Jump to content

Wipe Windows 10 with Run Command Task


bfog
 Share

Go to solution Solved by Marcos,

Recommended Posts

Hi there

It's been a week since I started trying to copy psexec to [c:\windows\temp] and call it with elevated rights to start a ps script to factory reset Windows 10 remotely. Atm I can't run "psexec -s Wipe-Script-Windows10.ps1" without having admin rights in cmd. Did anyone else had luck regarding this or has an even better solution? The wipe-script works fine btw

thank you for your help

 

cheers

Link to comment
Share on other sites

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

Link to comment
Share on other sites

4 minutes ago, itman said:

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

Link to comment
Share on other sites

Just now, bfog said:

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

Also I am not running psexec remotely - I am placing it in c:\windows\temp via curl with an ecmd task

Link to comment
Share on other sites

  • Administrators
  • Solution

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

Link to comment
Share on other sites

16 minutes ago, bfog said:

is there any way to run cmd with elevated rights from ecmd?

No, as far as I am aware of. You can run emcd from a script, but ecmd will only run dedicated Eset command line options.

Ref.: https://help.eset.com/ees/9/en-US/?idh_config_ecmd.html

Edited by itman
Link to comment
Share on other sites

31 minutes ago, Marcos said:

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

That actually does work... thank you very much!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...