Windows General
Installs PS module and runs powershell command Get-SpeculationControlSettings. Outputs the results to a file and reports to the procedure log. Procedure log will indicate if patching may be required. Should work on Powershell 3.0 or later. Results are saved to custom variable (“updateSystemInfo” lines will need to be edited to link to your variable). It…
Read MoreImports PS module and runs powershell command Get-SpeculationControlSettings. Outputs the results to a file and reports to the procedure log. Procedure log will indicate if patching may be required. Should work on Powershell 3.0 or later. Can run report using tags: $Meltdown$, $MetldownPatch$, $NoMeltdownPatch$, $MeltdownLog$. $Meltdown$ is the same as $MeltdownPatch$ but works across multiple…
Read MoreFolder containing all the current meltdown scripts: Meltdown Reg Key Audit Meltdown Reg Key Force Add Meltdown/Spectre Vulnerability Check Meltdown/Spectre Vulnerability Check (w/ Tags)
Read MoreThis agent procedure will create the registry key “HKEY_LOCAL_MACHINE:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD” on any Windows machine using a powershell script. The registry key is not always required to get the Windows Update to protect against the Meltdown vulnerability. It is advised to check the list of Antivirus at: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0 You can find more information on this…
Read MoreThis agent procedure will check for the existence of the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” using a powershell script. Can report using $Meltdown$, $MeltdownKey$, $NoMeltdownKey$. $Meltdown$ is the same as $MeltdownKey$ but works across multiple scripts. $NoMeltdownKey$ will only show machines that are missing the key.
Read MoreRuns PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.
Read MoreChecks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.
Read MoreDownloads and runs a simple application that reports to a text file called realdrives.txt the drive letters in a comma delimited format. The drive must be a physical local drive, not USB attached and greater than 10GB in size. It then writes the contents of the text file to a new Audit field I created…
Read MoreA Folder with two scripts, one to enable and the other to disable the CDPSvc CDPUserSvc services. The script downloads a VBS that will execute and enable or disable the services. Acknowledgments: Glenn Turner for the VBS
Read MoreScript downloads vbs file to determine what AntiVirus, Version, and if AntiVirus is up to date, by checking several WMI classes. Script writes all info to script log. You are able to run a report to gather info by searching Agent Procedure Logs for $AVInfo$ $Audit$ $OOD$. Script sends email to stored variable in step…
Read More