Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
grasmanek94
Lurker
Posts: 2
Liked: never
Joined: Jan 25, 2023 12:50 pm
Contact:

Case #05535134 | Starting Veeam service and/or tray application removes cryptographic keys (removes cookies in chromium)

Post by grasmanek94 »

Image

Sometimes when starting the Veeam service (I have it set to MANUAL, not AUTOMATIC) and/or launching the tray application (I just launch the tray application and the tray app starts the service), something in Windows with the crypto / protect (CNG, NCrypt, CryptoAPI, DP API? I don't know exactly which one) gets either removed, deleted, corrupted, reset or overwritten!

The results is that the following happens:

- All cookies removed from ALL chromium based browsers that I have on my PC (Microsoft Edge, Google Chrome, Chromium)
- All stored passwords removed from ALL chromium based browsers that I have on my PC (Microsoft Edge, Google Chrome, Chromium)
- All my stored passphrase protected global private/public RSA keypairs (Client Keys) are gone from Bitvise SSH client

Firefox somehow is not affected, I get to keep the cookies and passwords.

I have used the following script to list the files in all DP API, CNG, CryptoAPI and NCrypt modules:

Code: Select all

$items = ChildItem -Force -Recurse $env:APPDATA\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:APPDATA\Microsoft\Protect\
$items += ChildItem -Force -Recurse $env:ALLUSERSPROFILE\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:WINDIR\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Crypto
$items += ChildItem -Force -Recurse $env:WINDIR\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Crypto
$items += ChildItem -Force -Recurse $env:WINDIR\System32\Microsoft\Crypto\
$items += ChildItem -Force -Recurse $env:WINDIR\System32\Microsoft\Protect\
This script I run in powershell as "Trusted Installer" user, so that I have access to everything.

The results, when everything is "working fine":

When everything is fine, before starting Veeam: https://pastebin.com/T6yfmDbc
After running Veeam, and launching Chromium and figuring out that all my cookies and passwords are gone again: https://pastebin.com/j1dLHsAE

The only differences are these:

Code: Select all

@83 Removed: d---s-         24-1-2023     22:17                S-1-5-21-961490082-1215747072-64943361-1001     
@83 Added  : d---s-         25-1-2023     00:29                S-1-5-21-961490082-1215747072-64943361-1001                          

@96 Added  : -a-hs-         25-1-2023     00:29            468 6350321b-327c-4cd0-88fc-51901cc2fb26        

@114 Removed: -a-hs-         24-1-2023     22:17             24 Preferred                                                            	                         
@115 Added  : -a-hs-         25-1-2023     00:29             24 Preferred                                                            

@180 Removed: d---s-        22-11-2022     12:09                S-1-5-18                                                             	
@181 Added  : d---s-         25-1-2023     00:22                S-1-5-18                                                             

@725 Removed: -a-hs-         24-1-2023     22:17            536 Diagnostic                                                           	
@726 Added  : -a-hs-         25-1-2023     00:29            564 Diagnostic                                                           
It seems only the LastWriteTime is updated for S-1-5-21-961490082-1215747072-64943361-1001, Preferred, S-1-5-18 and Diagnostic, and a new item is added: 6350321b-327c-4cd0-88fc-51901cc2fb26 (maybe Chromium adds this after it can't decrypt the old cookies/passwords database and creates a new one).

This doesn't seem to happen on my laptop (same OS, i7-4710MQ, GTX 980M 4GB, 32 GB DDR3 1600MHz RAM (4 modules), 1x 256GB Kingston SATA SSD) and other pc (same OS, 12100F, 16GB RAM DDR4 3600MHz (2 modules), HP NVIDIA GEFORCE RTX 3080 10GB, 1x 2TB Samsung SATA SSD).

These are my system specifications:

Code: Select all

>systeminfo

Host Name:                 **********
OS Name:                   Microsoft Windows 10 Pro
OS Version:                10.0.19045 N/A Build 19045
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Standalone Workstation
OS Build Type:             Multiprocessor Free
Registered Owner:          **********
Registered Organization:
Product ID:                ******************************
Original Install Date:     15-4-2022, 19:52:42
System Boot Time:          24-1-2023, 00:54:43
System Manufacturer:       ASUS
System Model:              System Product Name
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 151 Stepping 2 GenuineIntel ~3200 Mhz
BIOS Version:              American Megatrends Inc. 1403, 6-4-2022
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC+01:00) Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna
Total Physical Memory:     65,349 MB
Available Physical Memory: 59,091 MB
Virtual Memory: Max Size:  67,397 MB
Virtual Memory: Available: 58,923 MB
Virtual Memory: In Use:    8,474 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    WORKGROUP
Logon Server:              \\*****************
Hotfix(s):                 15 Hotfix(s) Installed.
                           [01]: KB5022405
                           [02]: KB5003791
                           [03]: KB5012170
                           [04]: KB5015684
                           [05]: KB5022282
                           [06]: KB5011651
                           [07]: KB5012677
                           [08]: KB5014032
                           [09]: KB5014035
                           [10]: KB5014671
                           [11]: KB5015895
                           [12]: KB5016705
                           [13]: KB5018506
                           [14]: KB5020372
                           [15]: KB5005699
Network Card(s):           6 NIC(s) Installed.
                           [01]: Realtek Gaming 2.5GbE Family Controller
                                 Connection Name: Ethernet
                                 Status:          Hardware not present
                           [02]: Intel(R) Wi-Fi 6 AX201 160MHz
                                 Connection Name: Wi-Fi
                                 Status:          Hardware not present
                           [03]: VMware Virtual Ethernet Adapter for VMnet2
                                 Connection Name: VMnet2
                                 Status:          Hardware not present
                           [04]: Intel(R) Ethernet Converged Network Adapter X550-T2
                                 Connection Name: **************************************
                                 DHCP Enabled:    No
                                 IP address(es)
                                 [01]: **************************************
                                 [02]: **************************************
                           [05]: Intel(R) Ethernet Converged Network Adapter X550-T2
                                 Connection Name: LAN
                                 DHCP Enabled:    Yes
                                 DHCP Server:     **************************************
                                 IP address(es)
                                 [01]: **************************************
                                 [02]: **************************************
                                 [03]: **************************************
                                 [04]: **************************************
                           [06]: Bluetooth Device (Personal Area Network)
                                 Connection Name: Bluetooth Network Connection 8
                                 Status:          Hardware not present
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.
The following components are present in the system:

Code: Select all

Intel Core i9-12900KF SRL4J
ASUS TUF GAMING B660M-PLUS WIFI D4
Intel B660 (Alder Lake-S PCH)
64 GB DDR4-3597 / PC4-28700 UDIMM (4 modules: Corsair CMK32GX4M2D3600C18)
Inno3D GEFORCE RTX 3080 X3 OC 10GB LHR
Conceptronic Bluetooth V4.0 Nano USB Adapter 100M
ACT AC6120 4-port USB-A hub USB 3.2 gen1
Intel X550-T2 10GbE Network Adapter
be quiet! Straight Power 11 Platinum 850W
Samsung 850 EVO 1TB (SATA) (Bitlocker Encrypted Data Drive - Password + Recovery Key)
Samsung 980 1TB (NVMe) (Boot Drive) (Bitlocker Encrypted OS Drive - Password + Recovery Key)
WD Blue SN550 2TB (WDS200T2B0C) (NVMe) (Bitlocker Encrypted Data Drive - Password + Recovery Key)
Applied User GPO:

Code: Select all

gpresult /Scope User /v

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© Microsoft Corporation. All rights reserved.

Created on ‎25-‎1-‎2023 at 23:19:09


RSOP data for ************************************** on ************************************** : Logging Mode
--------------------------------------------------

OS Configuration:            Standalone Workstation
OS Version:                  10.0.19045
Site Name:                   N/A
Roaming Profile:             N/A
Local Profile:               C:\Users\**************************************
Connected over a slow link?: No


USER SETTINGS
--------------

    Last time Group Policy was applied: 24-1-2023 at 00:54:58
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        **************************************
    Domain Type:                        <Local Computer>

    Applied Group Policy Objects
    -----------------------------
        Local Group Policy

    The user is a part of the following security groups
    ---------------------------------------------------
        None
        Everyone
        Local account and member of Administrators group
        BUILTIN\Administrators
        Hyper-V Administrators
        Performance Log Users
        BUILTIN\Users
        NT AUTHORITY\INTERACTIVE
        CONSOLE LOGON
        NT AUTHORITY\Authenticated Users
        This Organization
        Local account
        LOCAL
        NTLM Authentication
        High Mandatory Level

    The user has the following security privileges
    ----------------------------------------------

        Bypass traverse checking
        Manage auditing and security log
        Back up files and directories
        Restore files and directories
        Change the system time
        Shut down the system
        Force shutdown from a remote system
        Take ownership of files or other objects
        Debug programs
        Modify firmware environment values
        Profile system performance
        Profile single process
        Increase scheduling priority
        Load and unload device drivers
        Create a pagefile
        Adjust memory quotas for a process
        Remove computer from docking station
        Perform volume maintenance tasks
        Impersonate a client after authentication
        Create global objects
        Change the time zone
        Create symbolic links
        Obtain an impersonation token for another user in the same session
        Increase a process working set

    Resultant Set Of Policies for User
    -----------------------------------

        Software Installations
        ----------------------
            N/A

        Logon Scripts
        -------------
            N/A

        Logoff Scripts
        --------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Attachments\SaveZoneInformation
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Explorer\ShowRunAsDifferentUserInStart
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMBalloonTip
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Explorer\NoBalloonFeatureAdvertisements
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Explorer\HidePeopleBar
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Explorer\NoWindowMinimizingShortcuts
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\HideSCAMeetNow
                Value:       1, 0, 0, 0
                State:       Enabled

        Folder Redirection
        ------------------
            N/A

        Internet Explorer Browser User Interface
        ----------------------------------------
            N/A

        Internet Explorer Connection
        ----------------------------
            N/A

        Internet Explorer URLs
        ----------------------
            N/A

        Internet Explorer Security
        --------------------------
            N/A

        Internet Explorer Programs
        --------------------------
            N/A
Applied Computer GPO:

Code: Select all

gpresult /Scope Computer /v

Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
© Microsoft Corporation. All rights reserved.

Created on ‎25-‎1-‎2023 at 23:20:38


RSOP data for  on ************************************** : Logging Mode
---------------------------------------

OS Configuration:            Standalone Workstation
OS Version:                  10.0.19045
Site Name:                   N/A
Roaming Profile:
Local Profile:
Connected over a slow link?: No


COMPUTER SETTINGS
------------------

    Last time Group Policy was applied: 24-1-2023 at 00:54:55
    Group Policy was applied from:      N/A
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        **************************************
    Domain Type:                        <Local Computer>

    Applied Group Policy Objects
    -----------------------------
        Local Group Policy

    The computer is a part of the following security groups
    -------------------------------------------------------
        BUILTIN\Administrators
        Everyone
        NT AUTHORITY\Authenticated Users
        System Mandatory Level

    Resultant Set Of Policies for Computer
    ---------------------------------------

        Software Installations
        ----------------------
            N/A

        Startup Scripts
        ---------------
            N/A

        Shutdown Scripts
        ----------------
            N/A

        Account Policies
        ----------------
            N/A

        Audit Policy
        ------------
            N/A

        User Rights
        -----------
            N/A

        Security Options
        ----------------
            N/A

            N/A

        Event Log Settings
        ------------------
            N/A

        Restricted Groups
        -----------------
            N/A

        System Services
        ---------------
            N/A

        Registry Settings
        -----------------
            N/A

        File System Settings
        --------------------
            N/A

        Public Key Policies
        -------------------
            N/A

        Administrative Templates
        ------------------------
            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\WindowsStore\DisableOSUpgrade
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAutoRebootWithLoggedOnUsers
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\GameDVR\AllowGameDVR
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\OSPassphrase
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Ext\IgnoreFrameApprovalCheck
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\NoAUAsDefaultShutdownOption
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\RDVPassphraseComplexity
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Reporting\DisableEnhancedNotifications
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\InputPersonalization\RestrictImplicitTextCollection
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Biometrics\Credential Provider\Domain Accounts
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\UX Configuration\SuppressRebootNotification
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Internet Explorer\AllowServicePoweredQSA
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableCloudOptimizedContent
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\OneDrive\PreventNetworkTrafficPreUserSignIn
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Biometrics\Enabled
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AlwaysAutoRebootAtScheduledTimeMinutes
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\ConcatenateDefaults_AllowSaved
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRawWriteNotification
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWeb
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Family options\UILockdown
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\ActiveHoursStart
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\DisableWebSearch
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaInAAD
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\2
                Value:       42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows NT\Security Center\SecurityCenterInDomain
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\1
                Value:       84, 0, 69, 0, 82, 0, 77, 0, 83, 0, 82, 0, 86, 0, 47, 0, 42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\AllowFastServiceStartup
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableFileSyncNGSC
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\3
                Value:       42, 0, 47, 0, 42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableSoftLanding
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaAboveLock
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortana
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\System\ShellSmartScreenLevel
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\InputPersonalization\RestrictImplicitInkCollection
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\ConcatenateDefaults_AllowSavedNTLMOnly
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\SecondaryIntranetSearchScopeUrl
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseEnhancedPin
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableFileSync
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableMeteredNetworkFileSync
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Feeds\EnableFeeds
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Biometrics\Credential Provider\Enabled
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableSensors
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\InputPersonalization\AllowInputPersonalization
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\SQMClient\Windows\StudyId
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\1
                Value:       84, 0, 69, 0, 82, 0, 77, 0, 83, 0, 82, 0, 86, 0, 47, 0, 42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseTPMKey
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\System\EnableSmartScreen
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\OneDrive\DisableLibrariesDefaultSaveToOneDrive
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\FDVEnforcePassphrase
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows NT\Printers\KMPrintersAreBlocked
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\FDVPassphrase
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Personalization\NoLockScreen
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseAdvancedStartup
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\EnabledV9
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\RDVPassphraseLength
                Value:       8, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseLength
                Value:       8, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\FDVPassphraseComplexity
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\SQMClient\CorporateSQMURL
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableWindowsLocationProvider
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowIndexingEncryptedStoresOrItems
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocationScripting
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\UX Configuration\Notification_Suppress
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCortanaInAADPathOOBE
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableNotifications
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender\ServiceKeepAlive
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly\2
                Value:       42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\FDVPassphraseLength
                Value:       8, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseTPMKeyPIN
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoAutorun
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowSearchToUseLocation
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AllowCloudSearch
                State:       disabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Ext\DisableAddonLoadTimePerformanceNotifications
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: System\CurrentControlSet\Control\FileSystem\LongPathsEnabled
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\ConnectedSearchUseWebOverMeteredConnections
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\AllowOnlineTips
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\MicrosoftEdge\PhishingFilter\PreventOverride
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\RDVPassphrase
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\AU\AlwaysAutoRebootAtScheduledTime
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\EdgeUI\AllowEdgeSwipe
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows Defender Security Center\Notifications\DisableEnhancedNotifications
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentials\3
                Value:       42, 0, 47, 0, 42, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\EdgeUI\DisableHelpSticker
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\HomeGroup\DisableHomeGroup
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\CloudContent\DisableWindowsConsumerFeatures
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\EnableBDEWithNoTPM
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\DataCollection\AllowTelemetry
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseComplexity
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\SetActiveHours
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseTPM
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\SetAutoRestartNotificationDisable
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\OSPassphraseASCIIOnly
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDriveTypeAutoRun
                Value:       255, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\WindowsUpdate\ActiveHoursEnd
                Value:       23, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\RDVEnforcePassphrase
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\LocationAndSensors\DisableLocation
                Value:       1, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\AutoIndexSharedFolders
                Value:       0, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\FVE\UseTPMPIN
                Value:       2, 0, 0, 0
                State:       Enabled

            GPO: Local Group Policy
                Folder Id: Software\Policies\Microsoft\Windows\Windows Search\PrimaryIntranetSearchScopeUrl
                State:       disabled
Services: https://pastebin.com/ZYVyXJRY

Startup programs:
- Monitorian
- T-Clock Redux

Background Programs (that do not come with Windows):
- KeePass2
- Telegram
- Monitorian
- T-Clock Redux
- Microsoft Office Click-To-Run (SxS)
- NVIDIA Container
- SQL Server VSS Writer - 64 bit
- SQL Server Windows NT - 64 bit
- VMWare Services (4x)

Disk Layout:
Image

Every time I have to restore the cookies using an extension that allows backing up and importing cookies to/from a file. Passwords I import through a CSV file into Chromium.

This issue I initially attributed to a buggy chromium but the more it happened the more I realized it only happens (sometimes) when I run Veeam after it has not ran for a long time (days or weeks or more).
This issue also affects other programs that use Windows Encryption APIs like Bitvise SSH for private RSA key storage.

The only "differences" that quickly come to mind compared to other computers:
- Two more NVMe SSDs (could it be??)
- 64GB of RAM instead of 32GB or 16GB (could it be??)
- Installed VMWare Workstation software (no running virtual machines) (Doubt this is the problem)
- Installed Visual Studio 2022 (Doubt this is the problem)
- Installed WSL2 (Doubt this is the problem)
- T-Clock Redux? (Doubt this is the problem)
- Two screens connected (laptop and other PC only have one screen each) (Doubt this is the problem)
- GPO (but should mostly be the same between machines..) (could it be??)
grasmanek94
Lurker
Posts: 2
Liked: never
Joined: Jan 25, 2023 12:50 pm
Contact:

Re: Case #05535134 | Starting Veeam service and/or tray application removes cryptographic keys (removes cookies in chrom

Post by grasmanek94 »

I can't seem to edit the post anymore, but I have to add the following:

I checked the Chromium browsers database files (AppData -> Local -> <Chromium/Google/Microsoft>), these were NOT MODIFIED when starting Veeam and losing cookies/passwords.
maffe
Lurker
Posts: 1
Liked: never
Joined: Apr 14, 2024 7:03 pm
Full Name: maffe
Contact:

Re: Case #05535134 | Starting Veeam service and/or tray application removes cryptographic keys (removes cookies in chrom

Post by maffe »

We have exactly the same issue.
Very anoying all passwords gone in Chrome, never seen this before.
It happends me twice and now i see this post. I'am not the only one...
Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests