Kaseya Community
Installs PS module and runs powershell command Get-SpeculationControlSettings. Outputs the results to a file and reports to the procedure log. Procedure log will indicate if patching may be required. Should work on Powershell 3.0 or later. Results are saved to custom variable (“updateSystemInfo” lines will need to be edited to link to your variable). It…
Read MoreFolder containing all the current meltdown scripts: Meltdown Reg Key Audit Meltdown Reg Key Force Add Meltdown/Spectre Vulnerability Check Meltdown/Spectre Vulnerability Check (w/ Tags)
Read MoreThis agent procedure will create the registry key “HKEY_LOCAL_MACHINE:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD” on any Windows machine using a powershell script. The registry key is not always required to get the Windows Update to protect against the Meltdown vulnerability. It is advised to check the list of Antivirus at: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0 You can find more information on this…
Read MoreDownloads and runs a simple application that reports to a text file called realdrives.txt the drive letters in a comma delimited format. The drive must be a physical local drive, not USB attached and greater than 10GB in size. It then writes the contents of the text file to a new Audit field I created…
Read MoreFrom Kaseya’s Automation Exhange. You can find the original here. This is an Agent Procedure to protect Windows endpoints against the Bad Rabbit Malware. The procedure create 2 files (C:\Windows\cscc.dat and C:\Windows\infpub.dat) and disable inheritance from these files. Link for more information on the new ransomware: http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/ Link about the vaccine: https://www.cybereason.com/blog/cybereason-researcher-discovers-vaccine-for-badrabbit-ransomware
Read MoreThis agent procedure will block (defer) the Windows 10 major upgrades such as the creators updates or October 2018 update. The windows update cannot be blocked be it can be delayed for 180 days changing a few windows options via registry keys. This procedure works on Windows 10 Pro, Enterprise and Education only. If you…
Read MorePush KAV/Kaspersky Definition update – forces an update of the AV definitions. This script was originally provided by Kaseya support, but was updated on 3/14/16 after post by Combo claiming better luck with it running as a file, vs. shell. http://community.kaseya.com/xsp/f/142/t/21809.aspx?pi5364=1 . Modified slightly by Virtual Administrator. WARNING: This Agent Procedure is provided “AS-IS”. Agent…
Read MoreCheck Kaseya KAV Definition Date – Script requires that you setup a Custom field called “KAVDefinitionsOutOfDate”. This script and concept were originally published by Gonzalo Carrillo at Kaseya (https://helpdesk.kaseya.com/entries/98225418-Work-Around-KAV-Definition-Date-Does-Not-Match-Endpoint-And-Incorrectly-Reports-Out-of-Date), but we updated and modified the script to include all version of Kaseya, and we also removed the requirement to have to input an exact date…
Read MoreChecks various registry entries for indicators of a Crypto infection. Also, generates a “honeypot” document, If the document becomes encrypted the script will alarm as well.. Able to report with $CryptoAudit$, $CryptoYES$. Acknowledgments: Many thanks to MarcR, MattK from Kaseya Community for inspiration as posted on http://community.kaseya.com/resources/m/knowexch/86518.aspx#pi5230=2 This script is provided “AS-IS”. Please make sure…
Read MoreMonitor Set – Monitors the IIS 6 IISAdmin Service. DISCLAIMER: All Monitor sets should be used as a guideline. Thresholds set, may not be suitable for your exact environment. What works for large clients, may not work for small ones, and vice-versa. Once you assign the monitor set, review the data and make any…
Read More