Security
Prompts for uninstall password. Leave blank if no password is needed. Then downloads and runs the BitDefender uninstall tool silently.
Read MoreScript folder allows for audit and removal of registered antivirus software in Windows. Sometimes, after switching A/V providers WMI entries will be left behind. These extra entries can interfere with auditing the active A/V software. Note, this will not uninstall any A/V.
Read MoreRestores HKEY_CLASSES_ROOT\ms-msdt. Backup required before resoration. Can report using $CVE202230190$.
Read MoreMakes a backup of HKEY_CLASSES_ROOT\ms-msdt per mitigation instructions. Saves backup file to kworking directory then deletes in the registry. Can report using $CVE202230190$.
Read MoreUses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan of the home drive on the local machine (using YARA) for potential Log4j. Also sets the mitigation field "LOG4J_FORMAT_MSG_NO_LOOKUPS". Can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.
Read MoreUses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan (using YARA) of the home drive on the local machine for potential Log4j. can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.
Read MoreUses registry keys to re-allow installation of new ActiveX controls. Reboot may be required for changes to take effect.
Read MoreUses registry keys to prevents installation of new ActiveX controls as a security measure. Then restarts the computer after 5 minutes. Addresses the vulnerability listed here.
Read MoreCompares hosts file to last time script was run, or empty/clean hosts file on first run. Can report using $HostsFile$. Will email if change is detected, can set email address by editing first line of this script (default is the registered admin’s email who scheduled).
Read MoreEnables Print Spooler, which will not protect against PrintNightmare.
Read More