Monday 31 March 2014

Custom McAfee HIPS Rules That Actually Work

In this post I'm going to talk about McAfee HIPS expert rules and provide some real world examples of ways to actually catch the bad guys.

For more info on McAfee HIPS check the manual (page 101 onwards) here: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22894/en_US/Host%20Intrusion%20Prevention%20800%20Product%20Guide%20for%20ePO%20450.pdf

Disclaimer - I'm not a malware guru and this post will likely be me trying to reinvent the wheel. If you have any tips or know any good HIPS resources please drop me a comment below!


Catching Bad Guys With HIPS

For an attacker to gain a foothold in your organisation they will need to run code on your systems, drop files and also setup persistence. Without these items they have no foothold. AV usually approaches this problem with a signature blacklist but as we all know this can be easy to evade.

Host intrusion detection/prevention on the other hand, can be more effective because instead of just blocking the known bad you can monitor everything and then remove the good, to find the bad. By whitelisting known good combinations of filenames, locations, processes, registry keys etc. you'll effectively be left with just the bad activity (plus a small number of false positives).


Hey I use McAfee too!

McAfee produce a HIPS product that uses a kernel-level driver to monitor system calls, if specific criteria are met you can either create an alert or block the activity. Like most security products the default signatures are out-dated and prone to false positives. What's more, as they are proprietary the actual signature content is neither visible or modifiable, making tuning and investigation tough.


Luckily McAfee allow you to create your own custom rules using a limited subset of system calls related to files, the registry, processes and a few other things. Sadly McAfee don't let you monitor arbitrary system calls like Ambush IPS.

Implementation sidenote - Avoid filtering HIPS alerts using "Exception Rules" they're just messy, use custom rules instead and avoid "Access Protection" rules they don't offer enough granularity.


The Expert Template

To create a new HIPS rule in McAfee EPO go to Policy Catalog -> Product: Host Intrusion Prevention -> Category: IPS Rules, select your IPS rules policy then click "New" to add a custom rule. Under the subrules tab select "New Expert Rule". Expert rules are more customisable and easier to manage so I would definitely recommend using them over basic rules. (Although it can be useful creating basic rules and clicking the preview button, as this will give you the basic code needed for the expert rule.)

The template that most rules follow is something like the following:

Rule {
 tag <tagname>
 Class <either File/Registry/Service/Process>
 Id <ID assigned by EPO>
 level 3
 attributes -no_trusted_apps
 <class value> { Include "<something>" }
 <class value> { Exclude "<something>" }
 Executable { Include "*" }
 Executable { Exclude { -path "<something>"} } 
 user_name { Include "*" }
 directives <class:action1> <class:action2>
}

All parameters in angle brackets < > should be replaced with values. Starting from the top, name and ID are self explanatory, you need to save the rule and an ID will be assigned that you can add to the rule later. The level is the severity from 0 to 4 (informational to high) The "Class" depends on what type of rule you want to create, I'll cover some examples below. There will be specific inclusions and exclusions for the class. You can also define specific executables you either want to include or exclude from monitoring. Finally the "directives" part defines the specific actions (API calls) we want to watch, for example, file creation will be "files:create".

Wildcards: & = everything except slashes (so no path traversing), * = everything including slashes.
Both are useful for different situations and balancing extra visibility with false positive reduction.


File Activity

99% of the bad guys in the world today will write files to disk for functionality and persistence reasons. For a defender that's awesome as we now have a way to detect when a machine is compromised.

Attacker Tip: Don't write files to disk, do everything in memory!

McAfee HIPS supports monitoring of file create, read, write, execute, delete, renaming, attribute modification and hardlink creation. We just need to define which file path/type we want or don't want to alert on and any executables we want to include (known bad sources) or exclude (known creators of false positives).

Below is a basic file monitoring template that looks for all exe's and dll's created in system32:

Rule {
 tag file_create_write
 Class Files
 Id 4001
 level 3
 attributes -no_trusted_apps
 files { Include "C:\\Windows\\System32\\&.dll" "C:\\Windows\\System32\\&.exe" }
 files { Exclude "C:\\example\\exclude" }
 Executable { Include "*" }
 Executable { Exclude { -path "c:\\Windows\\System32\\MRTSTUB.exe" } { -path "C:\\Windows\\System32\\SPOOLSV.EXE"} } 
 user_name { Include "*" }
 directives files:create files:write
}

In the "files" section you can see how you just "Include" the path you're interested in surrounded by quotes. The ampersand acts as a wildcard and remember to use double slashes in paths! I ignore ("Exclude") any file created by mrtstub.exe or spoolsv.exe as these guys generated more false positives than true positives.

Creating any rule is a balancing act between greater visibility and false positive reduction. To improve the effectiveness and accuracy of signatures it helps to focus on known bad locations, extensions and processes. I've included some suggestions below (Microsoft has a location list here):

Potentially bad extensions:
exe, dll, bat, pif, scr, com, ps1, vbs, vbe, js, lnk, tmp, jar, class, jnlp, doc(x), xls(x), pdf

Potentially bad locations:
C:\Windows
C:\Windows\System32\*
C:\Windows\System32\drivers
C:\Program Files

Win7 specific:
C:\Program Files(x86)
C:\Windows\SysWOW64
%Temp% = C:\Users\<user>\AppData\Local\Temp
%Appdata% = C:\Users\<user>\AppData\Roaming
%ProgramData% = C:\ProgramData
C:\Users\<user>\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\<user>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

WinXP specific:
%Temp% = C:\Documents and Settings\<user>\Local Settings\Temp
%Appdata% = C:\Documents and Settings\<user>\Application Data
C:\Documents and Settings\<user>\Application Data\Sun\Java\Deployment\cache
C:\Documents and Settings\<user>\Start Menu\Programs\Startup

Potentially exploitable executables:
Java = C:\Program Files (x86)\Java\jre7\bin\java.exe
Javaw = C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Internet Explorer = C:\Program Files (x86)\Internet Explorer\iexplore.exe
Microsoft Office = C:\Program Files (x86)\Microsoft Office\Office*\<product>.exe
Adobe Reader = C:\Program Files (x86)\Adobe\Reader *\Reader\AcroRd32.exe

Executables malware might inject into:
svchost.exe, explorer.exe, rundll32.exe, winlogon.exe, notepad.exe

Putting this all together we get some interesting use cases:
  • Java applet loaded, java.exe creates .idx or .class file in Java cache
  • Malware running from svchost.exe drops exe/dll in %Temp% 
  • New files added to startup folder or scheduled tasks created for persistence
  • Rootkit (*.sys) dropped in drivers folder
  • Unusual files (bat, pif, scr, com, vbs, vbe) created in, or executed from %Temp% and %Appdata%
Bare in mind that if the attacker migrates processes the exploited programs themselves may not drop malware, so if possible don't restrict the rule to a specific source executable. As a real life example a Java exploit I analysed this week used svchost.exe to drop a payload triggering a rule similar to this:

Rule {
 tag svchost_create_exe
 Class Files
 Id 4002
 level 3
 attributes -no_trusted_apps
 files { Include "C:\\Users\\&\\AppData\\*.exe" }
 files { Exclude "C:\\example\\exclude" }
 Executable { Include { -path "C:\\WINDOWS\\SYSWOW64\\SVCHOST.EXE" } }
 Executable { Exclude { -path "c:\\example\\exclude" } } 
 user_name { Include "*" }
 directives files:create files:write
}


Registry Activity

The registry is another favourite area for attackers to target because of persistence and access to system settings. There are loads of persistence locations, I've included some below but a lot of the time malware will go for the really obvious CurrentVersion\Run. It can also be useful to look for changes to things like windows update, firewall or security centre.

Using HIPS we can monitor registry activity to detect the creation/access of keys at known sensitive locations. McAfee supports monitoring of create, read, delete, modify, permissions, enumerate, monitor, restore, replace, load, and rename system calls.

A basic registry monitoring template is below:

Rule {
tag "HKLM/HKCU Wscript Run Value"
Class Registry
Id 4003
level 3
Executable { Include { -path "c:\\windows\\system32\\wscript.exe" } }
values { Include "\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\&" "\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\&" "\\REGISTRY\\CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\&" "\\REGISTRY\\CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\&" }
values { Exclude "\\REGISTRY\\MACHINE\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\\SYNCHRONIZATION MANAGER" "\\REGISTRY\\CURRENT_USER\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\RUN\\CTFMON.EXE" }
directives registry:create 
}

In this rule I'm looking for suspicious registry entries created by wscript, which is useful for detecting the vbs malware mentioned in my previous posts. I've included multiple registry run locations where malware will often create entries and excluded some false positives. Note that McAfee uses a slightly different syntax for registry paths, HKEY_LOCAL_MACHINE = MACHINE and HKEY_CURRENT_USER = CURRENT_USER.

Below are some common registry locations in ready to use McAfee format, a more comprehensive list can be found here and for comparison there is a real life ZeroAccess example here.

Common persistence locations:

\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\&
\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce\\&
\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnceEx\\&
\\REGISTRY\\MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows\\AppInit_DLLs\\&
\\REGISTRY\\MACHINE\\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\&
\\REGISTRY\\MACHINE\\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\&
\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet\\Services\\&
\\REGISTRY\\MACHINE\\SYSTEM\\ControlSet\\Services\\&\\Parameters\\ServiceDLL\\&

Windows Firewall 
\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy
Windows Security Centre
\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wscsvc
Windows Update
\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\wuauserv

Above are the HKLM entries, you can specify equivalents for HKCU (or use the & to cover both) e.g.
\\REGISTRY\\CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\&


What about Programs?

The McAfee programs class covers new process creation (program:run or CreateProcess) and opening of existing processes with specific permissions (program:open_with_x or OpenProcess). Program:run can let you to track potential malware executing from the %temp% or %appdata% folders (Target_Executable { Include { -path "C:\\Users\\&\\AppData\\Roaming\\*.exe"}}) or even track the use of built-in utilities such as Powershell or Remote Desktop.

For example to track Powershell usage but exclude a known admin user:

Rule {
tag "Powershell execution"
Class Program
Id 4004
level 3
Target_Executable { Include { -path "C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe" } \
{ -path "C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" }
}
user_name { Exclude "domain\\john" }
directives program:run 
}

OpenProcess is often used when performing code injection, the catch is that it's also used by legitimate programs. You can try detecting code injection of explorer.exe for example by using the open_with_ directive, this Intel post has a good explanation but be wary of the false positives.

Taken from the link above the directive permissions you'll want are:

PROCESS_VM_OPERATION      // For VirtualAllocEx/VirtualFreeEx
PROCESS_VM_WRITE                // For WriteProcessMemory
PROCESS_CREATE_THREAD     // For CreateRemoteThread


Hooking (SetWindowsHookEx)

SetWindowsHookEx can be used nefariously for both DLL injection and hooking (interception of function calls, events or messages within a process). There's a great explanation on the Volatility blog here.

McAfee HIPS supports monitoring of SetWindowsHookEx usage and can alert you to potential dll injection/hooking attempts. To detect browser keylogging we can use a rule like the following:

Rule {
 tag browser_hook
 Class Hook
 Id 4005
 level 3
 attributes -no_trusted_apps
 Executable { Include { -path "C:\\PROGRAM FILES (X86)\\INTERNET EXPLORER\\IEXPLORE.EXE" } { -path "C:\\PROGRAM FILES\\INTERNET EXPLORER\\IEXPLORE.EXE" } { -path "C:\\PROGRAM FILES\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE" } { -path "C:\\PROGRAM FILES (X86)\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE" } { -path "C:\\PROGRAM FILES\\MOZILLA FIREFOX\\FIREFOX.EXE" } { -path "C:\\PROGRAM FILES (X86)\\MOZILLA FIREFOX\\FIREFOX.EXE" }}
 Executable { Exclude { -path "C:\\example\\exclude" } } 
 Handler_Module { Exclude { -path "C:\\WINDOWS\\SYSTEM32\\MSHTML.DLL" } { -path "C:\\WINDOWS\\SYSTEM32\\IEFRAME.DLL"} { -path "C:\\WINDOWS\\SYSTEM32\\MSCTF.DLL"} { -path "C:\\WINDOWS\\SYSTEM32\\EXPLORERFRAME.DLL"} { -path "C:\\PROGRAM FILES (X86)\\INTERNET EXPLORER\\IEDVTOOL.DLL"} { -path "C:\\WINDOWS\\SYSWOW64\\SHELL32.DLL"} { -path "C:\\WINDOWS\\SYSTEM32\\SHELL32.DLL"} { -path "C:\\PROGRAM FILES (X86)\\INTERNET EXPLORER\\IEXPLORE.EXE"} { -path "C:\\PROGRAM FILES\\MICROSOFT\\INTERNET EXPLORER DEVELOPER TOOLBAR\\IEDEVTOOLBAR.DLL"} { -path "C:\\PROGRAM FILES\\GOOGLE\\CHROME\\APPLICATION\\CHROME.EXE"} }
 user_name { Include "*" }
 directives hook:set_windows_hook
}

You'll likely see DLL's being loaded for all kinds of different browser extensions and toolbars. Apart from browser hooking I haven't really tested this rule with other use cases, would love to hear some suggestions.


And finally...services!

The final type of rule I'll cover is related to services. Services offer another persistence mechanism for malware to abuse and interestingly are also used during lateral movement with psexec (see Metasploit psexec here - you could also monitor file creation/execution in ADMIN$).

I found new service creation to be relatively infrequent so easy to monitor for suspicious activity. The following rule will catch new service creation - I've excluded some false positives:

Rule {
tag "New service created"
Class Services
Id 4006
level 3
display_names { Include "*" }
display_names { Exclude "GUPDATE" "GUPDATEM" "MOZILLAMAINTENANCE" "JAVAQUICKSTARTERSERVICE" "IPOD SERVICE"}
directives services:create 
} 


Monitoring your rules

With all your rules created, deployed and churning out events we obviously need some way to monitor the events. SIEM is the best choice but if EPO is your only option then you'll need to create a custom query.

I created a query with the following properties:
  • Result: Type set to Events -> Threat Events.
  • Chart: Use a Multi-group Summary Table. Labels -> Threat Name and Signature Name.
  • Columns: Make sure to include Threat Name and Signature Name.
  • Filter: Event ID 18000, 18001, 1092. Threat Name equal to your signature ID e.g. 4001
This query should give you a list of your signatures and how often they have triggered.


Final Thoughts

Creating custom HIPS rules isn't always easy, it takes time to develop use cases and you will get a lot of false positives that will need to be tuned out. Once perfected though custom rules can give you some great visibility of activity on your systems and also highlight areas for improvement (better email or web proxy filtering, tighter folder/registry access restrictions etc.).

Evil-minded readers may have already spotted the obvious that it is easy to evade HIPS rules by either using system calls not monitored by HIPS or by using files/locations/processes/services that have been excluded (whitelisted) in the rule. The answer really is to use a product that sees and logs everything (not Mcafee).

I'd love to hear feedback from you guys about HIPS rules that do/don't work and specific files, locations, activity you've found useful, drop me a comment below. And remember, if in doubt, log it all, you can always filter later :)

Pwndizzle out.


103 comments:

  1. First of all thanks for the post. Glad to see someone else is using HIPS as much as it can be. You've given me some ideas as well as making clear how and why some of the more obscure rules are useful. You've also pointed out the incredible downside to products like this: You are confined to browsing logs of only certain API calls and bits of API calls the vendor thought was worthwhile. It may leave your mouth watering.


    A few things I'd like to add:

    1. You can see how McAfee made their Default rules by dumping the FireSvc process by right clicking it in task manager on an endpoint that has HIPS running. Open it with something that can handle big files like vim. You won't be impressed, but can use it to find new values to use.

    2. target_bytes, Caller_Module, and API_Name are all pieces you can use in Buffer Overflow class rules. If you have malware samples that you can run through HIPS, these fields will be incredibly useful for finding needles in your haystack. Of course, not every sample triggers BO rules. See the memory dump for usage.

    3. Data in Registry class rules. Not sure if you've seen this, but you can watch for the actual DATA in a registry value changing, not just key/value behavior:

    tag "Reg key"
    Rule {
    Class Registry
    Id -1
    level 3
    values { Include "*\\regkeytest" }
    new_data { Include "68006900*" "680065006c006c006f00*" }
    directives registry:modify
    }
    Convert your data value string to hex and add 00's after each character. The above looks for hi* and hello*. Sadly, the fired events return hex as well. Painful to dig through.

    4. Again, if you have samples, you can run ClientControl.exe /execinfo on a executable to get the "Description" and "Signer(certificate)" fields. Use this kind of custom rule to look for BITS and PIECES of known bad certificates in a program rule:

    Rule{
    tag "look for multiple signers/certs with stars in them because we only know pieces"
    Class Program
    Id 5809
    level 3
    Executable { Include { -sdn "*OU=MPR*" } \
    { -sdn "*OU=MOPR*" }
    }
    directives program:open_with_wait etc...
    }
    You CANNOT add stars in the front from the rule wizard GUI Executable/Target Executable Signer area. Without stars you are limited to full certs as such: CN=MICROSOFT CORPORATION, OU=MOPR, O=MICROSOFT CORPORATION, L=REDMOND, ST=WASHINGTON, C=US. If you want to pivot, use stars on bits and pieces of bad certs.



    Finally, two questions for you:

    1. Have you found that there is actually a difference between registry rules watching for entries in the services area, vs making a service rule? I haven't, but I suppose if you don't know what you are looking for, using a wide open service rule would do it justice.

    2. Have you found a good way to watch a known bad MD5 doing anything and everything to target executables, files, registry keys and services without making a new rule for each class? I am now understanding HIPS was made from the opposite view point in mind - not knowing what you are looking for.

    ReplyDelete
    Replies
    1. Mcafee $2.99 onwards 1 year livesafe -$6.99 2 year livesafe $9.99 3 year livesafe $12.99
      Just purchase full Mcafee version at above link
      Cheap Mcafee Livesafe

      Or Cheap Mcafee Livesafe

      Cheap Mcafee Antivirus Plus

      Delete
    2. Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download Now

      >>>>> Download Full

      Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download LINK

      >>>>> Download Now

      Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download Full

      >>>>> Download LINK GN

      Delete
  2. Hey, thanks for such a great comment and suggestions. I'm glad you found the post useful :)

    1. Wow what a great little trick. As mentioned in the post I had pretty much given up on the McAfee built rules. But seeing their secret sauce is certainly interesting and useful.

    2. With so many exploit techniques out there I was always a little skeptical of the BO rules. Also with EMET covering exploitation the rules weren't a high priority for us. Will give them a second look though.

    3.The whole hex registry key thing is absurd, really not sure why they haven't updated that. I currently use the modify directive for watching CurrentControlSet registry key changes and a few others, it's pretty handy.

    4. Interesting will test it out.

    Q1 - Different directives will monitor different system calls and provide different visibility. I think there's definitely a bit of duplication and seeing the other side of the same coin but that's not always the case. Remember the old adage "defense in depth", what one rule might miss the other might detect. Better to log it all and have duplication than miss something.

    Q2 - Short answer no. I tend to avoid working with specific hashes because both good and bad hashes change so often. If you have the time and manpower though go for it :) Also because I have rules covering most activity when malware is installed, under threat events for that machine I'll be able to see the chain of activity e.g. java exploit -> files dropped -> files executed -> registry key/services created. I'd advise against trying to do malware analysis with HIPS as well, just use Cuckoo.

    ReplyDelete
    Replies
    1. 2. It's more of a one off thing. Though MD5's, file names and reg keys change a lot, the actual data before and after an API call doesn't seem to change often. Enter target_bytes. Grab a known bad target bytes and see if it is being reported in your environment anywhere from any of the BO class rules events. You can figure out which ones those are in the dump (ctrl+f "bo:"), but they tend to have "illegal" in their rule name. More of an easy way to 100% identify known bad stuff.

      3. Though annoying, it is nice to get the actual data back if you have nothing else that can grab it now. You can use wildcards such as ? and * in them which may help. (same for target bytes btw. "??" a few pieces that tend to change depending on memory/jumps).

      Q1. Good point. The difference in API calls makes much more sense.

      4/Q2. Again, I was coming from the "I have known bad intel, so let's find it with HIPS" side. But now I'm convinced this isn't the way to go with this product. Having known bad bits and pieces really belongs in an AV product, especially since HIPs doesn't have true regex.

      Finally, I'd like to hear some of the use cases you've been using that have helped the most if you're willing to share. Moving towards "behavior" rules that need to be whitelisted instead of laser focused rules that try to look for a blacklist makes much more sense now.

      Delete
    2. Also, wow Ambush IPS. What is happening with this thing? It's making my mouth water. It looks like a truer HIPS system with MUCH more flexibility for what you can do with it. No walls like McAfee HIPS and other vendor's HIPS has.

      Are there any other tools that even compare to Ambush IPS?

      Delete
  3. Don't let me put you off incident response with HIPS. I've actually used it in the past to verify the scope of attacks by looking for known bad files and it worked well. I have found Powershell to be a better alternative though, see my other blog posts :)

    I've found it useful to:
    - Watch Java and it's program/file/registry activity.
    - Monitor registry persistence locations and changes to firewall etc.
    - Watch files dropping, programs executing or registry keys being created from C:\Users\&\AppData\*

    Although I've not used them the two main companies to watch are FireEye/Mandiant and Bit9/CarbonBlack. Both mergers now offer some really interesting stuff, at a price :)

    On paper Ambush does look awesome, although I'm not sure how easy configuration/deployment/management/performance/monitoring would be on an enterprise scale.

    ReplyDelete
  4. A very thought provoking post and resonates with me.Mcafee UK | Mcafee Number

    ReplyDelete
  5. Great blog! Its so informative.. Thank you for sharing.
    Avast is a product based on latest advanced technologies and features working as a security providing software that keeps all the malware, spyware and Trojans away from the system. In order to keep the systems smooth working well maintained for any type of technical assistance ring the technician at avast Antivirus Support.
    Avast Help Number UK | Avast Contact Number UK

    ReplyDelete
  6. Good article,resonated with me from start to finish.Mcafee Number | Mcafee UK

    ReplyDelete
  7. Thanks for sharing the valuable information.Your blog was very helpful and efficient For Me.if you are facing any problems with Mcafee UK then Please Contact McAfee Customer Service Number 0800-014-8929 .mcafee uk | mcafee phone number

    ReplyDelete
  8. To safeguard yourself from ransomware, spyware, viruses, identity theft, etc., you need to safeguard your web-connected devices. Well, to ease your tension, get Norton antivirus. norton.com/setup

    ReplyDelete
  9. Office tools have revolutionized business operations by redefining how data is manipulated and presented. Microsoft office applications go beyond business operations and are used by everyone to work on a computer. office.com/setup

    ReplyDelete
  10. office.com/setup is a product ofoffice setup. Get Support if you face problem to activate office.com/setup or mcafee.com/activate install Microsoft Office product. Install with Product Key.
    norton.com/setup is one of the best Security Antivirus product can completely Call qui protect your digital life online. You can securely surf the Internet with the To activate your with product key you can visit norton.com/setup. | mcafee.com/activate

    ReplyDelete
  11. On rare occasions, people notice that their McAfee antivirus is not responding or performing any scan. These are the symptoms of virus and malware infection. To get rid of the issue, call us at McAfee Support Number UK. We will help you run your McAfee on Safe mode as that can remove virus and malware from your PC.
    Contact No. : - +44-808-169-9742
    Website: - http://www.mcafee.uk-help-number.co.uk/
    Face Book: - https://www.facebook.com/mcafeeukhelpnumber/
    Twitter: - https://twitter.com/McAfee_Help_UK
    Address: - London, United Kingdom

    ReplyDelete
  12. Amazing website, love it. great work done. Thanks for sharing with us, keep postings...

    mcafee.com/activate

    ReplyDelete
  13. Thanks for sharing such a nice Blog.I like it.
    mcafee.com activate key

    ReplyDelete
  14. Thanks For share such a nice platform for know our horror scope. If any one want to resolve their problems talk to astrologer for free.

    ReplyDelete
  15. Nice blog, Contact McAfee helpline if any McAfee user faced some issues or error. Our technicians instant help you.

    ReplyDelete
  16. To take the benefits of Office products, visit office.com/setup and enter office setup with product key and activate your MS Office products such as Microsoft word, excel, PowerPoint Skype etc. Office setup key is the 25 character code which is the combination of alphabets and numeric digits. This key is used to verify the office products from office setup official website.

    mcafee.com/activate | mcafee.com/activate | office.com/setup | mcafee.com/activate | mcafee.com/activate

    ReplyDelete
  17. This comment has been removed by the author.

    ReplyDelete
  18. KP Security Deals is a leading security software store to keep customer an ease of purchasing computer security software . Our online store gives various kinds and range of software including antivirus, internet security, and virus protection software.
    buy mcafee

    ReplyDelete
  19. Nice Post if you are Looking for Netgear Support, visit on Netgear Support

    ReplyDelete
  20. putlockers is probably the best alternative to putlocker among all the sites recorded here. You can stream the two motion pictures and TV Shows as it houses a large and amazing assortment of data which is updated oftentimes. On the off chance that you've at any point utilized a Netflix account, you will find that Vumoo shares its interface with Netflix. Vumoo feels very similar to Netflix while navigating which makes it popular among its clients however it's anything but an old site. You can discover all the drifting and most sizzling motion pictures in dedicated segments. We firmly recommend you to check out putlocker.

    ReplyDelete
  21. Getting the Best Global Fund Administrator is not that easy in today’s time. There are so many people who claim to be the Best Global Fund Administrator online but the reality is far different. So, just make yourself safe from the fraud one.

    ReplyDelete
  22. Have you frustrated by facing the Norton setup issues in your software? Whether your Norton antivirus is not working well or you don’t know how to fix the norton setup or any other issue related to it. Don’t take so just stress and just hold on. We are here to help you 24*7. Just dial our contact number and feel free to ask anything related to the Norton antivirus software. Our team of experienced experts would provide you the best possible solution. You would get the step by step guide regarding to this software.

    ReplyDelete
  23. Nice Post..
    When I attempt to print the documents from windows 10 computer system, I am experiencing the warning message such as HP printer driver is unavailable error. This technical error is an intricate glitch that can make me more annoying and worrying. I am trying to identify it, but don’t get any ideas. Why is it taking place? Really, I am fully unaware about it. I am putting my possible efforts for resolving HP printer driver is unavailable, but nothing happens correctly. Can anyone recommend the easy tips to resolve this technical error at the earliest?

    ReplyDelete
  24. Thanks for sharing this post , We are a well-recognized third-party technical support company, having immense years of experience and proficiency for resolving common errors associated to Epson printer. If you are experiencing Epson printer in error state, our printer technicians are highly proficient for resolving this technical error within a few minutes. Our tech-geeks have the technical skills and broad knowledge for solving this technical error completely from the root. Our helpline number is open round the clock to provide quick support or quality assistance.

    ReplyDelete
  25. Verses are words that make up a tune as a rule comprising of stanzas and ensembles. The author of verses is a lyricist. The words to an all-inclusive melodic sythesis, for example, Punjabi song, a show are, notwithstanding, normally known as a "lyrics" and their author, as a "librettist".

    ReplyDelete
  26. Computer and printer are the two most devices that is used by most of the peoples. To print a job from computer to printer, there should be a connection between them. You can connect HP Printer to computer through a wired and wireless connection.

    ReplyDelete
  27. HP printers are used at very large scale to print documents all over the world. Printer offline is one of the most common issue faced by most of the printer users. If printer says offline HP then try to reconnect your wireless printer once again.

    ReplyDelete
  28. Have you ever thought how people clear there most tough competitive exam just with the help of Reasoning?Have you ever thought about how students solve the question without using pen & paper? Have you ever thought about how students in the exam solve the question 15 to 25 minutes early then exam time ends?
    Reasoning App has all the solutions to all your questions. Try our Logical Reasoning
    This Reasoning in Hindi app is Ideal for practice Reasoning at home to Students (preparing for SSC, Bank PO, Civil Services Exam, or any other Competitive Exams as well as to students of class 1 to 10 also).Our English Reasoning in Hindi is very
    easy to learn and amaze with many skillful tricks.

    ReplyDelete
  29. After looking at a handful of the blog articles on your web site, I truly appreciate your technique of writing a blog. I book marked it to my bookmark website list and will be checking back in the near future. Take a look at my web site as well and let me know what you think.
    xfinity.com/authorize
    espn.com/activate

    ReplyDelete
  30. Passer huit à neuf heures pour faire le travail de bureau n'est pas aussi simple pour le patron que pour les employés. Ils ont sûrement besoin de la chaise la plus confortable pour s'asseoir afin qu'il n'y ait aucun problème de mal de dos et tout. Une chaise confortable aide la personne à se concentrer pleinement sur le travail et à garder la posture du corps correcte, ce qui signifie aucune douleur et tout pour le corps. Si vous accordez la plus haute importance à ce point, il vous suffit d'acheter la chaise de bureau pour les maux de dos près de moi dans le magasin de meubles en ligne Buro-ergo.fr. Ici, toutes les chaises et autres meubles sont extrêmement bons. De la position parfaite au design en passant par le look des meubles est tout simplement parfait. Commandez simplement ceux de ce magasin pour votre bureau et rehaussez l'apparence de votre espace de bureau tout en gardant à l'esprit le confort de vos employés et de vous-même. Dépêchez-vous et passez la commande bientôt.

    ReplyDelete
  31. To Reset Bellsouth Email Password, you should go to the ‘Forgot Password page’ of Bellsouth, on your first step. Apart from that, entering the Bellsouth email address will be your next step. Now, you will have to click on the ‘Continue’ option and then select the option says ‘Send me a temporary password’. Here, you need to choose the ‘Continue’ option and then you will get the temporary password. In the next step, you should enter the temporary password to access to you Bellsouth email.

    ReplyDelete
  32. What an amazing article is this. thanks for this, I really appreciate you. If you are interested in neo and gas wallets, please visit our websites to get full information about the official neo wallet

    ReplyDelete
  33. Excellent Blog! I would like to thank you for the efforts you have made in writing this post. I am hoping for the same best work from you in the future as well. I wanted to thank you for this websites! Thanks for sharing.
    human resource management assignment help
    management assignment help

    ReplyDelete
  34. You have less content on your blog and if you want to rank higher in Google. So, you should work on content optimzation and SEO for your blog. For this, you should take help of any cheap SEO Services for SEO and content optimization.

    ReplyDelete
  35. We are providing Homework Help with someone who can understand your project requirement take Homework for assignment writing.
    Also visit here: Project Management Assignment Help
    Marketing Assignment Help
    Homework Help
    Homework Helper

    ReplyDelete
  36. When I attempt to print the documents in the colors, I am hardly experiencing printer not printing color. I am giving the command to my printing machine for printing the documents in the colors, I am unable to print the documents in the colors. I face hp printer not printing color when there is low and shortage ink in the cartridge. This technical problem is really a big hurdle for me, hence I want to take the permanent solutions for this technical issue. In addition, I have applied my skills to resolve this error, but no outcomes. So anyone can assist me the right methods to sort out this error correctly.https://www.hpprintersupportpro.com/blog/fix-printer-not-printing-color-issue/
    Printer not printing in color
    hp Printer not printing color
    Printer won't print in color
    My printer won't print in color
    Hp printer won't print color
    Printer won't print color

    ReplyDelete
  37. This comment has been removed by the author.

    ReplyDelete
  38. Printing a job with the help of a printer is not a big task but when a job stuck in the queue, it creates problem. If your HP Printer is paused during printing a job then there may be a problem with print queue. Clear the print queue to fix the problem.

    ReplyDelete
  39. If you are an outlook email user and facing outlook not working issue, I and my technical support experts are technically experienced for solving this technical glitch before your eyes. Our live phone support is open for you to get quick support or help.

    ReplyDelete
  40. You guys are awesome with great knowledge and you are the master of this topic. I love the way of your writing so please keep posting and visit these links for more information.
    Cash App Online Login

    Login into Cash App

    Login Cash App

    How to Sign into Cash App

    How to Login to Cash App

    Cash App Login

    Cashapp Login

    Cash App Login Online

    Cash App Sign In

    Cash App Login Website

    ReplyDelete
  41. Thanks for this wonderful post. It is very informative. Due to any problem, If Cash App not working properly and it show error Cash App Failed for My Protection and you are looking for a reliable solution immediately for transaction of payment then contact or mail us for these problems. Our team of technician expert give you the better solution to resolve these all issues of Cash App Payment Failed for My Protection problem.
    Cash App Transfer Failed
    Cash App Payment Failed
    Cash App Failed for My Protection
    Cash App Canceled for your Protection
    Cash App this Transfer Failed
    Cashapp Payment Failed
    Transfer Failed Cash App
    Cash App Payment Failed for My Protection

    ReplyDelete
  42. The services of Nzassignmenthelp are different as we believe in zero tolerance towards plagiarism. We have a professional writing team that makes sure that there is no duplicate or low quality work, no grammatical and spelling mistakes. We constantly produce the paper by creative brainstorming and sound thinking. Last but not least our pricing also make us unmatchable.

    NZ assignment help
    agency has expert law assignment writers in NZ make sure students don’t have to spend time in doing a creative search for their coursework and complete the task.

    ReplyDelete
  43. If you are facing any kind of issues with the Yahoo mail, you are strongly suggested to get in touch with our dedicated professionals who have phenomenal knowledge and are committed to delivering the best in class guidance in order to deal with the yahoo issues in an effective and hassle free manner. Simply contact at Yahoo Customer Service and you will be able to make Yahoo your default homepage with utmost level of ease.
    yahoo customer service

    ReplyDelete
  44. Mcafee Livesafe Unlimited Devices $6.99 onwards 1 year livesafe -$6.99 2 year livesafe $9.99 3 year livesafe $12.99
    Just purchase full Mcafee version at above link
    Cheap Mcafee Livesafe

    Or Cheap Mcafee Livesafe

    Cheap Mcafee Antivirus Plus

    ReplyDelete
  45. Assignment Work Help is one of the best and cheap assignment help australia service provider in Australia that offers quality solutions at economical prices. All our solutions are completely unique and prepared as per the instructions and guidelines provided by you.
    do my assignment cheap

    ReplyDelete
  46. At times you might experience errors while operating your QuickBooks desktop software, use QuickBooks file doctor to easily resolve them. We are a team of highly trained and experienced QuickBooks technical experts who can help you with any query related to this financial software. We know to manage your funds, payment to vendors, salaries to employees and paying taxes on time is very important but sometimes the error in your QuickBooks software could result in a delay in all these jobs. Now there will no delay because our dedicated team will solve all the errors with the help of QuickBooks File Doctor.
    QuickBooks install diagnostic tool
    QuickBooks script error
    QuickBooks error 1904
    QuickBooks error 1328

    ReplyDelete
  47. Students of top universities of Singapore are often search for online assignment help at low-priced. SingaporeAssignmentHelp.com is most trusted online assignment help service provider in Singapore in limited time. Singaporean students are often visit our website for college assignment help to obtain high marks in college exam.

    ReplyDelete
  48. Moreover, any of the browsers you’re using together with Google Chrome, Microsoft internet, explorer, Mozilla, Opera, or any other. You do not need a fixed browser for idm crack. Internet Download Manager will work on your browser. Also, the entire essential or everyday use browser supported IDM to manage/handle all of your downloads. It permits you to download any video and audio files format.

    ReplyDelete
  49. They will also feel happier and healthier. Having a positive vibe person will make you feel better about yourself and your world. They will make you smile more often. You are curious to know more about great person, visit here.

    ReplyDelete
  50. Your post is very great.I read this post. It's very helpful. I will definitely go ahead and take advantage of this. plus This article is mind rich, continue uploading us such content
    hvac SEO
    .

    ReplyDelete
  51. I have read many blogs but this blog is very informative and wonderful. Your way of working is very great and cool. I am really impressed. I will come back to the website to read more similar stuff. Thanks for sharing and keep sharing. hvac SEO
    .

    ReplyDelete
  52. Twitch TV has been the greatest and the most famous video streaming platform for every gamer on this planet.
    twitch.tv/activate
    The hp.com/123 is actually a website which is set up by HP technicians to help people set up their HP Printer. Go to mcafee. com/activeate and register your subscribed McAfee product such as McAfee total protection or McAfee Internet Security.

    ReplyDelete
  53. Visit McAfee official website www.mcafee.com/activate or mcafee.com/activate.Enter your 25 digits McAfee Product KeyLog in to your McAfee account or Create new.Click Submit and Choose “Country and language”.Once Logged in, Download your Setup.Run downloaded application to install mcafee. Installation Done.www.macfee.com/activate

    ReplyDelete
  54. It is natural for you to have some teething problems with some features of the program. If and when this happens, you can get solutions to your Quickbooks related issues by reaching our popular and reliable Quickbooks help center.

    ReplyDelete
  55. A Three-Wheeled motorcycle is a special type of motorcycle having two wheels at the front and one in the rear. The three-wheeled motorcycle market is considered to be a completely new market across the globe.

    ReplyDelete
  56. Hi guys. I want to advise the cool best payout online site in Canada.
    Online slots can now be played on any tablet or smartphone. Modern technology recreates the feel of a real Vegas experience. Online mobile slots can be played on the bus, in a shopping mall, or the doctor’s waiting room - anywhere and anytime you want. Join up here: https://casinowonderland.net/

    ReplyDelete
  57. get McAfee Error code 0, which is a typical issue. To fix McAfee Error 76567 clients can contact McAfee support number (830) 255-7635. McAfee support group

    ReplyDelete
  58. Thanks for sharing this usefull topic Rani Durgavati Vishwavidhyalaya BCom Time Table 2021. i hope it is improtant post for everybody. thanks and have a good day

    ReplyDelete
  59. I really enjoyed this information.
    Thanks for sharing this piece of information.
    Keep writing.
    I also hope our website canon ij setup found you useful and help you.

    ReplyDelete
  60. If you want to reinstall the operating system in your mobile to fix the software-related issues, IMEI issues, and dead issues. You can download a firmware file to fix all the issues.
    Lenovo a6000 cpu type

    ReplyDelete
  61. The dreaded Error on your Canon Printer usually indicates that the print head has died! Before you go trashing the printer or buying a new one try some of the following suggestions.
    A Compact Printer for All Uses With the Canon Pixma, you can print all types of documents quickly and with ease.
    From laser setup google print to inkjet printers, online stores have all types of printers that you're looking for.

    ReplyDelete
  62. AV usually approaches this problem with a signature blacklist but as we all know this can be easy to evade.



    office.com/setup

    ReplyDelete
  63. To getyahoo customer service without utilizing a portable number, you are approached to snap on the sign-in connection and afterward type your email address. Presently, you are approached to snap on the Next catch and afterward on the failed to remember password tab. Presently, you will get an affirmation code on your email address to recover the record.

    ReplyDelete
  64. An urgent implementation of a dissertation isn't modest in any way. Not all students have the required measure of cash and are prepared to remain broke for a month. That is the reason we propose you to choose the more alluring strategy for installment – by portions. You can compensate the writer as per the level of undertaking's preparation or even after you get the entire record. cheap assignment help
    write my assignment

    ReplyDelete
  65. Small airways damage causes the formation of big air pouches that is medically known as bullae. pathophysiology template case study. These problems are referred to as bullous emphysema. Inflammatory cells for example: neutrophil granulocytes, macrophages and few white blood cells are associated with COPD (Anzueto, 2009).

    ReplyDelete
  66. Your article gave me a lot of information. I have gained great information from your post. This site is a very good site. I am sure that you will benefit from this web site. Whatever you are looking for can be helpful in our site.
    If you are facing Network access problem troubleshooting canon printer installation failed problem.
    With the help of my websites and blogs you can search obstacles printers.

    ReplyDelete
  67. First, click on the Start Menu or press the Windows logo key, and then click Settings near the Power or Profile icon.
    Windows 10 Activator Free Download
    WINDOWS ACTIVATOR
    Windows 10 Activator 2021
    Windows 10 Activator

    ReplyDelete
  68. Greetings to all nice men, my name is Ajita Sharma and I am a 22-year-old independent call girl and i'm passionate about providing good services. I am an educated girl living alone in a flat in Bangalore.
    Call girls WhatsApp
    Call girl WhatsApp
    personal service
    Dating
    Relationship
    Call girls
    Call girl
    Female
    Call girls for party
    Hotel call girls
    Model
    Incall girls
    Outcall girls
    Escort service
    Female call girls service

    ReplyDelete
  69. A very awesome blog post. We are really grateful for your blog post. You will find a lot of approaches after visiting your post.
    Hi! We are water treatment company in uae Great points made up above! And
    RO membrane thanks… I think this is one of the most important information for me. And i am glad reading your article. But should remark on few general things…

    ReplyDelete
  70. You will be able to make a great deal of money within the first few hours. When you are serious about starting a business and want to make sure you hit the ground running, try this simple but powerful tactic. For more ideal details about how to start a small business, pop over to these guys.

    ReplyDelete
  71. Being one of the pioneer brands in printers and scanners, Canon has offered the users a lot of reliability and ease of use in their products. Modifying and setting up the Canon printer is easier than ever and you can it how to reset canon printer

    ReplyDelete
  72. Hi.....
    How IPS application protection rules work. ... How firewall rule groups work . ... Appendix A — Writing Custom Signatures and Exceptions.
    You are also read more How to get Instant Loan

    ReplyDelete
  73. Hi....
    However, whatever I try, I cannot seem to get these customised signatures to actually apply and prevent the action. Even a basic rule to ...
    You are also read more Business Loan providers in India

    ReplyDelete
  74. Hi.....
    Content rollback in McAfee ePO software . ... McAfee AMCore intelligently scans only items that really need to be scanned, instead of scanning.
    You are also read more Get Instant Loan

    ReplyDelete
  75. Hi.....
    Content rollback in McAfee ePO software . ... McAfee AMCore intelligently scans only items that really need to be scanned, instead of scanning.
    You are also read more Apply for Business Loan

    ReplyDelete

  76. We have designs and prints on these Men's T-Shirts can be customized as per the t shirts wholesalebuyer's requirements. We can develop it in any color as..

    ReplyDelete
  77. Hurtig og venlig betjening. Tror på at vi vil besøge stedet igen, take away lyngby hovedgade og smage andre indiske retter.

    ReplyDelete
  78. Hi.....
    This article contains information that shows how to help lower ... Any custom virtual machine configuration directories, if applicable.
    You are also read more Apply Online Home Loan

    ReplyDelete
  79. Hi...
    Content rollback in McAfee ePO software . ... McAfee AMCore intelligently scans only items that really need to be scanned, instead of scanning.
    You are also read more Business Loan Interest Rates

    ReplyDelete
  80. Also, with the customization techniques, we will ensure that game packaging you have something that perfectly fits the bill.

    ReplyDelete
  81. Do you want to travel to Rajasthan from New Delhi? There's no need to go any farther since our Rajasthan vacation packages are the best option for you. From New Delhi, we offer a wide choice of customized Rajasthan Tour Packages from Delhi to accommodate every type of visitor. Choose from a variety of Rajasthan vacation packages and take advantage of exceptional offers and discounts. Go Rajasthan Travel provides you with the convenience of booking and paying online, as well as immediate confirmations.

    ReplyDelete
  82. Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download Now

    >>>>> Download Full

    Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download LINK

    >>>>> Download Now

    Pwndizzle: Custom Mcafee Hips Rules That Actually Work >>>>> Download Full

    >>>>> Download LINK nm

    ReplyDelete
  83. Hire freelance artists in India for acting singing, dancing, makeup artists and also create free portfolio for free at kalakhoj to get freelance jobs. Go and apply right away to latest singing jobs, modelling jobs, acting jobs, musician jobs makeup artists jobs, anchoring jobs in India. Find artists with talent in modelling, acting, singing , makeup artists, dancing, anchoring, rapper, stylist, PR jobs in India at one place. jobs for models

    ReplyDelete
  84. Argentpaytech is a Canadian company that provides online payment processing solutions. We understand your business objective for payment processing and provide a secure and reliable payment gateway. We are committed to providing payment solutions for Canadian businesses with the best service possible to our clients.

    ReplyDelete
  85. Avail best Kashmir Tour Package from Kolkata at Naturecamp Travels. We always focus on providing the best service at a reasonable price. So we are the best in the travel industry. To know more, reach us now.

    ReplyDelete
  86. If you are in India and want to Anavar Tablet Buy Online India, visit Oms99 for a convenient and trustworthy purchasing experience. Ensure compliance with local laws and regulations.

    ReplyDelete
  87. This comment has been removed by the author.

    ReplyDelete
  88. Experience pure rejuvenation with our Kerala Ayurveda Package. Lumiere Holidays invites you to unwind in the heart of Kerala, where ancient healing traditions and natural beauty converge. Indulge in tailored Ayurvedic therapies and immerse yourself in wellness amidst lush landscapes. Rediscover vitality and serenity with us.

    ReplyDelete
  89. The maximum weight a canine gains over time determines when it’s time to switch it to adult dog exercises. If the dog will not get bigger than 11 kilograms (25 pounds) then you can make this switch once the pup reaches 9 months of age. check site k9nerds

    ReplyDelete
  90. Thanks for sharing. BEdigitech offers actionable strategies to how to increase ad revenue effectively. From optimizing ad placements to enhancing targeting precision, they empower businesses to maximize their revenue potential. Trust BEdigitech's expertise to optimize your ad monetization strategy and achieve sustainable growth in digital advertising.

    ReplyDelete