Displaying execution path in Windows Task Manager


I came across a handy tip recently that I thought I share.

When you use Task Manager in Windows, select the Details tab and then Right-mouse click on the headings to reveal the menu as shown above. From this menu choose Select Columns.


Scroll down the list of columns that appears and select:

Image path name


Command line

as shown above, then select OK.


As shown above, you should now see a column that displays the path to the executable for that task as well as a column showing the actual command line options required to run that task. This is a very handy option when you are troubleshooting tasks.

Verify Endpoint Manager Service release


To verify the release you are on with your Microsoft Endpoint Manager environment, navigate to:


1. Select, Tenant administration from the menu on the left.

2. Ensure that Tenant details is selected as shown above.

3. Look for the Service release heading on the right as shown above.

The version number here is also linked to:

What’s new in Microsoft Intune

which provides more granular information about what capabilities have been added to the environment.

Remember, these service updates occur regularly, so ensure you check the updates regularly.

All the Guards–Part 9

This article is a part of a series. The previous article can be found here:

All the Guards – Part 8 DMA Guard

In this article I’m going to focus on the next component, which is:

Control Flow Guard

Control Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities. By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.

An administrator or user cannot configure Control Flow Guard. It is something that a developer must do inside their code. It is however something they can take advantage of in Windows 10:

Control Flow Guard

Of course, browsers are a key entry point for attacks, so Microsoft Edge, IE, and other Windows features take full advantage of CFG.

That bring us to the end of all the ‘Guards’ that I can find out there from Microsoft. I’ll provide a summary of all of this information in the final part of the series::

Summary of all the Guards

All the Guards–Part 8

This article is a part of a series. The previous article can be found here:

All the Guards – Part 7 Exploit Guard

In this article I’m going to focus on the next component, which is:

DMA Guard

In Windows 10 version 1803, Microsoft introduced a new feature called Kernel DMA Protection to protect PCs against drive-by Direct Memory Access (DMA) attacks using PCI hot plug devices connected to externally accessible PCIe ports (e.g., Thunderbolt™ 3 ports and CFexpress). In Windows 10 version 1903, Microsoft expanded the Kernel DMA Protection support to cover internal PCIe ports (e.g., M.2 slots)

Drive-by DMA attacks can lead to disclosure of sensitive information residing on a PC, or even injection of malware that allows attackers to bypass the lock screen or control PCs remotely.

This feature does not protect against DMA attacks via 1394/FireWire, PCMCIA, CardBus, ExpressCard, and so on.

Kernel DMA Protection requires UEFI firmware support, however, it does not require Virtualization Based Security (VBS). Systems running Windows 10 version 1803 or above that do support Kernel DMA protection do have this security feature enabled automatically without the need for any configuration.


To verify DMA Guard is running on your system, look at the Windows System information. Locate the setting for Kernel DMA Protection as shown above.

In host cases, with a modern Windows 10 device DMA guard should be automatically enabled. You can use policies to further control over the enumeration of external DMA capable devices incompatible with DMA Remapping/device memory isolation and sandboxing. However, this won;t be covered here.

Next up:

Control Flow Guard

Reflecting on crossing the 3,000 posts mark


I thought I’d take a moment and reflect on the fact that this blog, in its current incarnation, has just crossed a milestone of 3,000 posts.

First and foremost I’d like to thank those who do subscribe and follow this blog on a regular basis. It is always very satisfying to know that others see value in the work that you provide.

That said, I will say that the major reason I invest time writing this blog is for myself. For me it serves two major purposes. Firstly, it is a way for me to document things that I have done and reinforce my learning. Secondly, it is a communications practice. I consider that to be a:

Core Professional Skill

Another side benefit I believe of investing time in writing a blog is that it becomes a:

Living resume

That you can point to as your commitment to your profession.

Blogging for business

I have always admired the consistency of content that Seth Godin creates on his blog and I really like this recommendation he makes about blogging:

Seth Godin and Tom Peters on blogging

and I totally agree with the analysis of the value of blogging professionally and personally.

Although the earliest post here is from July 2007, in truth, this blog has been going for longer. If my memory serves me correctly, I started it back in the 2005 timeframe on a dedicated server box using dedicated software that published my musing to an internal web server that I made available to the world. Back then the whole blogging process was very complex to manage and maintain but I kept at it.

A little while down the track I shift the blog to an internal SharePoint server, which I again published to the world. After a while that too became hard to maintain and began to fill up with blog spam comments. Who’d though eh? At that point I shift the platform to Google Blogger where it remained for many years. That was until about 2 years ago when Google changed their API for Blogger and I could no longer post images on my blogs using Open Live Writer. I therefore migrated the blog to its current home here on WordPress and have been very happy with the platform.

Over the years I have experimented with monetising my content using ads but found that it largely distracted from the content I was creating. It also made the site look and feel ‘cheap’ to me. Thus, I no longer publish ads to the blog, although with more than 3,000 posts there might be some handy income available. The only ‘monetization’ I do have on my blog are crypto tip jars:



and to my knowledge, I’ve never received a payment. That isn’t an issue because, as I said, I write this blog mainly for myself, however the tip jars are there as an experiment to see whether they in fact will get used. As yet, they haven’t, but they’ll stay there in the hope that one day they might because I like the concept of being able to quickly and easily ‘tip’ people for the content they create on the web via micropayments. Trying to monetise blog content is far to hard using traditional means, so that is why the crypto tip jars exist. However, I fully appreciate that until cryptocurrency becomes more wide spread that I’ll probably never see anything. That is fine, because everything you see here is an on going ‘experiment’.

I’ve always tried to be consistent with my blog and create content regularly. Of course, that has varied over time as work and life gets in the way. Sometime too, I will readily admit, that blogging can be a chore. Luckily, those situation haven’t lasted long and I feel I’ve been disciplined to continue to create content regularly, and as I said earlier, be able to create a growing body of work that demonstrates a commitment to my profession.

Apart from consistency, another important aspect of blogging is personality. I am not a fan of blogs that ‘re-purpose’ content to re-brand and claim as their own. As Seth’s video illustrates, you don’t have to be ‘good’ at it, you just keep doing it and you’ll get better at it. However, as with most things on the Internet, too many see it as a ‘short cut’ to fame fortune and getting rich quick. To me, your blog needs to come from you. It should be things that you learned, observed and desire to share with others. I cannot tell you the number of times I have read other blogs that have helped me trying to solve some curly challenge. If what I have worked out can help another, that is the way that I pay it forward. To me, that was the promise of the Internet that has unfortunately largely been lost in its drive to commercialism. Nostalgic? Maybe. Luckily, blogging is still going strong and one mechanism that anyone can use to express themselves to a world wide audience.

I have shared many of my thoughts and opinions on business and technology via this blog. The process of actually writing these makes you stop and think about them It makes you craft better arguments, given the audience could be anyone, anywhere. It is also fun to look back at such post, through the lens time and reflect on how they actually turned out as well whether the situation today is different. History can teach us many things, and having your own can be humbling as well as it can be uplifting.

I’ll finish off where I started, thanking those who make the time to read what I write here. I’m always keen to hear from those who do so and I’d encourage you to reach out and if nothing else, just say hi. Knowing that others are finding value from what you create always helps when sometimes you wonder why you bother doing what you do.

The plan is continue doing what I do here. The more I learn, the more I write and as you can see, over the past 3,000 posts, I have learned a lot thanks largely to the technology profession I am engage in. However, no matter who you are or what you do, I encourage you to start a blog and stick with it. I’m confident, that like me, if you stick with it, you too will see benefits like I have.

Power Platform Community Monthly Webinar – September 2021


Join us for our first Power Platform Community webinar. The idea behind these is to share the latest news and event about the Microsoft Power Platform as well as share some of the things that we have learned recently in the hope that it can help others.

There’ll be 3 major presenters:

Andrew Gallagher

Bill Mallet

Yeoman Yu

who’ll share their knowledge, answer any questions you may have and then provide a tutorial into using Microsoft Forms as a trigger for Power Automate.

Come and join us by registering here:


If you wish to join our community and be part of the regular discussion and participation on the Microsoft Power Platform you can join via:


(look for the Power Platform option here to join us).

We look forward to seeing you on the webinar.

All the Guards–Part 7

This article is a part of a series. The previous article can be found here:

All the Guards – Part 6 (Application Guard)

In this article I’m going to focus on the next component, which is:

Exploit Guard

The four components of Windows Defender Exploit Guard are designed to lock down the device against a wide variety of attack vectors and block behaviours commonly used in malware attacks, while enabling enterprises to balance their security risk and productivity requirements.

These four components are:

The four components of Windows Defender Exploit Guard are:

  • Attack Surface Reduction (ASR): A set of controls that enterprises can enable to prevent malware from getting on the machine by blocking Office-, script-, and email-based threats
  • Network protection: Protects the endpoint against web-based threats by blocking any outbound process on the device to untrusted hosts/IP through Windows Defender SmartScreen
  • Controlled folder access: Protects sensitive data from ransomware by blocking untrusted processes from accessing your protected folders
  • Exploit protection: A set of exploit mitigations (replacing EMET) that can be easily configured to protect your system and applications

More details can be found here:

Windows Defender Exploit Guard: Reduce the attack surface against next-generation malware

Typically you use Microsoft Endpoint Manager to:

Create and deploy Exploit Guard policy

but there are other methods as I have detailed here for

Attack Surface Reduction (ASR)

Windows Defender Exploit Guard is one of the best ways that you can minimise the risk of malware infection on Windows 10 devices and as such, should be enabled across all such devices in your fleet.

The next article will look at:

DMA Guard