kennedysupportany updates on this project?
Script Name: MBAM FULLAUTO Script Description: IF True THEN Get Variable Parameter 1 : 10 Parameter 2 : Parameter 3 : tempagent OS Type : 0 Write File Parameter 1 : #tempagent#\mbam-setup.exe Parameter 2 : VSASharedFiles\mbam-setup.exe OS Type : 0 Pause Script Parameter 1 : 180 OS Type : 0 Execute File Parameter 1 : #tempagent#\mbam-setup.exe Parameter 2 : #tempagent#\mbam-setup.exe /SP- /VERYSILENT /NOCANCEL Parameter 3 : 3 OS Type : 0 Pause Script Parameter 1 : 300 OS Type : 0 Execute File Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Parameter 2 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runupdate Parameter 3 : 3 OS Type : 0 Pause Script Parameter 1 : 300 OS Type : 0 Execute File Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" Parameter 2 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /fullauto Parameter 3 : 3 OS Type : 0 Pause Script Parameter 1 : 900 OS Type : 0 Execute File Parameter 1 : C:\Program Files\Malwarebytes' Anti-Malware (tech)\unins000.exe Parameter 2 : C:\Program Files\Malwarebytes' Anti-Malware (tech)\unins000.exe /VERYSILENT /NORESTART Parameter 3 : 3 OS Type : 0 ELSE
ReedMikelI bought MBAM's Technician's License ($100/yr) several months ago and wrote this script for unattended install and scanning. I saw a post in this thread where somebody mentioned Safe mode. I usually like to scan using AV products in Safe mode too, but the tech at MB told me to NOT scan in Safe mode with their product. He said it does a better job in Normal mode. So I stripped the Safe mode portion out of my script. Script Notes: - Replace below with, you guessed it, your email address. - MBAM installs in a subfolder named MBAM inside agent's temp dir. - IF section tests whether the latest version of MBAM is installed on agent by checking the CHANGES.RTF (revision history) file. You'll want to change the 1.41 to whatever version you have. - Save your MBAM installer as VSASharedFiles\Security\MBAM\mbam-tech.exe - I have another script that uninstalls MBAM. I manually schedule that script after I'm convinced MBAM has removed the infections... Script Name: MalwareBytes.org - installs/runs mbam.exe & scans Script Description: Tests if MBAM(tech) is installed. If yes, updates mbam and does a /fullscan. If not, copies mbam from KServer and installs it, then does a fullscan. Sends an emails containing results of scan from log file... IF Test File Parameter 1 : #vAgentConfiguration.agentTempDir#\mbam\changes.rtf Contains :Version 1.41 THEN Use Credential - (Continue on Fail) OS Type : -1 Send Message - (Continue on Fail) Parameter 1 : Checking for updates to MBAM, downloading & installing if found... Parameter 2 : 1 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate Parameter 2 : 0 OS Type : 0 Pause Script - (Continue on Fail) Parameter 1 : 20 OS Type : 0 Send Message Parameter 1 : Currently scanning your machine for infections. Please do not close the Malwarebytes program as it will interrupt the scan. We will be notified automatically when the scan finishes and will resume work on this PC at that time. Thank you. Parameter 2 : 1 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt Parameter 2 : 0 OS Type : 0 Execute Shell Command - (Continue on Fail) Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto Parameter 2 : 0 OS Type : 0 Get Variable - (Continue on Fail) Parameter 1 : 6 Parameter 2 : Parameter 3 : MachineID OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : c:\MBAMLog.txt Parameter 3 : ScanLog OS Type : 0 Send Email - (Continue on Fail) Parameter 1 : Parameter 2 : MBAM Scan on #MachineID#. Parameter 3 : #ScanLog# OS Type : 0 ELSE Use Credential OS Type : 0 Delete File - (Continue on Fail) Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe OS Type : 0 Write File Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe Parameter 2 : VSASharedFiles\Security\MBAM\mbam-tech.exe OS Type : 0 Pause Script Parameter 1 : 10 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.AgentTempDir#\mbamSetup.exe" /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /DIR=#vAgentConfiguration.agentTempDir#\mbam Parameter 2 : 0 OS Type : 0 Pause Script Parameter 1 : 20 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt Parameter 2 : 0 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate Parameter 2 : 0 OS Type : 0 Pause Script Parameter 1 : 20 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto Parameter 2 : 0 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : MachineID OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : c:\MBAMLog.txt Parameter 3 : ScanLog OS Type : 0 Send Email Parameter 1 : Parameter 2 : #MachineID#: MBAM scan completed Parameter 3 : #ScanLog# OS Type : 0 I wish I could remember who to credit for some of the code I used. I think that's where I got the IF code from...
Script Name: MalwareBytes.org - installs/runs mbam.exe & scans Script Description: Tests if MBAM(tech) is installed. If yes, updates mbam and does a /fullscan. If not, copies mbam from KServer and installs it, then does a fullscan. Sends an emails containing results of scan from log file... IF Test File Parameter 1 : #vAgentConfiguration.agentTempDir#\mbam\changes.rtf Contains :Version 1.41 THEN Use Credential - (Continue on Fail) OS Type : -1 Send Message - (Continue on Fail) Parameter 1 : Checking for updates to MBAM, downloading & installing if found... Parameter 2 : 1 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate Parameter 2 : 0 OS Type : 0 Pause Script - (Continue on Fail) Parameter 1 : 20 OS Type : 0 Send Message Parameter 1 : Currently scanning your machine for infections. Please do not close the Malwarebytes program as it will interrupt the scan. We will be notified automatically when the scan finishes and will resume work on this PC at that time. Thank you. Parameter 2 : 1 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt Parameter 2 : 0 OS Type : 0 Execute Shell Command - (Continue on Fail) Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto Parameter 2 : 0 OS Type : 0 Get Variable - (Continue on Fail) Parameter 1 : 6 Parameter 2 : Parameter 3 : MachineID OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : c:\MBAMLog.txt Parameter 3 : ScanLog OS Type : 0 Send Email - (Continue on Fail) Parameter 1 : Parameter 2 : MBAM Scan on #MachineID#. Parameter 3 : #ScanLog# OS Type : 0 ELSE Use Credential OS Type : 0 Delete File - (Continue on Fail) Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe OS Type : 0 Write File Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe Parameter 2 : VSASharedFiles\Security\MBAM\mbam-tech.exe OS Type : 0 Pause Script Parameter 1 : 10 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.AgentTempDir#\mbamSetup.exe" /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /DIR=#vAgentConfiguration.agentTempDir#\mbam Parameter 2 : 0 OS Type : 0 Pause Script Parameter 1 : 20 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt Parameter 2 : 0 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate Parameter 2 : 0 OS Type : 0 Pause Script Parameter 1 : 20 OS Type : 0 Execute Shell Command Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto Parameter 2 : 0 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : MachineID OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : c:\MBAMLog.txt Parameter 3 : ScanLog OS Type : 0 Send Email Parameter 1 : Parameter 2 : #MachineID#: MBAM scan completed Parameter 3 : #ScanLog# OS Type : 0
billmcclDo you have to have Auto-IT to run your script?
billmcclIs there different mbam-setup.exe downloads from Malwarebytes for Free, Tech and Corporate? Or is it the same one and when you register it (Corporate) it allows the additional features? Thanks!
SMasonHere is what I came up with. Disclaimer: this code is being shared as a proof of concept only. If you like the product, I strongly advise purchasing licenses or you may face potential legal action from the vendor. This script covers everything discussed thus far. The install, update, and scan (with /fullauto switch) are all silent. It will only scan the C: drive. The desktop icon is removed. The log file first goes to C:\temp\mbam-log.txt and then to a predetermined email address. If a user is not logged in, the scan will run with the agent credential. I left out the reboot and uninstall because I think those items should be scheduled appropriately by the engineer running this script. First, the Kaseya portion: Script Name: Malwarebytes Script Description: For testing purposes only! IF User Is Logged In Parameter 1 : THEN Write File Parameter 1 : C:\temp\automb.exe Parameter 2 : VSASharedFiles\automb.exe OS Type : 0 Write File Parameter 1 : C:\temp\mbam-setup.exe Parameter 2 : VSASharedFiles\mbam-setup.exe OS Type : 0 Execute File Parameter 1 : C:\temp\automb.exe Parameter 2 : Parameter 3 : 1 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : machine OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : C:\temp\mbam-log.txt Parameter 3 : log OS Type : 0 Send Email Parameter 1 : Parameter 2 : Scan completed on #machine# Parameter 3 : #log# OS Type : 0 Delete File Parameter 1 : C:\temp\automb.exe OS Type : 0 Delete File Parameter 1 : C:\temp\mbam-setup.exe OS Type : 0 ELSE Use Credential OS Type : 0 Write File Parameter 1 : C:\temp\automb.exe Parameter 2 : VSASharedFiles\automb.exe OS Type : 0 Write File Parameter 1 : C:\temp\mbam-setup.exe Parameter 2 : VSASharedFiles\mbam-setup.exe OS Type : 0 Execute File Parameter 1 : C:\temp\automb.exe Parameter 2 : Parameter 3 : 1 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : machine OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : C:\temp\mbam-log.txt Parameter 3 : log OS Type : 0 Send Email Parameter 1 : Parameter 2 : Scan completed on #machine# Parameter 3 : #log# OS Type : 0 Delete File Parameter 1 : C:\temp\automb.exe OS Type : 0 Delete File Parameter 1 : C:\temp\mbam-setup.exe OS Type : 0 The mbam-setup.exe file is the installer downloaded from the website. The automb.exe file is a script I wrote with AutoIt. Here is the source: AutoItSetOption("TrayIconHide", "1") ; Install Malwarebytes Run(@ComSpec & " /c " & 'C:\temp\mbam-setup.exe /SP- /VERYSILENT /DIR=C:\MBAM', "", @SW_HIDE) ; After setup completes, run an update to get the latest definitions. Sleep("2000") If ProcessExists("mbam-setup.exe") Then ProcessWaitClose("mbam-setup.exe") EndIf Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /runupdate', "", @SW_HIDE) ; Delete any previous log files and the desktop icon. ProcessWait("mbam.exe") ProcessWaitClose("mbam.exe") Run(@ComSpec & " /c " & 'del C:\temp\mbam-log.txt /s /f /q', "", @SW_HIDE) Run(@ComSpec & " /c " & 'del "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" /s /f /q', "", @SW_HIDE) Run(@ComSpec & " /c " & 'del "C:\Documents and Settings\All Users\Desktop\Malwarebytes'' Anti-Malware.lnk" /s /f /q', "", @SW_HIDE) ; Ensure Malwarebytes only scans the C: drive. Run(@ComSpec & " /c " & 'reg add "HKCU\Software\Malwarebytes'' Anti-Malware" /v selectedrives /d C:\', "", @SW_HIDE) Sleep("2000") ; Kick off a full scan. Some threats will not be removed until the computer is rebooted. Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /fullauto', "", @SW_HIDE) ProcessWait("mbam.exe") ProcessWaitClose("mbam.exe") ; Copy the log file to somewhere easy. This will help for reporting. Run(@ComSpec & " /c " & 'copy "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" "C:\temp\mbam-log.txt"', "", @SW_HIDE) Let me know what you guys think.
Script Name: Malwarebytes Script Description: For testing purposes only! IF User Is Logged In Parameter 1 : THEN Write File Parameter 1 : C:\temp\automb.exe Parameter 2 : VSASharedFiles\automb.exe OS Type : 0 Write File Parameter 1 : C:\temp\mbam-setup.exe Parameter 2 : VSASharedFiles\mbam-setup.exe OS Type : 0 Execute File Parameter 1 : C:\temp\automb.exe Parameter 2 : Parameter 3 : 1 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : machine OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : C:\temp\mbam-log.txt Parameter 3 : log OS Type : 0 Send Email Parameter 1 : Parameter 2 : Scan completed on #machine# Parameter 3 : #log# OS Type : 0 Delete File Parameter 1 : C:\temp\automb.exe OS Type : 0 Delete File Parameter 1 : C:\temp\mbam-setup.exe OS Type : 0 ELSE Use Credential OS Type : 0 Write File Parameter 1 : C:\temp\automb.exe Parameter 2 : VSASharedFiles\automb.exe OS Type : 0 Write File Parameter 1 : C:\temp\mbam-setup.exe Parameter 2 : VSASharedFiles\mbam-setup.exe OS Type : 0 Execute File Parameter 1 : C:\temp\automb.exe Parameter 2 : Parameter 3 : 1 OS Type : 0 Get Variable Parameter 1 : 6 Parameter 2 : Parameter 3 : machine OS Type : 0 Get Variable Parameter 1 : 1 Parameter 2 : C:\temp\mbam-log.txt Parameter 3 : log OS Type : 0 Send Email Parameter 1 : Parameter 2 : Scan completed on #machine# Parameter 3 : #log# OS Type : 0 Delete File Parameter 1 : C:\temp\automb.exe OS Type : 0 Delete File Parameter 1 : C:\temp\mbam-setup.exe OS Type : 0
AutoItSetOption("TrayIconHide", "1") ; Install Malwarebytes Run(@ComSpec & " /c " & 'C:\temp\mbam-setup.exe /SP- /VERYSILENT /DIR=C:\MBAM', "", @SW_HIDE) ; After setup completes, run an update to get the latest definitions. Sleep("2000") If ProcessExists("mbam-setup.exe") Then ProcessWaitClose("mbam-setup.exe") EndIf Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /runupdate', "", @SW_HIDE) ; Delete any previous log files and the desktop icon. ProcessWait("mbam.exe") ProcessWaitClose("mbam.exe") Run(@ComSpec & " /c " & 'del C:\temp\mbam-log.txt /s /f /q', "", @SW_HIDE) Run(@ComSpec & " /c " & 'del "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" /s /f /q', "", @SW_HIDE) Run(@ComSpec & " /c " & 'del "C:\Documents and Settings\All Users\Desktop\Malwarebytes'' Anti-Malware.lnk" /s /f /q', "", @SW_HIDE) ; Ensure Malwarebytes only scans the C: drive. Run(@ComSpec & " /c " & 'reg add "HKCU\Software\Malwarebytes'' Anti-Malware" /v selectedrives /d C:\', "", @SW_HIDE) Sleep("2000") ; Kick off a full scan. Some threats will not be removed until the computer is rebooted. Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /fullauto', "", @SW_HIDE) ProcessWait("mbam.exe") ProcessWaitClose("mbam.exe") ; Copy the log file to somewhere easy. This will help for reporting. Run(@ComSpec & " /c " & 'copy "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" "C:\temp\mbam-log.txt"', "", @SW_HIDE)
saputo444ReedMikel have you tested your script on Windows 7? Also, do you know if the MSP version of mbam would need to be registered before the script works?