Script Category: Audit

Audit – MS Outlook Version (by build)

Microsoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017

This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook install.

The script checks file system locations for “outlook.exe” and gets the version number from the file. It then compares the build number to minimum required build numbers stored as variables in the script at lines 5-9. The script will write to the procedure log if the outlook version is above or equal to that build version. Can report using $Outlook$, $UTD$, or $Audit$.
If the installed file is below the required minimum, then it will write to the Agent Procedure log with a $OOD$ tag.

If your version of office is not being detected send the file location of your outlook.exe to VirtualAdministrator so it can be added as a search location.

Windows Defender Definitions Updated within X days

Performs a dump of protectionManagement (VBS) and/or Get-MpComputerStatus (Powershell). If either returns the Windows Defender information the script will use another VBS to pull the virus signature age and compare it to the number you will be asked to input when the script is run. Defender information does not appear to be accessible on anything… Continue Reading

RMM Detector

Downloads a VBS script and an RMM definitions file to identify potential RMM tools installed on a machine. The script uses the definition file to make matches in the registry as it looks for anything from known RMM publishers. These programs are logged and if changes are detected between runs an alert email is sent.… Continue Reading

Monitor MX record changes

Runs an nslookup for provided domain and stores the result in GET FILEs. If the result changes between script runs and email will be sent with the previous and new results. Writes to Agent Procedure log using $MXrecord$ tag Continue Reading

MS17-10 Audit

MS17-10 Audit script will check Windows Vista on up for the MS17-10 patch which re-mediates a vulnerability that is being used by ransomware.   Writes to agent procedure log using $MS17$ and $OOD$ tags. Limited testing has been done, please test in your environment 5-14-17 – Updated script to remove duplicate KB check. 5-15-17 – Updated… Continue Reading

Office 365 (O365) Audit

Checks for the existence of both Office 2013 and  Office 2016 “Click to run” keys, indicating Office 365 is present,  and writes to the Agent procedure log with $O365-16$ or $O365-13$ tags.    Use a Legacy Log report (Agent Procedure Log), and filter on ” *$O365* ” to get all the results, or the individual tags… Continue Reading

Service permission audit

Looks through all services and lists any that aren’t running as a system or local service. Results are written to the procdure log. A file is uploaded to the Kserver with the results. You can view this file at any time under “Get File”. If the file ever changes then the script will trigger an… Continue Reading

Sun Java Audit

Downloads txt file with current version number of java. Script determines what version is installed by checking a registry value. Script then compares both values to determine if java is out of date. Script writes results to script log for reporting purposes, filter for results with the following keywords. *$Audit$* (returns all entries regarding audit… Continue Reading

RapidFire – Network Detective Kaseya Deployment Scripts

If you are a user of RapidFire’s Network Detective, they have a series of scripts that will allow you to install the MBSA files silently to a local computer, and also run the Local data collector or the Domain Data collector. You will need to modify the script with the appropriate collector parameters and connector… Continue Reading

POODLE script tools

A folder of 4 scripts to help secure against a SSL vulnerability known as POODLE. “POODLE Fix” script simply adds the necessary registry entries to block SSLv3. It will report to the agent procedure log if the entries were added successfully. There are 2 keys, one for Server and one for Client that are added.… Continue Reading

Copyright ©2014-2016 Network Depot LLC.

12040 South Lakes Drive Suite 202 Reston, VA 20191 USA

Terms of Service - Refund Policy - Privacy Policy

Skip to toolbar