Security
Sets permissions on powershell.exe to prevent users from running powershell scripts. This will also prevent Kaseya from running powershell commands "as user" as well. Can edit the first line of this script to change the user group if needed.
Read MoreProcedure to check the endpoints for the mining exploit. Created by Douglas Sanchez (douglas.sanchez@kaseya.com) You MUST create a custom field called “XMR” as documented in Kaseya’s article 1-29-18 Modified by Chris A – Virtual Administrator to add Tags, and reduce un-needed entries Review the following video to build a report off the tags. The tag…
Read MoreChecks file system for SynTP.sys and gets the version number from the file. Compares the version number to see if it’s the affected 19.3.11.37 version. Will report the results to the script log. Can generate a report using the tags $HPkeylogger$ and $HPkeyloggerFound$.
Read MoreDownloads and installs intel-sa-0075. Then runs the tool to detect of the machine is vulnerable. Can report using $intel-sa-00075$ and $intel-vulnerable$ to see only the vulnerable machines. Also uploads a copy of the full report to to GetFile as intel-sa-00075.xml
Read MoreFrom Kaseya’s Automation Exhange. You can find the original here. This is an Agent Procedure to protect Windows endpoints against the Bad Rabbit Malware. The procedure create 2 files (C:\Windows\cscc.dat and C:\Windows\infpub.dat) and disable inheritance from these files. Link for more information on the new ransomware: http://www.zdnet.com/article/bad-rabbit-ten-things-you-need-to-know-about-the-latest-ransomware-outbreak/ Link about the vaccine: https://www.cybereason.com/blog/cybereason-researcher-discovers-vaccine-for-badrabbit-ransomware
Read MoreScript downloads vbs file to determine what AntiVirus, Version, and if AntiVirus is up to date, by checking several WMI classes. Script writes all info to script log. You are able to run a report to gather info by searching Agent Procedure Logs for $AVInfo$ $Audit$ $OOD$. Script sends email to stored variable in step…
Read MorePerforms the Vaccination as described in this article, by creating a few read only files which should prevent NotPetya/Petya/Petna/SortaPetya infections.
Read MoreScript audits machines for the presence of two certificates identified by checking Registry keys. Results of audit recorded in the Agent Procedure log using the tag $DellCert$. If you ONLY want to see machines that have the certificates, then filter on $OOD$.
Read MoreUses the DellCertFix.exe tool, downloaded from Dell to apply the Fix. Problem is outlined in this article: http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2015/11/23/response-to-concerns-regarding-edellroot-certificate
Read MoreScript determines if machine is x64(THEN) or x32(ELSE) it than writes registry DWORD value with variable name which will hide account entered from prompt. Writes to script log if successful. Script prompts for username when script is being scheduled.
Read More