Kaseya

Meltdown Reg Key Audit

This agent procedure will check for the existence of the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” using a powershell script. Can report using $Meltdown$, $MeltdownKey$, $NoMeltdownKey$. $Meltdown$ is the same as $MeltdownKey$ but works across multiple scripts. $NoMeltdownKey$ will only show machines that are missing the key.

Read More

Audit Physical NICs

Runs PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.

Read More

HP Synaptic Touchpad Keylogger check

Checks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.

Read More

INTEL-SA-00075 Detection and Mitigation Tool Script

Downloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml

Read More

Enable / Disable CDPSvc CDPUserSvc

A Folder with two scripts, one to enable and the other to disable the CDPSvc CDPUserSvc services. The script downloads a VBS that will execute and enable or disable the services. Acknowledgments: Glenn Turner for the VBS

Read More

Audit – MS Outlook Version (by build)

Microsoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017 This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook…

Read More

BGInfo – add to startup

Adds BGInfo and a default custom file to the kworking directory. Then adds registry entry to run on startup using the custom file. Can edit line 3 to use “WriteFile” command and use your own custom BGInfo file, if desired.

Read More

Shared folder available offline

Script prompts for folder location. Then uses a “net share” command to set the folder to be available offline. May only work with shared folders that are in mounted drive locations.

Read More

Disable MS Security Center and Backup Notifications

dds registry keys to suppress notifications from the Security Center and Windows Backup. For Windows 10, requires user to be logged on and only effects that user.

Read More

Windows Defender Definitions Updated within X days

Performs a dump of protectionManagement (VBS) and/or Get-MpComputerStatus (Powershell). If either returns the Windows Defender information the script will use another VBS to pull the virus signature age and compare it to the number you will be asked to input when the script is run. Defender information does not appear to be accessible on anything…

Read More