Kaseya
Folder containing all the current meltdown scripts: Meltdown Reg Key Audit Meltdown Reg Key Force Add Meltdown/Spectre Vulnerability Check Meltdown/Spectre Vulnerability Check (w/ Tags)
Read MoreThis agent procedure will create the registry key “HKEY_LOCAL_MACHINE:\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat” Value=”cadca5fe-87d3-4b96-b7fb-a231484277cc” Type=”REG_DWORD” on any Windows machine using a powershell script. The registry key is not always required to get the Windows Update to protect against the Meltdown vulnerability. It is advised to check the list of Antivirus at: https://docs.google.com/spreadsheets/d/184wcDt9I9TUNFFbsAVLpzAtckQxYiuirADzf3cL42FQ/htmlview?sle=true#gid=0 You can find more information on this…
Read MoreThis agent procedure will check for the existence of the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” using a powershell script. Can report using $Meltdown$, $MeltdownKey$, $NoMeltdownKey$. $Meltdown$ is the same as $MeltdownKey$ but works across multiple scripts. $NoMeltdownKey$ will only show machines that are missing the key.
Read MoreRuns PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.
Read MoreChecks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.
Read MoreDownloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml
Read MoreA Folder with two scripts, one to enable and the other to disable the CDPSvc CDPUserSvc services. The script downloads a VBS that will execute and enable or disable the services. Acknowledgments: Glenn Turner for the VBS
Read MoreMicrosoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017 This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook…
Read MoreAdds BGInfo and a default custom file to the kworking directory. Then adds registry entry to run on startup using the custom file. Can edit line 3 to use “WriteFile” command and use your own custom BGInfo file, if desired.
Read MoreScript prompts for folder location. Then uses a “net share” command to set the folder to be available offline. May only work with shared folders that are in mounted drive locations.
Read More