any updates on this project?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: kennedysupport

kennedysupport

any updates on this project?

Here's what I have so far

Script Name: MBAM FULLAUTO

Script Description: 



IF True 

THEN

   Get Variable

     Parameter 1 : 10

     Parameter 2 : 

     Parameter 3 : tempagent

         OS Type : 0

   Write File

     Parameter 1 : #tempagent#\mbam-setup.exe

     Parameter 2 : VSASharedFiles\mbam-setup.exe

         OS Type : 0

   Pause Script

     Parameter 1 : 180

         OS Type : 0

   Execute File

     Parameter 1 : #tempagent#\mbam-setup.exe

     Parameter 2 : #tempagent#\mbam-setup.exe /SP- /VERYSILENT /NOCANCEL

     Parameter 3 : 3

         OS Type : 0

   Pause Script

     Parameter 1 : 300

         OS Type : 0

   Execute File

     Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

     Parameter 2 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runupdate

     Parameter 3 : 3

         OS Type : 0

   Pause Script

     Parameter 1 : 300

         OS Type : 0

   Execute File

     Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"

     Parameter 2 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /fullauto

     Parameter 3 : 3

         OS Type : 0

   Pause Script

     Parameter 1 : 900

         OS Type : 0

   Execute File

     Parameter 1 : C:\Program Files\Malwarebytes' Anti-Malware (tech)\unins000.exe

     Parameter 2 : C:\Program Files\Malwarebytes' Anti-Malware (tech)\unins000.exe /VERYSILENT /NORESTART

     Parameter 3 : 3

         OS Type : 0

ELSE

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: mattb@ghentcomputer.com

icq для нокиа е63 LSS Kinetix Ltd jimm icq nokia dvb dream ss3 jimm 0.6 для nokia PHOTOM 550 джим моррисон габариты тойота рав 4 скачать конструктор jimm на компьютер Рекламное агентство Хорошо аська на lg ke800 Эпосы мира аська на сони www.nevosoft.ru баян icq для nokia n82 Размер платы за проведение техосмотра в Ставропольском крае jimm для nokia 5230 сайт картинок icq samsung s8000 jet E:\i386\lang собрать jimm на телефон Страсбург собор jimm хаттаб Фотосессии Jennifer Lopez настройка jimm на sony ericsson Лучшие серверы WOW как установить qip на nokia Utel скачать icq на телефон 2.6 Ликопрофит ася для телефона samsung бесплатно Картф России L-38 jimm sis доступ во внутреннюю сеть jimm icq для мобильного бесплатно аренда карна mobile agent jimm aspro картинки девушек icq для lg kf 300 12 уроков православия jimm для lg gu230 dragon pfobnf jn eujyf аська на телефон самсунг с3050 киноафиша СПб аська на самсунг e250 определение долей собственности при покупке квартиры и регистрации её в регистрационной палате скачать icq для нокиа 6300 A media icq виджет для samsung спецназ фсб ася для s5230 установка perl юота jimm aspro 0.5 2 Погода и самочувствие человека скачать реферат скачать jimm 0.6 2 евросиб icq 2010 для мобильного фшк иукдшт скачать jimm midp2 комплектация Logan

dLIy4T http://guI2vS0jBrn7M3Apkdef81n.com

[edited by: Anonymous at 7:42 AM (GMT -7) on 3-28-2011] dLIy4T http://guI2vS0jBrn7M3Apkdef81n.com

Do you have to have Auto-IT to run your script?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

This works great. Found that it works better by taking out the Use Credential step and run everything as the system.

ReedMikel

I bought MBAM's Technician's License ($100/yr) several months ago and wrote this script for unattended install and scanning.

I saw a post in this thread where somebody mentioned Safe mode. I usually like to scan using AV products in Safe mode too, but the tech at MB told me to NOT scan in Safe mode with their product. He said it does a better job in Normal mode. So I stripped the Safe mode portion out of my script.

Script Notes:
- Replace below with, you guessed it, your email address.

- MBAM installs in a subfolder named MBAM inside agent's temp dir.

- IF section tests whether the latest version of MBAM is installed on agent by checking the CHANGES.RTF (revision history) file. You'll want to change the 1.41 to whatever version you have.

- Save your MBAM installer as VSASharedFiles\Security\MBAM\mbam-tech.exe

- I have another script that uninstalls MBAM. I manually schedule that script after I'm convinced MBAM has removed the infections...

Script Name: MalwareBytes.org - installs/runs mbam.exe & scans

Script Description: Tests if MBAM(tech) is installed.  If yes, updates mbam and does a /fullscan.  If not, copies mbam from KServer and installs it, then does a fullscan.  Sends an emails containing results of scan from log file...



IF Test File 

   Parameter 1 : #vAgentConfiguration.agentTempDir#\mbam\changes.rtf

   Contains :Version 1.41

THEN

   Use Credential - (Continue on Fail)

         OS Type : -1

   Send Message - (Continue on Fail)

     Parameter 1 : Checking for updates to MBAM, downloading & installing if found...

     Parameter 2 : 1

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate

     Parameter 2 : 0

         OS Type : 0

   Pause Script - (Continue on Fail)

     Parameter 1 : 20

         OS Type : 0

   Send Message

     Parameter 1 : Currently scanning your machine for infections. Please do not close the Malwarebytes program as it will interrupt the scan. We will be notified automatically when the scan finishes and will resume work on this PC at that time. Thank you.

     Parameter 2 : 1

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt

     Parameter 2 : 0

         OS Type : 0

   Execute Shell Command - (Continue on Fail)

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto

     Parameter 2 : 0

         OS Type : 0

   Get Variable - (Continue on Fail)

     Parameter 1 : 6

     Parameter 2 : 

     Parameter 3 : MachineID

         OS Type : 0

   Get Variable

     Parameter 1 : 1

     Parameter 2 : c:\MBAMLog.txt

     Parameter 3 : ScanLog

         OS Type : 0

   Send Email - (Continue on Fail)

     Parameter 1 : 

     Parameter 2 : MBAM Scan on #MachineID#.

     Parameter 3 : #ScanLog#

         OS Type : 0

ELSE

   Use Credential

         OS Type : 0

   Delete File - (Continue on Fail)

     Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe

         OS Type : 0

   Write File

     Parameter 1 : #vAgentConfiguration.AgentTempDir#\mbamSetup.exe

     Parameter 2 : VSASharedFiles\Security\MBAM\mbam-tech.exe

         OS Type : 0

   Pause Script

     Parameter 1 : 10

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.AgentTempDir#\mbamSetup.exe" /SP- /VERYSILENT /SUPPRESSMSGBOXES /NOCANCEL /DIR=#vAgentConfiguration.agentTempDir#\mbam

     Parameter 2 : 0

         OS Type : 0

   Pause Script

     Parameter 1 : 20

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /logtofile C:\MBAMLog.txt

     Parameter 2 : 0

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /runupdate

     Parameter 2 : 0

         OS Type : 0

   Pause Script

     Parameter 1 : 20

         OS Type : 0

   Execute Shell Command

     Parameter 1 : "#vAgentConfiguration.agentTempDir#\mbam\mbam.exe" /fullauto

     Parameter 2 : 0

         OS Type : 0

   Get Variable

     Parameter 1 : 6

     Parameter 2 : 

     Parameter 3 : MachineID

         OS Type : 0

   Get Variable

     Parameter 1 : 1

     Parameter 2 : c:\MBAMLog.txt

     Parameter 3 : ScanLog

         OS Type : 0

   Send Email

     Parameter 1 : 

     Parameter 2 : #MachineID#: MBAM scan completed

     Parameter 3 : #ScanLog#

         OS Type : 0

I wish I could remember who to credit for some of the code I used. I think that's where I got the IF code from...

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: mattb@ghentcomputer.com

Is there different mbam-setup.exe downloads from Malwarebytes for Free, Tech and Corporate? Or is it the same one and when you register it (Corporate) it allows the additional features?

Thanks!

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: billmccl

billmccl

Do you have to have Auto-IT to run your script?

You will need AutoIt to compile the script. To run it on a remote client, all you have to do is copy the executable (and setup file for Malwarebytes) over and run it.

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: SMason

billmccl

Is there different mbam-setup.exe downloads from Malwarebytes for Free, Tech and Corporate? Or is it the same one and when you register it (Corporate) it allows the additional features?

Thanks!

The license will unlock proactive scanning and protection. Besides this, I have observed no difference. You will still need to purchase these licenses if your intention is to run Malwarebytes on any business computers due to their agreement.

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: SMason

My script is 100% Kaseya. Not sure if you were asking both of us...

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: ReedMikel

ReedMikel have you tested your script on Windows 7?

Also, do you know if the MSP version of mbam would need to be registered before the script works?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: saputo444

SMason

Here is what I came up with. Disclaimer: this code is being shared as a proof of concept only. If you like the product, I strongly advise purchasing licenses or you may face potential legal action from the vendor.

This script covers everything discussed thus far. The install, update, and scan (with /fullauto switch) are all silent. It will only scan the C: drive. The desktop icon is removed. The log file first goes to C:\temp\mbam-log.txt and then to a predetermined email address. If a user is not logged in, the scan will run with the agent credential.

I left out the reboot and uninstall because I think those items should be scheduled appropriately by the engineer running this script.

First, the Kaseya portion:

Script Name: Malwarebytes

Script Description: For testing purposes only!



IF User Is Logged In 

   Parameter 1 : 

THEN

   Write File

     Parameter 1 : C:\temp\automb.exe

     Parameter 2 : VSASharedFiles\automb.exe

         OS Type : 0

   Write File

     Parameter 1 : C:\temp\mbam-setup.exe

     Parameter 2 : VSASharedFiles\mbam-setup.exe

         OS Type : 0

   Execute File

     Parameter 1 : C:\temp\automb.exe

     Parameter 2 : 

     Parameter 3 : 1

         OS Type : 0

   Get Variable

     Parameter 1 : 6

     Parameter 2 : 

     Parameter 3 : machine

         OS Type : 0

   Get Variable

     Parameter 1 : 1

     Parameter 2 : C:\temp\mbam-log.txt

     Parameter 3 : log

         OS Type : 0

   Send Email

     Parameter 1 : 

     Parameter 2 : Scan completed on #machine#

     Parameter 3 : #log#

         OS Type : 0

   Delete File

     Parameter 1 : C:\temp\automb.exe

         OS Type : 0

   Delete File

     Parameter 1 : C:\temp\mbam-setup.exe

         OS Type : 0

ELSE

   Use Credential

         OS Type : 0

   Write File

     Parameter 1 : C:\temp\automb.exe

     Parameter 2 : VSASharedFiles\automb.exe

         OS Type : 0

   Write File

     Parameter 1 : C:\temp\mbam-setup.exe

     Parameter 2 : VSASharedFiles\mbam-setup.exe

         OS Type : 0

   Execute File

     Parameter 1 : C:\temp\automb.exe

     Parameter 2 : 

     Parameter 3 : 1

         OS Type : 0

   Get Variable

     Parameter 1 : 6

     Parameter 2 : 

     Parameter 3 : machine

         OS Type : 0

   Get Variable

     Parameter 1 : 1

     Parameter 2 : C:\temp\mbam-log.txt

     Parameter 3 : log

         OS Type : 0

   Send Email

     Parameter 1 : 

     Parameter 2 : Scan completed on #machine#

     Parameter 3 : #log#

         OS Type : 0

   Delete File

     Parameter 1 : C:\temp\automb.exe

         OS Type : 0

   Delete File

     Parameter 1 : C:\temp\mbam-setup.exe

         OS Type : 0

The mbam-setup.exe file is the installer downloaded from the website. The automb.exe file is a script I wrote with AutoIt. Here is the source:

AutoItSetOption("TrayIconHide", "1")



; Install Malwarebytes

Run(@ComSpec & " /c " & 'C:\temp\mbam-setup.exe /SP- /VERYSILENT /DIR=C:\MBAM', "", @SW_HIDE)



; After setup completes, run an update to get the latest definitions.

Sleep("2000")

If ProcessExists("mbam-setup.exe") Then

	ProcessWaitClose("mbam-setup.exe")

EndIf

Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /runupdate', "", @SW_HIDE)



; Delete any previous log files and the desktop icon.

ProcessWait("mbam.exe")

ProcessWaitClose("mbam.exe")

Run(@ComSpec & " /c " & 'del C:\temp\mbam-log.txt /s /f /q', "", @SW_HIDE)

Run(@ComSpec & " /c " & 'del "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" /s /f /q', "", @SW_HIDE)

Run(@ComSpec & " /c " & 'del "C:\Documents and Settings\All Users\Desktop\Malwarebytes'' Anti-Malware.lnk" /s /f /q', "", @SW_HIDE)



; Ensure Malwarebytes only scans the C: drive.

Run(@ComSpec & " /c " & 'reg add "HKCU\Software\Malwarebytes'' Anti-Malware" /v selectedrives /d C:\', "", @SW_HIDE)

Sleep("2000")



; Kick off a full scan. Some threats will not be removed until the computer is rebooted.

Run(@ComSpec & " /c " & 'C:\MBAM\mbam.exe /fullauto', "", @SW_HIDE)

ProcessWait("mbam.exe")

ProcessWaitClose("mbam.exe")



; Copy the log file to somewhere easy. This will help for reporting.

Run(@ComSpec & " /c " & 'copy "%USERPROFILE%\Application Data\Malwarebytes\Malwarebytes'' Anti-Malware\Logs\*.txt" "C:\temp\mbam-log.txt"', "", @SW_HIDE)

Let me know what you guys think.

Script looks good, testing it i had a few troubles, found that i missed copying and pasting some of the script code so when i went to compile it, wouldnt work..all good now.

Only problem i have is now at Step 5 in the Then statement, failing at the applying variable. Any ideas?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: Commander

I do not have Win7 installed anywhere yet. I am not an early-adopter. I prefer to wait quite some time for Microsoft to get all the bugs out of new operating systems

MBAM "Technician's License" version has never required me to register it.

saputo444

ReedMikel have you tested your script on Windows 7?

Also, do you know if the MSP version of mbam would need to be registered before the script works?

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: ReedMikel

billmccl

Is there different mbam-setup.exe downloads from Malwarebytes for Free, Tech and Corporate? Or is it the same one and when you register it (Corporate) it allows the additional features?

Thanks!

The /fullauto switch is only running the Quick Scan with the Free version for me.

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: gdanner

I'm fairly sure the downloads are different for each version. I say that because I never register it when installing on an agent , yet it supports all the switches listed in the command pdf.

the /fullauto does a full scan for me with the Technician's License version. And, it runs silently.

I can tell you their handling of command line switches is anything but intuitive. e.g. they support a /logtofile switch. But, it does not work if used with other switches on the same command line. e.g. mbam.exe /fullauto /logtofile c:\temp\ScanLog.txt will scan, but does not create the log file in specified location. It only works if you run it all by itself: mbam.exe /logtofile c:\temp\ScanLog.txt So you have to execute one instance of mbam.exe *before* you do a scan just to set the log file location. That's the oddest handling of switches I have ever seen

Legacy Forum Name: Scripts Forum,
Legacy Posted By Username: ReedMikel