Kaseya Community

Procedure: Download and silently deploy Hitman Pro Alert with Crypotoguard

  • I'm sure most of you have seen the new strain of viruses that encrypt your data and give you a bitcoin ransom. Well, the only thing I've found to try and PREVENT it is Hitman Pro Alert with Cryptoguard.

    Starters: I contacted them directly and they said its a free tool and free to use in a corporate environment.

    Any case, here is the XML procedure:

    The script detects if the Hitman Alert service is running. If not it continues after emailing whomever needs the alert

    The script detects if the OS is 32bit or 64

    The script downloads the new version

    The script detects the OS is 32 or 64 and opens a corresponding shell as system

    The script installs silently HMPA

    The script checks if the service is now running and emails whether it Is or not. It also tells the admin in the email what machine in what company it is referencing.

     

    I used this to deploy HMPA to about 20 PCs yesterday and it went swimmingly ;)

     

     

    <?xml version="1.0" encoding="utf-8"?>

    <ScriptExport xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.kaseya.com/vsa/2008/12/Scripting">

      <Procedure name="REMOTE - Install Hitman Pro Alert" treePres="3" id="902115467" folderId="21652418611391843535122254" treeFullPath="myProcedures - cwatson">

        <Body description="Creates:&#xA;%systemdrive%\kpackages&#xA;Downloads:&#xA;Unattended file to above directory&#xA;Executes:&#xA;Silent install of unattended file">

          <If description="">

            <Condition name="ServiceIsRunning">

              <Parameter xsi:type="StringParameter" name="ServiceName" value="hmpalertsvc" />

            </Condition>

            <Then>

              <Statement name="SendEmail" continueOnFail="false" osType="Windows">

                <Parameter xsi:type="StringParameter" name="To" value="ALERTS@domain.com" />

                <Parameter xsi:type="StringParameter" name="Subject" value="Hitman Pro" />

                <Parameter xsi:type="MultiLineStringParameter" name="Body" value="Hitman Pro Alert is already running on the machine:&#xA;#vAgentConfiguration.machName#&#xA;In the Group:&#xA;#vAgentConfiguration.groupName#" />

              </Statement>

            </Then>

          </If>

          <If description="">

            <Condition name="Windows 32 or 64 Bit Check">

              <Parameter xsi:type="EnumParameter" name="Condition" value="NotExists" />

            </Condition>

            <Then>

              <Statement description="Makes directory on x86 machine by using the system account" name="Execute Shell Command - Get Results to Variable" continueOnFail="true" osType="Windows">

                <Parameter xsi:type="StringParameter" name="Parameter1" value="mkdir %systemdrive%\kpackages\HitmanProAlert" />

                <Parameter xsi:type="StringParameter" name="Parameter2" value="False" />

                <Parameter xsi:type="StringParameter" name="Parameter3" value="System" />

              </Statement>

            </Then>

            <Else>

              <Statement description="Makes directory on x86 machine by using the system account" name="Execute Shell Command - Get Results to Variable" continueOnFail="true" osType="Windows">

                <Parameter xsi:type="StringParameter" name="Parameter1" value="mkdir %systemdrive%\kpackages\HitmanProAlert" />

                <Parameter xsi:type="StringParameter" name="Parameter2" value="True" />

                <Parameter xsi:type="StringParameter" name="Parameter3" value="System" />

              </Statement>

            </Else>

          </If>

          <Statement description="Performs the actual EXE download" name="GetURL" continueOnFail="false" osType="Windows">

            <Parameter xsi:type="StringParameter" name="URL" value="http://dl.surfright.nl/hmpalert.exe" />

            <Parameter xsi:type="StringParameter" name="ResponseFileName" value="%systemdrive%\kpackages\hitmanproalert\hitmanproalert.exe" />

            <Parameter xsi:type="BooleanParameter" name="WaitComplete" value="True" />

          </Statement>

          <If description="Installs the newly downloaded Hitman Pro Alert Executable">

            <Condition name="Windows 32 or 64 Bit Check">

              <Parameter xsi:type="EnumParameter" name="Condition" value="Exists" />

            </Condition>

            <Then>

              <Statement name="ExecuteShellCommand" continueOnFail="false">

                <Parameter xsi:type="StringParameter" name="Command" value="%systemdrive%\kpackages\HitmanProAlert\hitmanproalert.exe /install" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="True" />

              </Statement>

            </Then>

            <Else>

              <Statement name="ExecuteShellCommand" continueOnFail="false">

                <Parameter xsi:type="StringParameter" name="Command" value="%systemdrive%\kpackages\HitmanProAlert\hitmanproalert.exe /install" />

                <Parameter xsi:type="EnumParameter" name="ExecuteAccount" value="System" />

                <Parameter xsi:type="BooleanParameter" name="Is64Bit" value="False" />

              </Statement>

            </Else>

          </If>

          <If description="">

            <Condition name="ServiceIsRunning">

              <Parameter xsi:type="StringParameter" name="ServiceName" value="hmpalertsvc" />

            </Condition>

            <Then>

              <Statement name="SendEmail" continueOnFail="false" osType="Windows">

                <Parameter xsi:type="StringParameter" name="To" value="ALERTS@domain.com" />

                <Parameter xsi:type="StringParameter" name="Subject" value="Hitman Pro Alert is now running on #vAgentConfiguration.machName#" />

                <Parameter xsi:type="MultiLineStringParameter" name="Body" value="Hitman Pro Alert finished downloading and installing and the service is now confirmed running on the target machine #vAgentConfiguration.machName# in the group #vAgentConfiguration.groupName#." />

              </Statement>

            </Then>

            <Else>

              <Statement name="SendEmail" continueOnFail="false" osType="Windows">

                <Parameter xsi:type="StringParameter" name="To" value=" ALERTS@domain.com " />

                <Parameter xsi:type="StringParameter" name="Subject" value="Hitman Pro Alert - Failed on #vAgentConfiguration.machName#" />

                <Parameter xsi:type="MultiLineStringParameter" name="Body" value="Hitman Pro Alert downloaded successfully, but the service has not started properly or has been significantly delayed from starting on machine #vAgentConfiguration.machName# in group #vAgentConfiguration.groupName#." />

              </Statement>

            </Else>

          </If>

        </Body>

      </Procedure>

    </ScriptExport>

    Lisa Turkenburg (Support)

    Sep 29 11:01

    Good day,

    Yes, you can download and use the current version of HitmanPro.Alert free of charge in every environment.
    In the new version, HitmanPro.Alert 3, this may change for several features.

    You can deploy HitmanPro.Alert silently via command line script /install.
    Please let me know when you have any further questions.

    Best regards,

    Lisa Turkenburg
    Customer Service Manager

     

    Sep 26 22:25

    Good afternoon,

    I have a customer that is interested in deploying hitman pro alerter to all workstations. I have 2 questions regarding this. Is this acceptable? Does it cost anything to use alert in a commercial environment? Can this be deployed via command line script or group policy and if so, can it be done silently?

    Thanks,

    _______________________________________________________________________________

    MCP, MCPS, MCTS | Associate Engineer |

  • FYI - This is important to note!!!!!!

    I deployed this to a client and the network went haywire. Apparently HMPAlert gets a lot of false positives. It may be ok for workstations but KNOW that it will likely also randomly block good traffic. This is an issue with the application and NOT the script!!!