Security

Log4j Scan with Mitigation

Uses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan of the home drive on the local machine (using YARA) for potential Log4j. Also sets the mitigation field "LOG4J_FORMAT_MSG_NO_LOOKUPS". Can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.

Read More

Log4j Scan

Uses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan (using YARA) of the home drive on the local machine for potential Log4j. can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.

Read More

IE enable new ActiveX control installs

Uses registry keys to re-allow installation of new ActiveX controls. Reboot may be required for changes to take effect.

Read More

IE disable new ActiveX control installs

Uses registry keys to prevents installation of new ActiveX controls as a security measure. Then restarts the computer after 5 minutes. Addresses the vulnerability listed here.

Read More

Hosts File Changed Audit

Compares hosts file to last time script was run, or empty/clean hosts file on first run. Can report using $HostsFile$. Will email if change is detected, can set email address by editing first line of this script (default is the registered admin’s email who scheduled).

Read More

PrintNightmare – enable Print Spooler service

Enables Print Spooler, which will not protect against PrintNightmare.

Read More

PrintNightmare – disable Print Spooler service

Disables Print Spooler, which will protect against PrintNightmare.

Read More

PrintNightmare – ACL unlock

Removes ACL change in the ‘PrintNightmare – ACL lock’ script.

Read More

PrintNightmare – ACL lock

Changes ACL to prevent any printer modifications. This protects against PrinterNightmare, but must be reverted to make any changes to printers.

Read More
Dell Driver Update

Dell Security Advisory Update DSA-2021-088 install

Downloads and runs Dell’s removal tool for the vulnerable driver. Prints results to the procedure log. Can report using $DBUtil$.

Read More