Kaseya
This agent procedure will check for the existence of the registry key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\QualityCompat\cadca5fe-87d3-4b96-b7fb-a231484277cc” using a powershell script. Can report using $Meltdown$, $MeltdownKey$, $NoMeltdownKey$. $Meltdown$ is the same as $MeltdownKey$ but works across multiple scripts. $NoMeltdownKey$ will only show machines that are missing the key.
Read MoreRuns PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.
Read MoreChecks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.
Read MoreDownloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml
Read MoreA Folder with two scripts, one to enable and the other to disable the CDPSvc CDPUserSvc services. The script downloads a VBS that will execute and enable or disable the services. Acknowledgments: Glenn Turner for the VBS
Read MoreMicrosoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017 This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook…
Read MoreAdds BGInfo and a default custom file to the kworking directory. Then adds registry entry to run on startup using the custom file. Can edit line 3 to use “WriteFile” command and use your own custom BGInfo file, if desired.
Read MoreScript prompts for folder location. Then uses a “net share” command to set the folder to be available offline. May only work with shared folders that are in mounted drive locations.
Read Moredds registry keys to suppress notifications from the Security Center and Windows Backup. For Windows 10, requires user to be logged on and only effects that user.
Read MorePerforms a dump of protectionManagement (VBS) and/or Get-MpComputerStatus (Powershell). If either returns the Windows Defender information the script will use another VBS to pull the virus signature age and compare it to the number you will be asked to input when the script is run. Defender information does not appear to be accessible on anything…
Read More