Kaseya Community

Audit For Non-EXE File Types

This question is not answered

Is is possible to audit for non EXE file types?  Specifically, I am looking to find all PST files on machines.  Is this possible?

Thanks in advance.

All Replies
  • Here Is a DIRTY procedure I have for auditing PST's

    I'm working on a new one in VBS that gives me a bit better control as currently this only does local PST's (missing PST's on a network drive)

    It outputs to csv and txt

    ---------------------------------------------------------------------------------------------------------------------------------------------------------

    <?xml version="1.0" encoding="utf-8"?>
    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">
      <Procedure name="Audit Local PST Files UPDATED" treePres="3" id="2036346673" folderId="31958447124114443814617616">
        <Body description="Searches for all files by using a set of file masks and creates a simple TXT log file and CSV file listing of the files found with full path/filename, date and time last accessed, size in bytes, owner and filename.">
          <Statement description="Write an Entry into the Procedure Log" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="Starting PST Scan" />
          </Statement>
          <Statement description="Write an Entry into the Procedure Log" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="Setting up Vairables" />
          </Statement>
          <Statement description="" name="GetVariable" continueOnFail="false">
            <Parameter xsi:type="EnumParameter" name="VariableType" value="MachineGroupID" />
            <Parameter xsi:type="StringParameter" name="SourceContent" value="" />
            <Parameter xsi:type="StringParameter" name="VariableName" value="machagentid" />
          </Statement>
          <Statement description="" name="GetVariable" continueOnFail="false">
            <Parameter xsi:type="EnumParameter" name="VariableType" value="ConstantValue" />
            <Parameter xsi:type="StringParameter" name="SourceContent" value="#machagentid#PSTFiles.txt" />
            <Parameter xsi:type="StringParameter" name="VariableName" value="logfile" />
          </Statement>
          <Statement description="" name="GetVariable" continueOnFail="false">
            <Parameter xsi:type="EnumParameter" name="VariableType" value="ConstantValue" />
            <Parameter xsi:type="StringParameter" name="SourceContent" value="#machagentid#PSTFiles.csv" />
            <Parameter xsi:type="StringParameter" name="VariableName" value="csvfile" />
          </Statement>
          <Statement description="" name="GetVariable" continueOnFail="false">
            <Parameter xsi:type="EnumParameter" name="VariableType" value="ConstantValue" />
            <Parameter xsi:type="StringParameter" name="SourceContent" value="c:\*.pst" />
            <Parameter xsi:type="StringParameter" name="VariableName" value="filemasks" />
          </Statement>
          <Statement description="Write an Entry into the Procedure Log" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="Copy Audit batch file from VSA server to local client" />
          </Statement>
          <Statement description="" name="WriteFile" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Path" value="#vAgentConfiguration.agentTempDir#\fileaudt.cmd" />
            <Parameter xsi:type="StringParameter" name="ManagedFile" value="VSASharedFiles\Scripts\fileaudit.cmd" />
            <Parameter xsi:type="BooleanParameter" name="DeleteAfter" value="False" />
          </Statement>
          <Statement description="Write an Entry into the Procedure Log" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="Execute copied CMD file on local client " />
          </Statement>
          <Statement description="" name="ExecuteShellCommand" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Command" value="cmd.exe /c #vAgentConfiguration.agentTempDir#\fileaudt.cmd #vAgentConfiguration.agentTempDir# #logfile# #csvfile# #machagentid# #filemasks#" />
            <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="User" />
            <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />
          </Statement>
          <Statement description="Write an Entry into the Procedure Log" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="Copy TXT and CSV from Local client to VSA Docs " />
          </Statement>
          <Statement description="" name="GetFile" continueOnFail="true">
            <Parameter xsi:type="StringParameter" name="RemoteFileName" value="#vAgentConfiguration.agentTempDir#\#logfile#" />
            <Parameter xsi:type="StringParameter" name="KServerFileName" value="..\..\pstaudit\#logfile#" />
            <Parameter xsi:type="EnumParameter" name="Action" value="OverwriteNoAlert" />
          </Statement>
          <Statement description="" name="GetFile" continueOnFail="true">
            <Parameter xsi:type="StringParameter" name="RemoteFileName" value="#vAgentConfiguration.agentTempDir#\#csvfile#" />
            <Parameter xsi:type="StringParameter" name="KServerFileName" value="..\..\pstaudit\#csvfile#" />
            <Parameter xsi:type="EnumParameter" name="Action" value="OverwriteNoAlert" />
          </Statement>
          <Statement description="" name="GetVariable" continueOnFail="true">
            <Parameter xsi:type="EnumParameter" name="VariableType" value="FileContent" />
            <Parameter xsi:type="StringParameter" name="SourceContent" value="#vAgentConfiguration.agentTempDir#\#logfile#" />
            <Parameter xsi:type="StringParameter" name="VariableName" value="filelog" />
          </Statement>
          <Statement description="" name="WriteScriptLogEntry" continueOnFail="false">
            <Parameter xsi:type="StringParameter" name="Comment" value="PST/OST File List: #filelog#" />
          </Statement>
        </Body>
      </Procedure>
    </ScriptExport>

    ---------------------------------------------------------------------------------------------------------------------------------------------------------