Security
Imports a reg file to default .js extension action to Edit (instead of Open), and sets the Edit command to notepad.exe.
Read MoreSets permissions on powershell.exe to allow users to run powershell scripts. This reverses the effect of the Disable Powershell script. Can edit the first line of this script to change the user group if needed.
Read MoreSets permissions on powershell.exe to prevent users from running powershell scripts. This will also prevent Kaseya from running powershell commands "as user" as well. Can edit the first line of this script to change the user group if needed.
Read MoreProcedure to check the endpoints for the mining exploit. Created by Douglas Sanchez (douglas.sanchez@kaseya.com) You MUST create a custom field called “XMR” as documented in Kaseya’s article 1-29-18 Modified by Chris A – Virtual Administrator to add Tags, and reduce un-needed entries Review the following video to build a report off the tags. The tag…
Read MoreChecks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.
Read MoreDownloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml
Read MoreFrom Kaseya’s Automation Exhange. You can find the original here. This is an Agent Procedure to protect Windows endpoints against the Bad Rabbit Malware. The procedure create 2 files (C:\Windows\cscc.dat and C:\Windows\infpub.dat) and disable inheritance from these files. Link for more information on the new ransomware: http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/ Link about the vaccine: https://www.cybereason.com/blog/cybereason-researcher-discovers-vaccine-for-badrabbit-ransomware
Read MoreScript downloads vbs file to determine what AntiVirus, Version, and if AntiVirus is up to date, by checking several WMI classes. Script writes all info to script log. You are able to run a report to gather info by searching Agent Procedure Logs for $AVInfo$ $Audit$ $OOD$. Script sends email to stored variable in step…
Read MorePerforms the Vaccination as described in this article, by creating a few read only files which should prevent NotPetya/Petya/Petna/SortaPetya infections.
Read MoreScript audits machines for the presence of two certificates identified by checking Registry keys. Results of audit recorded in the Agent Procedure log using the tag $DellCert$. If you ONLY want to see machines that have the certificates, then filter on $OOD$.
Read More