Kaseya Community

Malwarebytes Script?

  • Does anyone have a script to install and run malwarebytes?

    It would be nice if someone has figured out how to use Kaseya to "schedule" a scan.

    Legacy Forum Name: Malwarebytes Script?,
    Legacy Posted By Username: mwolter
  • http://community.kaseya.com/xsp/f/28/t/6434.aspx



    Search is your friend.



    Vernon Southmayd

    Creative Computing

    http:/twitter.com/VernonSouthmayd

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: vernon@midmich.net
  • Here's my newest version of one You will need to edit a few things such as path and email address. It checks to see if new version is installed, if so updates and runs. ELse downloads, installs and runs. Send message after 50 minutes as with the free version removal must be done manually.

    Script Name: MBAM Scan
    Script Description: New MBAM Script

    IF Test File
    Parameter 1 : C:\Program Files\Malwarebytes' Anti-Malware\changes.rtf
    Contains :Version 1.37
    THEN
    Send Message
    Parameter 1 : The %helpdesk% staff is currently scanning your machine for infections. Please do not close the Malwarebytes program as it will interrupt the scan. We will be notified automatically when the scan finishes and will contact you to remove any infections. Thank you.
    Parameter 2 : 1
    OS Type : 0
    Execute Shell Command
    Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runupdate
    Parameter 2 : 1
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware\selectedrives
    Parameter 2 : C:\|
    Parameter 3 : REG_SZ
    OS Type : 0
    Execute File
    Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    Parameter 2 : /fullscan
    Parameter 3 : 0
    OS Type : 0
    Pause Script
    Parameter 1 : 3000
    OS Type : 0
    Get Variable
    Parameter 1 : 6
    Parameter 2 :
    Parameter 3 : MachineID
    OS Type : 0
    Send Email
    Parameter 1 : support@%yourdomain%.com
    Parameter 2 : MBAM Scan
    Parameter 3 : It has been 50 minutes since the MBAM scan has been started on #MachineID#. Please remote in and check to see if the scan is finished. If so remove any found infections.
    OS Type : 0
    ELSE
    Delete File
    Parameter 1 : C:\%agent_temP\mbam.exe
    OS Type : 0
    Get URL
    Parameter 1 : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Parameter 2 : C:\%agent_temp%\mbam.exe
    Parameter 3 : 2
    OS Type : 0
    Send Message
    Parameter 1 : The %helpdesk% staff is currently scanning your machine for infections. Please do not close the Malwarebytes program as it will interrupt the scan. We will be notified automatically when the scan finishes and will contact you to remove any infections. Thank you. Parameter 2 : 1
    OS Type : 0
    Pause Script
    Parameter 1 : 40
    OS Type : 0
    Execute Shell Command
    Parameter 1 : "C:\%agent_temp%\mbam.exe" /SP- /VERYSILENT /NOCANCEL
    Parameter 2 : 1
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Execute Shell Command
    Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runupdate
    Parameter 2 : 1
    OS Type : 0
    Pause Script
    Parameter 1 : 20
    OS Type : 0
    Set Registry Value
    Parameter 1 : HKEY_CURRENT_USER\Software\Malwarebytes' Anti-Malware\selectedrives
    Parameter 2 : C:\|
    Parameter 3 : REG_SZ
    OS Type : 0
    Execute File
    Parameter 1 : "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"
    Parameter 2 : /fullscan
    Parameter 3 : 0
    OS Type : 0
    Pause Script
    Parameter 1 : 3000
    OS Type : 0
    Get Variable
    Parameter 1 : 6
    Parameter 2 :
    Parameter 3 : MachineID
    OS Type : 0
    Send Email
    Parameter 1 : support@%yourdomain%.com
    Parameter 2 : MBAM Scan
    Parameter 3 : It has been 50 minutes since the MBAM scan has been started on #MachineID#. Please remote in and check to see if the scan is finished. If so remove any found infections.
    OS Type : 0



    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • Does the user have to be logged on for this script to work?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Interprom
  • Interprom
    Does the user have to be logged on for this script to work?


    This script is awsome. It runs without an issue.
    Thanks.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: luke.bragg
  • Is this script completely silent? I realize it doesnt remove threats but just wondering if you can run it during business hours to check for threats without interupting the user and then check the logs/scan results after hours.

    Thanks

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: rschmidt
  • Couple of questions:

    1. What is the %helpdesk% variable refering to? That looks like a system environment variable, which most people probably don't have defined.

    2. where is the %agent_temp% variable coming from? Why no use the #vAgentConfiguration.agentTempDir# to reference this as this would be universal for all clients everywhere?

    3. Is there a type in Else step 1? Is says to delete "c:\%agent_temP\mbam.exe". It's either missing a % or got one to many, or perhaps you should use #vAgentConfiguration.agentTempDir# ?

    The script also uses a hardcoded reference to the install directory, so it will fail on x64 systems, where it will, by default, be installed into "Program Files (x86)" and not "Program Files". Still looks like a great script, though.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • Lmhansen
    Couple of questions:

    1. What is the %helpdesk% variable refering to? That looks like a system environment variable, which most people probably don't have defined.

    2. where is the %agent_temp% variable coming from? Why no use the #vAgentConfiguration.agentTempDir# to reference this as this would be universal for all clients everywhere?

    3. Is there a type in Else step 1? Is says to delete "c:\%agent_temP\mbam.exe". It's either missing a % or got one to many, or perhaps you should use #vAgentConfiguration.agentTempDir# ?

    The script also uses a hardcoded reference to the install directory, so it will fail on x64 systems, where it will, by default, be installed into "Program Files (x86)" and not "Program Files". Still looks like a great script, though.


    %helpdesk% instead of my company's heldesk name because that would raise even more questions. %agent_temp% because we do not use the agenttempdir for this script and I did not feel like typing that in. Same thing for your third question.
    Obviously the majority of the scripts that are posted in the forums are going to need to be adjusted when you import it. Why should mine be any different?

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • JonJohnston
    %helpdesk% instead of my company's heldesk name because that would raise even more questions. %agent_temp% because we do not use the agenttempdir for this script and I did not feel like typing that in. Same thing for your third question.
    Obviously the majority of the scripts that are posted in the forums are going to need to be adjusted when you import it. Why should mine be any different?


    I see what you're saying. My point was basically that %name% refers to a environment variable, so it was confusing. And, most generic scripts like malwarebytes scanning and such can be written generic enough (apart from company names) to fit most needs.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • Lmhansen
    I see what you're saying. My point was basically that %name% refers to a environment variable, so it was confusing. And, most generic scripts like malwarebytes scanning and such can be written generic enough (apart from company names) to fit most needs.


    Well sorry for the mixup. Next time I'll spend the time and enter the correct variables before I post.

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: JonJohnston
  • I want to apologize.

    I realize now that my questions and comments may have sounded harsh rather than constructive. This was not my intent.

    I respect and appreciate Jon Johnstons input and contributions to this forum, and I did not intent to make it sound like his script was poorly done. My feedback on his script could have been done in a more professional and courteous manner, and for this I apologize.

    I recognize that sometimes there is a need to slightly edit scripts before posting them here as they may contain information that cannot be disclosed (server names, company names, folder names, client names, etc).

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: Lmhansen
  • That script could be edited to "test" if the application is still running after 50 minutes - if so THEN send the email - because MBAM will exit if nothing is found. (Could even push that test out to 90 minutes if it's a big HDD or a slow computer). Just reduces the noise.

    Cheers, Carey

    Legacy Forum Name: Scripts Forum,
    Legacy Posted By Username: carey-pccare