Is it possible to run a script that will automatically scan with multiple different anti-malware scanners. We’ve seen a lot of infections lately which uses up a lot of our time.
This is possible with AP:
Thinking logic first before development:
- Run checks for presence of each respective malware scanner
- If found, execute respective command
- If not, record entry on the system (logging purposes)
- Proceed to the next step
Optional: Collect logs created (if any) to the respective agent.
This is what i require(agent procedure) , Can you please help me in providing some procedure related to it .
We want to avoid using the virus scanner that is present on the computer. If the computer gets infected, then we need to use something other than the virus scanner that allowed the infection.Any help would be highly appreciated.
We use Symantec Endpoint Protection as the active defense and I have scripted MalwareBytes Corporate as a backup scanner only. I use an agent procedure to run a vbscript that initiates the scan and another script that monitors the MalwareBytes log file resulting from the scan and emails me if something is found. I think I've shared the scripts here previously but would be happy to share them again if you're interested and can't find them.
Hi Zippo ,
Please share the script so that we can test it in our enviroment and see if its working fine for us.
I've attached a zip file containing two agent procedures, one batch file and two vbscripts. One agent procedure will use the batch file to install MalwareBytes Corporate on the client machine. The AP expects to find the files it needs in the Kaseya VSASharedFiles library. The batch file expects to find the MalwareBytes install file in the directory "C:\kworking". You must modify the files as needed to reflect your working environment. Also, the batch will need to be modified to add your MalwareBytes Corporate license key. The procedure and batch file a straightforward and pretty self explanatory.
There is also an agent procedure to execute a full scan on the client. A similar procedure can be created to execute a quick scan of the client, if desired. The procedure first copies the malwarebytes_log_reader.vbs file from the VSASharedFiles directory to the agent working directory and then executes the malwarebytes_log_reader.vbs file on the client. The procedure executes the vbscript as an impersonated user. You will need to modify the procedure to reflect an appropriate user for your own environment. Once the vbscript has been executed it begins monitoring the folder where the MalwareBytes' scan logs will be written watching for a new scan log to be created. When the scan is complete and the file is has been found the script then parses the file line by line looking for evidence that a problem was found. If it finds an issue the script will generate an email to the specified recipients using the specified SMTP server. You should modify the script as needed to reflect the scan log paths an email info relative to your environment. The appropriate locations in the script to modify are indicated. The scan log file location is also set by the next script to be initated by the procedure.
After the above script has been executed on the client and the scan logs folder is being monitored for changes the actual scan is started by the agent procedure. The parameters for the scan and the scan itself are executed by the run_full_malwarebytes_scan.vbs vbscript. This script is pretty well commented and should be modified as needed.
I hope this helps. Let me know if you have any questions. It sounds complicated when writing it out but the actual execution is pretty simple:
1. Place the following files in the VSASharedFiles directory on your KServer:run_full_malwarebytes_scan.vbsmalwarebytes_log_reader.vbsmalwarebytes_batch_install.bat
2. Download the MalwareBytes Corporate install executable to the VSASharedFiles directory on your KServer and rename the file to - "mbam-corporate.exe"
3. Import the two Agent Procedures "Procedure Run Full MalwareBytes Scan Silently and Procedure Install MalwareBytes Silently" to your VSA
4. Modify files and procedures as needed to reflect your environment
5. Run the Agent Procedure "Install MalwareBytes Silently" on a client
6. After step 4 is complete run the Agent Procedure "Procedure Run Full MalwareBytes Scan Silently"
That's it. If malware is found on the client it will be removed (but the client will not be restarted even if a restart is needed to complete removal) and an email reflecting the status will be emailed to you or whomever was designated. If you don't receive an email then no malware was found.
I execute a quick scan on the clients daily. If I get an email I will then execute a full scan on the client. It works really well for me. It's extremely rare that something makes it through the Symantec Endpoint Protection but MalwareBytes Corporate does a great job as a backup.
I created a script that dowloads MSERT (www.microsoft.com/.../default.aspx) on Kserver every night.
I have another procedure that sends the file from the Kserver to the PC.
I can then run another procedure which will send the report using the getfile.
Hi Thomas ,
If possible can you please share your script as well.
Here are the three procedures. Regards,
I am still not able to work on this task , Can somebody provide me script for it.
Please tell us where you're having trouble and maybe we can help.
Zippo, how do I get ahold of this Malwarebytes Corporate version? I contacted Malwarebytes and they said "The product that they are referring to in the forum post is our Corporate Build that you have to purchase through Kaseya."
We do own some Malwarebytes module licenses. Where did you get the corporate version?
I definitely do not recommend the Kaseya version. Their implementations of third party software tend to s*ck. You can buy the Corporate version here:
So you have to buy malwarebytes for each workstation you want to run it on?