Jump to content

Wipe Windows 10 with Run Command Task

bfog
 Share
Go to solution Solved by Marcos,

Recommended Posts

bfog

bfog 1

Posted
Posted

Hi there

It's been a week since I started trying to copy psexec to [c:\windows\temp] and call it with elevated rights to start a ps script to factory reset Windows 10 remotely. Atm I can't run "psexec -s Wipe-Script-Windows10.ps1" without having admin rights in cmd. Did anyone else had luck regarding this or has an even better solution? The wipe-script works fine btw

thank you for your help

 

cheers

itman

itman 1,921

Posted
Posted

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

bfog

bfog 1

Posted
  • Author
Posted
4 minutes ago, itman said:

Since remote execution of psexec is near the top of remote execution malware attacks, I assume; and hopefully, Eset is blocking its execution.

Have you checked your Eset logs for such a blocked entry?

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

bfog

bfog 1

Posted
  • Author
Posted
Just now, bfog said:

I did check the logs, no blocked app.

the command to run the script requires admin privileges and looks like that: psexec -s Wipe-Script-Win10.ps1

When running cmd as admin the command works as it should. is there any way to run cmd with elevated rights from ecmd?

Also I am not running psexec remotely - I am placing it in c:\windows\temp via curl with an ecmd task

  • Administrators
  • Solution
Marcos

Marcos 5,725

Posted
  • Administrators
  • Solution
Posted

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

itman

itman 1,921

Posted
Posted (edited)
16 minutes ago, bfog said:

is there any way to run cmd with elevated rights from ecmd?

No, as far as I am aware of. You can run emcd from a script, but ecmd will only run dedicated Eset command line options.

Ref.: https://help.eset.com/ees/9/en-US/?idh_config_ecmd.html

Edited by itman
bfog

bfog 1

Posted
  • Author
Posted
31 minutes ago, Marcos said:

If you send a Run command task from the ESET PROTECT console, the command is run in the system account so you should leave out psexec and replace it with "powershell" command followed by the script name. Haven't tried running a PS script remotely this way but I guess it could work.

That actually does work... thank you very much!

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...