Security

SentinelOne Agent Migration

Migrates a business licensed version of SentinelOne to a new mgmt server. Must edit first two lines of the script with the new server url and binding. Will prompt for the passphrase when ran. Can report using $S1$, $S1error$.

Read More

IP Regulation

Folder of scripts that contain information gathering and regulation for IPv4/v6 enabled interfaces. These scripts are 1) for detecting if a machine has a public IPv4 address 2) if a machine has any IPv6 address 3) removing IPv6 from interfaces. Additional IP Regulation scripts can be added to this collection upon request.

Read More

SonicWall Capture – Installer

Installs the SonicWall Capture client (SentinelOne). You will need to provide the download location link as provided in the Cloud console (Management, Client Installers, Copy link). Reboot will usually be needed. CaptureClient will pop up on users screen, so let them know to ignore… It will also show them a reboot is needed).

Read More

BitDefender Uninstaller

Prompts for uninstall password. Leave blank if no password is needed. Then downloads and runs the BitDefender uninstall tool silently.

Read More

Antivirus WMI Management

Script folder allows for audit and removal of registered antivirus software in Windows. Sometimes, after switching A/V providers WMI entries will be left behind. These extra entries can interfere with auditing the active A/V software. Note, this will not uninstall any A/V.

Read More

CVE-2022-30190 mitigation, restore from backup

Restores HKEY_CLASSES_ROOT\ms-msdt. Backup required before resoration. Can report using $CVE202230190$.

Read More

CVE-2022-30190 mitigation and backup

Makes a backup of HKEY_CLASSES_ROOT\ms-msdt per mitigation instructions. Saves backup file to kworking directory then deletes in the registry. Can report using $CVE202230190$.

Read More

Log4j Scan with Mitigation

Uses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan of the home drive on the local machine (using YARA) for potential Log4j. Also sets the mitigation field "LOG4J_FORMAT_MSG_NO_LOOKUPS". Can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.

Read More

Log4j Scan

Uses a modified version of the Datto mitigation script to work with Kaseya. This runs a scan (using YARA) of the home drive on the local machine for potential Log4j. can report using $Log4j$, $Log4jOOD$. Emails YARA failures and scan detections to Kaseya admin.

Read More

IE enable new ActiveX control installs

Uses registry keys to re-allow installation of new ActiveX controls. Reboot may be required for changes to take effect.

Read More