CryptoBlocker
CryptoBlocker copied to clipboard
m-dwyer
A script to deploy File Server Resource Manager and associated scripts to block infected users
Adding a new function 'New-CBArraySplit' to split the downloaded extensions into FileGroups of less than 4KB in length, and then create and add these FileGroups to the File Screen Template....
Re-ran the file screen script on 3/9/18 and 6/9/18 - worked on 3/9, but as of 6/9 the updates pulled from the fsrm.experiant.ca api break the import of file groups...
The script fails when it has to create a filescreen group with the command: &filescrn.exe Filegroup Add "/Filegroup:$fileGroupName" "/Members:$($monitoredExtensions -Join "|")" I think this issue started showing recently, maybe because...
I've had some great success with this script so far, so many thanks to all involved. The problem I've discovered is that the "KillUserSession.ps1" script fails to set ACLs on...
Any possibility to make this work for servers where active directory is not installed?
I tried running your script yesterday on a server with an outdated version of PowerShell (unfortunately I didn't make note of what version) on Windows Server 2008 R2 and it...
We're seeing the script fail to create the file screen group when we run it. I've dug into the script and suspect that the FILESCRN.EXE ADD command is not liking...
exceptions are being wiped out when script runs again anyway to either keep whats there before the script runs again or how would I put global exceptions? thanks
On servers with many shares, removal of the share-level deny ACL applied when an infection is detected is very tedious. By modifying your KillUserSession.ps1 script, I was able to write...
Got this message today after my server tried to update User NT AUTHORITY\SYSTEM attempted to save C:\Windows\SoftwareDistribution\Download\a51458c204d30e1b291af16256441875\inst\x86_microsoft-windows-bcrypt-primitives-dll_31bf3856ad364e35_6.3.9600.18341_none_a6f94f2e32865993.manifest to C:\ on the BATMAN server. This file is in the “CryptoBlockerGroup” file...
