KAMIRAN Support
-
Posts
34 -
Joined
-
Last visited
Posts posted by KAMIRAN Support
-
-
6 minutes ago, jimwillsher said:
If you've got 1000 clients then I am guessing they are in a domain, in which case Group Policy or SCCM is probably a better solution.
Yes but they want to use ESET Agent to install their certificates and we run it with power shell and certutil , And it works find in local system now .
-
3 minutes ago, jimwillsher said:
May I ask what it is you are trying to achieve?
One of our customers want to install some certificates in all clients or install some programs or update patches and we are trying to do this.
They want to solve for example certificates problems in all of 1000 clients , Example : hxxp://support.eset.com/kb6208/
We are testing trying to do this with CMD.
-
2 minutes ago, jimwillsher said:
you could try making your "command to run" something like
runas /user:ABC "calc.exe"
However it still won't pop up on the user's screen because the command will be running in session 0 (system) whereas the logged-in user will be a different non-zero session number.
Jim
You are right , Run as command can not be used because it will run in session 0.
-
10 hours ago, MartinK said:
Problem is that executed command is executed with "Local System" permissions. That is reason why applications like calc.exe are not visible for standard users with desktop environment. It is possible that application is actually running, but is is not accessible by user.
Techcnically content of "Run Command" task is placed into temporary bat file and executed - have tou used "call c:\1.bat" syntax to execute your bat file using this task?
When writing custom commands, you have to be aware of Local System user environment, which is different from standard user/administrator account. Environment variables may differ, user-specific section of windows registry is different. Also filesystem and network permissions may be different, especially when accessing user files. As already mentioned, system user has no access to desktop environment, which may causes failure of application startup.
Yes you are right , I check the prepossesses and it seems that as you said all commands are run by a temp batch file under Local System Account, So we can not see the interface of applications.
is there any way to run the command as a user or administrator ?
-
Hi dears ,
We have problem with Run Command task and we can not even run calc.exe.
we use this :
COMMAND LINE TO RUN : calc.exe
WORKING DIRECTORY : c:\windows\system32
But nothing will run on client !
Also I create a simple batch file c:\1.bat and try to run it on my clients but it can not be run by "Run Command "
why ?
I must add this : just the command "Shutdown -r" work find with run command task.
-
and what about %USERPROFILE% , It can not be added to HIPS rules in future ?
-
4 minutes ago, Marcos said:
Wildcards are not currently supported. Also %temp% variable changes with every user so it won't work either. We plan to add support for wildcards in the future.
Thank you dear Marcos.
We hope that we can use it ASAP.
-
Hi Dears ,
We want to deny executing of special applications using %temp% and also for example *.exe.
But it seems that it is not working in HIPS ,
For example we deny explorer.exe from starting new application in %temp%\*.exe , But this will not work !
Also %temp%\win32.exe will not work and it can not be deny.
Why we can not use wildcards ?
If we can not use wildcards and temp variables how we can block running of exe files form temp folder ?
Thank you.
.wallet ransomware
in Malware Finding and Cleaning
Posted
https://www.bleepingcomputer.com/news/security/wallet-ransomware-master-keys-released-on-bleepingcomputer-avast-releases-free-decryptor/
.Wallet Master key is released . We are waiting for ESET Crysis to be updatet with .wallet keys.
Also AVAST decryptor is detected By ESET (a variant of Win32/Kryptik.RWE trojan - False Positive ) And it must be Corrected.
our Customers want to know When ESET will update crysis decryptor ?