Security

Open .js files in notepad

Imports a reg file to default .js extension action to Edit (instead of Open), and sets the Edit command to notepad.exe.

Read More

Enable Powershell

Sets permissions on powershell.exe to allow users to run powershell scripts. This reverses the effect of the Disable Powershell script. Can edit the first line of this script to change the user group if needed.

Read More

Disable PowerShell

Sets permissions on powershell.exe to prevent users from running powershell scripts. This will also prevent Kaseya from running powershell commands "as user" as well. Can edit the first line of this script to change the user group if needed.

Read More

XMR Endpoint Check

Procedure to check the endpoints for the mining exploit. Created by Douglas Sanchez (douglas.sanchez@kaseya.com) You MUST create a custom field called “XMR” as documented in Kaseya’s article 1-29-18 Modified by Chris A – Virtual Administrator to add Tags, and reduce un-needed entries Review the following video to build a report off the tags. The tag…

Read More

HP Synaptic Touchpad Keylogger check

Checks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.

Read More

INTEL-SA-00075 Detection and Mitigation Tool Script

Downloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml

Read More

Bad Rabbit Vaccine

From Kaseya’s Automation Exhange. You can find the original here. This is an Agent Procedure to protect Windows endpoints against the Bad Rabbit Malware. The procedure create 2 files (C:\Windows\cscc.dat and C:\Windows\infpub.dat) and disable inheritance from these files. Link for more information on the new ransomware: http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/ Link about the vaccine: https://www.cybereason.com/blog/cybereason-researcher-discovers-vaccine-for-badrabbit-ransomware

Read More

WMI AntiVirus Info – Field Update

Script downloads vbs file to determine what AntiVirus, Version, and if AntiVirus is up to date, by checking several WMI classes. Script writes all info to script log. You are able to run a report to gather info by searching Agent Procedure Logs for $AVInfo$ $Audit$ $OOD$. Script sends email to stored variable in step…

Read More

Nopetya Vaccination and Immunization

Performs the Vaccination as described in this article, by creating a few read only files which should prevent NotPetya/Petya/Petna/SortaPetya infections.

Read More

Dell root cert Audit

Script audits machines for the presence of two certificates identified by checking Registry keys.  Results of audit recorded in the Agent Procedure log using the tag $DellCert$.   If you ONLY want to see machines that have the certificates, then filter on $OOD$.

Read More