworks' periodic reports and other filings with the Securities and Exchange Commission, which are available for review through the Securities and Exchange Commission's website at www.sec.gov. 2019-06-03 22:18:04, Info CSI 00001db3 [SR] Verify complete INSANE (61%?!) 2019-06-03 22:23:56, Info CSI 00003468 [SR] Beginning Verify and Repair transaction #IWork4DellOrder StatusDrivers and Manuals. 2019-06-03 22:25:43, Info CSI 00003bf4 [SR] Beginning Verify and Repair transaction 2019-06-03 22:21:06, Info CSI 00002893 [SR] Verify complete Above shows a specific module in the Red Cloak agent saying that it sees the event created for launching Chrome, and successfully ends up writing some sort of log file in the folder directory for the image launched. 2019-06-03 22:15:01, Info CSI 000012dd [SR] Verifying 100 components 2019-06-03 22:19:19, Info CSI 0000225c [SR] Verify complete 2019-06-03 22:23:05, Info CSI 0000304c [SR] Verifying 100 components 2019-06-03 22:28:30, Info CSI 000046c1 [SR] Verifying 100 components 2019-06-03 22:10:15, Info CSI 00000410 [SR] Verify complete 2019-06-03 22:26:24, Info CSI 00003ec4 [SR] Verify complete 2019-06-03 22:27:52, Info CSI 0000441e [SR] Verify complete 2019-06-03 22:23:56, Info CSI 00003466 [SR] Verify complete When I look at resource monitor right now it's consuming 1.3% of CPU but when things are choking it is consuming 15% of CPU, and all the running processes jump from like 0.5% to 5%. 2019-06-03 22:27:14, Info CSI 000041d1 [SR] Verify complete Secureworks adds more layers of security to our business by quickly detecting threats and combating them effectively in real time. And other times it will bog down within an hour. I have not been able to reproducibly create the high CPU usage problem by putting a heavy load on one application or another. 2019-06-03 22:12:28, Info CSI 00000b7e [SR] Beginning Verify and Repair transaction Local Administration rights are required for installation. 2019-06-03 22:12:59, Info CSI 00000cdb [SR] Verify complete Because forward-looking statements inherently involve risks and uncertainties, actual future results may differ materially from those expressed or implied by such forward-looking statements. 2019-06-03 22:12:28, Info CSI 00000b7d [SR] Verifying 100 components 2019-06-03 22:19:31, Info CSI 00002335 [SR] Verifying 100 components Dell Laptops all models Read-only Support Forum. 2019-06-03 22:18:26, Info CSI 00001efc [SR] Verifying 100 components ), (If needed Hosts: directive could be included in the fixlist to reset Hosts. . 2019-06-03 22:10:45, Info CSI 00000683 [SR] Verifying 100 components 2019-06-03 22:25:43, Info CSI 00003bf3 [SR] Verifying 100 components 202-744-9767, Visit secureworks.com The processes that produce excess CPU demand vary. Red Cloak Threat Detection and Response is the first in a suite of software-driven products and services that Secureworks plans to release. Using Roguekiller before contacting Bleeping computer, performance improved to 9.6MBps, including a bit faster access times after booting. Save and quit by hitting ESC and typing: :wq! INSANE(61%?!) CPU usage from Dell Client Management Service?! - reddit 1A SHA-2 patch is required for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2. 2019-06-03 22:26:37, Info CSI 00003f9d [SR] Beginning Verify and Repair transaction 2019-06-03 22:10:51, Info CSI 000006e9 [SR] Verify complete After clean boot, in last steps wireless worsened to 3mbps. Note: [PATH] = The full directory path to where the taegis-agent_[VERSON]_x64.msi file is located. 2019-06-03 22:25:24, Info CSI 00003ab4 [SR] Beginning Verify and Repair transaction 3. 2019-06-03 22:09:36, Info CSI 0000013c [SR] Beginning Verify and Repair transaction At the time of discovery, my (then) employer was using a suite of SecureWorks services, with a product called Red Cloak being a core component. Any forward-looking statement speaks only as of the date as of which such statement is made, and, except as required by law, we undertake no obligation to update any forward-looking statement after the date as of which such statement was made, whether to reflect changes in circumstances or our expectations, the occurrence of unanticipated events, or otherwise. Alternatives? After reboot, the initial 100% quickly cooled down after one minute. 2019-06-03 22:10:32, Info CSI 0000054c [SR] Beginning Verify and Repair transaction 2019-06-03 22:09:22, Info CSI 00000007 [SR] Beginning Verify and Repair transaction 2019-06-03 22:28:12, Info CSI 00004585 [SR] Beginning Verify and Repair transaction He/him. 2019-06-03 22:23:05, Info CSI 0000304b [SR] Verify complete 2019-06-03 22:23:47, Info CSI 0000339a [SR] Beginning Verify and Repair transaction 2019-06-03 22:25:09, Info CSI 00003972 [SR] Verify complete 2019-06-03 22:25:37, Info CSI 00003b8b [SR] Verify complete A week ago, my CPU never pushed past 20, maybe 30 if I was doing something, now all of a sudden Taskmanager is showing that this single thing is commanding almost 2/3rds of my CPU?! Disable one module at a time and start the Red Cloak . With more accurate detections and better context, false alerts are reduced, and customers can focus on the events that matter. 2019-06-03 22:22:17, Info CSI 00002ce5 [SR] Verifying 100 components 2019-06-03 22:10:45, Info CSI 00000682 [SR] Verify complete 2019-06-03 22:23:30, Info CSI 00003258 [SR] Beginning Verify and Repair transaction 2019-06-03 22:19:25, Info CSI 000022c6 [SR] Verifying 100 components 2019-06-03 22:12:59, Info CSI 00000cdc [SR] Verifying 100 components 2019-06-03 22:23:01, Info CSI 00002fe6 [SR] Beginning Verify and Repair transaction press@secureworks.com 2019-06-03 22:09:22, Info CSI 00000006 [SR] Verifying 100 components 2019-06-03 22:27:06, Info CSI 0000415e [SR] Beginning Verify and Repair transaction Fix result of Farbar Recovery Scan Tool (x64) Version: 01-06-2019. The CPU usage increased and there were continuous CPU spikes at every 30 minute interval whenever the refresh token was used to acquire access tokens (30 min access token . 2019-06-03 22:20:49, Info CSI 000027b6 [SR] Verify complete Or if that's normal operation. 2019-06-03 22:23:26, Info CSI 000031ee [SR] Verifying 100 components 2019-06-03 22:25:50, Info CSI 00003c62 [SR] Verify complete 2019-06-03 22:24:50, Info CSI 00003824 [SR] Verify complete We generate around 2 billion events each month. Push CTRL+ALT+DELETE and open task manager. 2019-06-03 22:21:47, Info CSI 00002b25 [SR] Verifying 100 components We have cisco AMP AV separately (which we like) but bonus if we can combine it all in to one vendor. Navigate to the Red Cloak folder location from Windows Explorer: C:\Program Files (x86)\Dell SecureWorks\Red Cloak. 2019-06-03 22:19:04, Info CSI 0000212a [SR] Verify complete 2019-05-31 08:59:22, Info CSI 00000007 [SR] Beginning Verify and Repair transaction 2019-06-03 22:18:41, Info CSI 00001fd2 [SR] Verifying 100 components 2019-06-03 22:19:31, Info CSI 00002336 [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:48, Info CSI 000008ef [SR] Verifying 100 components In this video, you'll see how a security analyst uses XDR to respond to a targeted ransomware attack. 2019-06-03 22:27:44, Info CSI 0000439e [SR] Verify complete 2019-06-03 22:24:56, Info CSI 0000388b [SR] Verify complete 2019-06-03 22:11:57, Info CSI 000009be [SR] Beginning Verify and Repair transaction 2019-06-03 22:24:32, Info CSI 000036e6 [SR] Beginning Verify and Repair transaction 2019-06-03 22:16:02, Info CSI 0000164f [SR] Verifying 100 components 2019-06-03 22:25:20, Info CSI 00003a46 [SR] Verifying 100 components 2 In cases where Secureworks Red Cloak Endpoint supports an . 2019-06-03 22:19:50, Info CSI 00002479 [SR] Verifying 100 components 2019-06-03 22:23:16, Info CSI 0000311f [SR] Beginning Verify and Repair transaction 2019-06-03 22:11:42, Info CSI 00000887 [SR] Verify complete 2019-06-03 22:27:14, Info CSI 000041d3 [SR] Beginning Verify and Repair transaction The hardware seems to be fine. 2019-06-03 22:16:38, Info CSI 00001901 [SR] Verify complete However, as of Windows Agent 2.0.7.9 it is confirmed to be corrected. I'm going to do some research on that. I've ran both AVG and Malwarebytes and they've . 2019-06-03 22:28:35, Info CSI 00004729 [SR] Verifying 100 components I downloaded the Mimikatz binary without any modifications to a unique folder on the local C:\ drive of a testing endpoint. Dad, CISSP/CISM/CISA, accused SME, wannabe foodie, wine, hockey, golf, music, travels. 2019-06-03 22:26:11, Info CSI 00003d9f [SR] Verifying 100 components 2019-06-03 22:27:20, Info CSI 0000423d [SR] Beginning Verify and Repair transaction 2019-06-03 22:23:21, Info CSI 00003187 [SR] Verifying 100 components I assume since I also was involved in all 3 . Thank you for your reply. 2019-06-03 22:09:36, Info CSI 0000013a [SR] Verify complete 2019-06-03 22:25:24, Info CSI 00003ab2 [SR] Verify complete 2019-06-03 22:19:19, Info CSI 0000225e [SR] Beginning Verify and Repair transaction 2019-06-03 22:17:05, Info CSI 00001ac4 [SR] Verifying 100 components 2019-06-03 22:25:56, Info CSI 00003ccc [SR] Verifying 100 components The file will not be moved. 2019-06-03 22:19:50, Info CSI 0000247a [SR] Beginning Verify and Repair transaction 2019-06-03 22:26:31, Info CSI 00003f30 [SR] Verify complete Thanks. 2019-06-03 22:23:42, Info CSI 0000332a [SR] Beginning Verify and Repair transaction : DESKTOP-4SIK181, Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation), ========================= Event log errors: ===============================, Error: (06/01/2019 05:14:14 PM) (Source: VSS) (User: ), Error: (05/24/2019 08:32:34 AM) (Source: Application Error) (User: ), Error: (05/24/2019 08:21:14 AM) (Source: Application Hang) (User: ), Error: (03/20/2019 08:49:37 AM) (Source: Application Hang) (User: ), Error: (02/27/2019 12:19:59 PM) (Source: Application Hang) (User: ), Error: (12/28/2018 08:09:10 PM) (Source: Microsoft-Windows-WMI) (User: NT AUTHORITY), Error: (06/02/2019 11:09:13 PM) (Source: DCOM) (User: NT AUTHORITY), Error: (06/01/2019 05:26:54 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:20:06 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:18:28 PM) (Source: DCOM) (User: NT AUTHORITY), Error: (06/01/2019 05:17:37 PM) (Source: DCOM) (User: DESKTOP-4SIK181), Error: (06/01/2019 05:14:14 PM) (Source: VSS)(User: ), Error: (05/24/2019 08:32:34 AM) (Source: Application Error)(User: ), Error: (05/24/2019 08:21:14 AM) (Source: Application Hang)(User: ), Error: (03/20/2019 08:49:37 AM) (Source: Application Hang)(User: ), Error: (02/27/2019 12:19:59 PM) (Source: Application Hang)(User: ), Error: (12/28/2018 08:09:10 PM) (Source: Microsoft-Windows-WMI)(User: NT AUTHORITY), Intel Processor Graphics (HKLM-x32\\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation), ========================= Devices: ================================, Name: Microsoft ACPI-Compliant Embedded Controller, Name: Intel Serial IO I2C Host Controller - 9C62, Name: Microsoft ACPI-Compliant Control Method Battery, Name: Intel Core i5-4210U CPU @ 1.70GHz, Name: Microsoft Windows Management Interface for ACPI, Name: Intel 8 Series PCI Express Root Port #3 - 9C14, Name: Microsoft Hyper-V Virtualization Infrastructure Driver, Name: Intel 8 Series LPC Controller (Premium SKU) - 9C43, Name: Microsoft Storage Spaces Controller, Name: Microsoft Kernel Debug Network Adapter, Name: Intel 8 Series USB Enhanced Host Controller #1 - 9C26, Name: Microsoft Wi-Fi Direct Virtual Adapter #4, Name: Microsoft Wi-Fi Direct Virtual Adapter #2, Name: Microsoft Radio Device Enumeration Bus, Name: Intel 8 Series PCI Express Root Port #4 - 9C16, Name: Microsoft Device Association Root Enumerator, Name: Speakers / Headphones (Realtek Audio), Name: Microsoft Input Configuration Device, Name: Intel USB 3.0 eXtensible Host Controller - 1.0 (Microsoft), Name: Intel Serial IO I2C Host Controller - 9C61, Name: Intel 8 Series Chipset Family SATA AHCI Controller, Name: Intel 8 Series PCI Express Root Port #1 - 9C10, Name: Intel 8 Series PCI Express Root Port #5 - 9C18, Name: HID-compliant vendor-defined device, Name: NDIS Virtual Network Adapter Enumerator, Name: Intel 8 Series SMBus Controller - 9C22, Name: Bluetooth Device (RFCOMM Protocol TDI), Name: Bluetooth Device (Personal Area Network) #2, Name: Microsoft System Management BIOS Driver, Name: Plug and Play Software Device Enumerator, Name: Remote Desktop Device Redirector Bus, ========================= Partitions: =====================================, 1 Drive c: () (Fixed) (Total:930.07 GB) (Free:893.73 GB) NTFS, ========================= Users: ========================================, Administrator DefaultAccount Guest, ========================= Minidump Files ==================================, ========================= Restore Points ==================================, NOTICE: This script was written specifically for this user. That is much better than before! 2019-06-03 22:13:07, Info CSI 00000d44 [SR] Verify complete 2019-06-03 22:18:48, Info CSI 00002045 [SR] Verifying 100 components High CPU usage on machines with Deep Security Agent - Trend Micro In August of 2019, after going some time without any alerts from Red Cloak, we wanted to double check that it was actually doing anything. This article covers the system requirements for installing the Secureworks Red Cloak Endpoint agent. 2019-06-03 22:18:41, Info CSI 00001fd3 [SR] Beginning Verify and Repair transaction Well yeah no shit, most Endpoint Security/AV by definition have to be invasive to do their job. 2019-06-03 22:22:27, Info CSI 00002d6a [SR] Beginning Verify and Repair transaction 2019-06-03 22:25:37, Info CSI 00003b8d [SR] Beginning Verify and Repair transaction It would take literally days to determine if the problem actually was a software interaction issue and I would be without the functionality of Office 2010, IE 11, and/or Adobe reader during that time. 2019-06-03 22:14:48, Info CSI 000011f9 [SR] Verifying 100 components Support may be deemed as out of scope for the service at the discretion of Secureworks.364-bit and 32-bit versions are supported. 2019-06-03 22:17:05, Info CSI 00001ac5 [SR] Beginning Verify and Repair transaction requests: 2019-06-03 22:11:32, Info CSI 0000081f [SR] Verify complete 2019-06-03 22:24:23, Info CSI 00003675 [SR] Verify complete 2019-06-03 22:22:17, Info CSI 00002ce6 [SR] Beginning Verify and Repair transaction I requested a CVE for this issue to help push public awareness, in addition to this blog post, but I am frankly not sure if this meets the criteria for a CVE. I'm going to limp along by restarting the computer when it gets slow (shades of Windows 95) and get a new computer when Win 10 comes out. OP didn't seem that technical. 2019-06-03 22:16:07, Info CSI 000016b9 [SR] Verify complete https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19620. 2019-06-03 22:24:23, Info CSI 00003676 [SR] Verifying 100 components 2019-06-03 22:26:52, Info CSI 0000407b [SR] Verifying 100 components 2019-06-03 22:17:22, Info CSI 00001bbb [SR] Verify complete 2019-06-03 22:09:31, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction 2019-06-03 22:19:50, Info CSI 00002478 [SR] Verify complete 2019-06-03 22:26:17, Info CSI 00003e09 [SR] Beginning Verify and Repair transaction Any recommendations on who you are using? 2019-06-03 22:28:35, Info CSI 00004728 [SR] Verify complete 2019-06-03 22:09:54, Info CSI 000002d7 [SR] Verifying 100 components SecureWorks Red Cloak Local Bypass (CVE-2019-19620) - Medium 2019-06-03 22:15:48, Info CSI 00001592 [SR] Beginning Verify and Repair transaction