Audit
Prompts for service name. Script will then grab the service status and start type. Writes the information to the procedure log. Can report using the service name entered bracketed by $ signs (i.e. $BITS$).
Read MoreScript checks for build number. First looks for WaasAssesment, which provides a more detailed number. If it is not found, then uses a wmi query to pull the regular version number. Can report using $WinBuild$, $WaaSBuild$, $NoWaaSBuild$.
Read MoreRuns PS command Get-NetAdapter and filters it to only physical adapters and includes driver info. Can report using $NIC$.
Read MoreMicrosoft has announced that by October 31st, 2017, they will no longer support RPC over HTTP for O365. You can read about it here: https://support.microsoft.com/en-us/help/3201590/rpc-over-http-deprecated-in-office-365-on-october-31–2017 This means that only certain versions of Outlook will work. To help you identify Outlook installations that are out of compliance, we have developed this script to audit your Outlook…
Read MorePerforms a dump of protectionManagement (VBS) and/or Get-MpComputerStatus (Powershell). If either returns the Windows Defender information the script will use another VBS to pull the virus signature age and compare it to the number you will be asked to input when the script is run. Defender information does not appear to be accessible on anything…
Read MoreDownloads a VBS script and an RMM definitions file to identify potential RMM tools installed on a machine. The script uses the definition file to make matches in the registry as it looks for anything from known RMM publishers. These programs are logged and if changes are detected between runs an alert email is sent.…
Read MoreRuns an nslookup for provided domain and stores the result in GET FILEs. If the result changes between script runs and email will be sent with the previous and new results. Writes to Agent Procedure log using $MXrecord$ tag
Read MoreMS17-10 Audit script will check Windows Vista on up for the MS17-10 patch which re-mediates a vulnerability that is being used by ransomware. Writes to agent procedure log using $MS17$ and $OOD$ tags. Limited testing has been done, please test in your environment 5-14-17 – Updated script to remove duplicate KB check. 5-15-17 – Updated…
Read MoreChecks for the existence of both Office 2013 and Office 2016 “Click to run” keys, indicating Office 365 is present, and writes to the Agent procedure log with $O365-16$ or $O365-13$ tags. Use a Legacy Log report (Agent Procedure Log), and filter on ” *$O365* ” to get all the results, or the individual tags…
Read MoreLooks through all services and lists any that aren’t running as a system or local service. Results are written to the procdure log. A file is uploaded to the Kserver with the results. You can view this file at any time under “Get File”. If the file ever changes then the script will trigger an…
Read More