Automatically Add exectuables deployed by BigFix to RES Whitelist
Log In or Register to download the BES file, and more.

0 Votes

Versioning - This is the latest version.

1Automatically Add exectuables deployed by BigFix to RES Whitelist3/24/2016 5:00:36 AM
2Automatically Add exectuables deployed by BigFix to RES Whitelist8/11/2016 12:17:51 PM

Description

This Fixlet will extract all exes from cached files located in the BES Server SHA1 folder. It will then capture the exe names and hash. This information will then be imported in to RES Workspace Manager whitelisting.

Property Details

ID21126
StatusProduction - Fully Tested and Ready for Production
TitleAutomatically Add exectuables deployed by BigFix to RES Whitelist
DomainBESC
SourceRES Software
Source Release Date8/10/2016 12:00:00 AM
Is TaskTrue
Added by on 8/11/2016 12:17:51 PM
Last Modified by on 8/11/2016 12:17:51 PM
Counters 2840 Views / 2 Downloads
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists service "BESRootServer" AND (Not exists setting "RESAutoApprove_LAST_RUN" of client OR (exists files whose ((modification time of it > (value of setting "RESAutoApprove_LAST_RUN" of client as time)) AND size of it as string > "0") of folder (pathname of parent folder of running application "BESRootServer.exe" & "\wwwrootbes\bfmirror\downloads\sha1"))) AND exists (key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\Enterprise Server\Applications\res2bes" of registry)

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
// Source Release Date: 2016-08-10

if {(exists setting "RESAutoApprove_LAST_RUN" of client)}
parameter "lasttime" = "{((now - (value of setting "RESAutoApprove_LAST_RUN" of client as time)) / minute)as string}"
else
parameter "lasttime" = "2628000"
endif
if {not exists file (pathname of parent folder of regapp "besclient.exe" & "\7z.exe")}
        prefetch 7z.dll sha1:ee72ebed1d5db6b4b15cc5d31676aa5f17c8f5f8 size:941568 http://downloads.ressoftware.com/downloads/cdm/7z.dll.txt
        prefetch 7z.exe sha1:8fbe4a34d3afebb12314207df657993350ed2778 size:168448 http://downloads.ressoftware.com/downloads/cdm/7z.exe.txt
    copy __download\7z.dll "{(pathname of parent folder of regapp "besclient.exe" & "\7z.dll")}"
    copy __download\7z.exe "{(pathname of parent folder of regapp "besclient.exe" & "\7z.exe")}"
endif
if {not exists file (pathname of parent folder of regapp "besclient.exe" & "\hashmyfiles.exe")}
        prefetch hashmyfiles.exe sha1:8291aefde6f79e274bb92583c44126a26bed7d6d size:127072 http://downloads.ressoftware.com/downloads/cdm/hashmyfiles.exe.txt
delete __createfile
    createfile until __done
[General]
MarkOddEvenRows=0
ShowGridLines=0
SaveFilterIndex=0
ShowInfoTip=1
ShowHashesInUpperCase=0
TrayIcon=0
ShowTimeInGMT=0
AlwaysOnTop=0
MarkHashInClipboard=1
MarkIdenticals=1
SelectProcessSort=0
LastProcess=
ExtractFileVersion=0
AddSubFolders=0
SelectFolderPath=
HashTypes=65474
AddWildCard.SubfolderDepth=0
AddWildCard.Wildcard=
AddExportHeaderLine=0
CRC32DisplayMode=1
WinPos=2C 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF D0 00 00 00 D0 00 00 00 50 03 00 00 B0 02 00 00
Columns=00 00 00 00 00 00 01 00 FA 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 06 00 00 00 07 00 00 00 08 00 00 00 09 00 00 00 0A 00 00 00 0B 00 00 00 0C 00 00 00 0D 00 00 00 0E 00 00 00 0F 00
Sort=0
__done
delete "{(pathname of parent folder of regapp "besclient.exe" & "\hashmyfiles.cfg")}"
copy __createfile "{(pathname of parent folder of regapp "besclient.exe" & "\hashmyfiles.cfg")}"
delete "{(pathname of parent folder of regapp "besclient.exe" & "\hashmyfiles.exe")}"
    copy __download\hashmyfiles.exe "{(pathname of parent folder of regapp "besclient.exe" & "\hashmyfiles.exe")}"
endif
delete __createfile
createfile until __finish
{(pathname of parent folder of running application "BESRootServer.exe" & "\wwwrootbes\bfmirror\downloads\sha1")}
__finish
delete "{(pathname of parent folder of regapp "besclient.exe") & "\dirs.conf"}"
copy __createfile "{(pathname of parent folder of regapp "besclient.exe") & "\dirs.conf"}"
delete __createfile
createfile until __end
On error resume next
'OPTION EXPLICIT
DIM strExtensionsToDelete,strFolder, objShell, objhashlist, objFolder
DIM objFSO, MaxAge, IncludeSubFolders, objInputFile, strContents, strFindText,strReplaceText,strOutDir, str7zip, strDirList, strHashExe, strHashOut, StrWhitelist,ObjWhiteFile, strHash,strhashout1,strdirectory
Const ForReading = 1
Const ForWriting = 2
strOutdir = WScript.Arguments(0) & "\outfiles\"
strOutDir1 = WScript.Arguments(0) & "\outfiles\1\"
strOutDir2 = WScript.Arguments(0) & "\outfiles\1\2"
strOutDir3 = WScript.Arguments(0) & "\outfiles\1\2\3"
strOutDir4 = WScript.Arguments(0) & "\outfiles\1\2\3\4"
strOutDir4 = WScript.Arguments(0) & "\outfiles\1\2\3\4\5"
str7Zip = WScript.Arguments(0) & "\7z.exe"
strDirList = WScript.Arguments(0) & "\dirs.conf"
strHashExe = chr(34) & WScript.Arguments(0) & "\HashMyFiles.exe"& chr(34)
strHashOut = chr(34) & WScript.Arguments(0) & "\hash.tmp"& chr(34)
strHashOut1 = WScript.Arguments(0) & "\hash.tmp"
strWhiteList = WScript.Arguments(0) & "\WhiteList.csv"
strOutdel = WScript.Arguments(0) & "\outfiles"
strLastRun = WScript.Arguments(0) & "\lastrun.conf"
DeleteFolder strOutdel
dim filesys
Set filesys = CreateObject("Scripting.FileSystemObject")
Function DeleteFolder(strFolderPath)
Dim objFSO, objFolder
Set objFSO = CreateObject ("Scripting.FileSystemObject")
If objFSO.FolderExists(strFolderPath) Then
    objFSO.DeleteFolder strFolderPath, True
End If
End Function
If filesys.FileExists(strWhiteList) Then
filesys.DeleteFile strWhiteList
End If
filesys.CreateTextFile strWhiteList, True
' ************************************************************
' Setup
' ************************************************************
' Folder to delete files
' Delete files from sub-folders?
includeSubfolders = True
' A comma separated list of file extensions
' Files with extensions provided in the list below will be deleted
strExtensionsToDelete = "exe"

MaxAge = CLng(WScript.Arguments(2))

'maxAge = 15

' ************************************************************
Set objShell = WScript.CreateObject("WScript.Shell")
SET objFSO = CREATEOBJECT("Scripting.FileSystemObject")
SET objInputFile = objFSO.OpenTextFile(strDirList, ForReading)
strContents = objInputFile.ReadAll
strFindText = Chr(34)
strReplaceText = ""
strContents = Replace(strContents, strFindText, strReplaceText)
objInputFile.Close
Set objInputFile = objFSO.OpenTextFile(strDirList, ForWriting)
objInputFile.Write (StrContents)
objInputFile.Close
If filesys.FileExists(strLastRun) Then    
'wscript.echo "found it " & strLastRun
Set objInputFile = objFSO.OpenTextFile(strDirList,1)
Do until objInputFile.AtEndOfStream
    strFolder = objInputFile.ReadLine
Call bydate (strFolder,strExtensionsToDelete, maxAge, IncludeSubFolders)
Loop
objInputFile.Close
strExtensionsToDelete = "cab,zip,msi,msp"
Set objInputFile = objFSO.OpenTextFile(strDirList,1)
Do until objInputFile.AtEndOfStream
    strFolder = objInputFile.ReadLine
''wscript.echo"folder is " & strFolder
Call OtherFilesBydate (strFolder,strExtensionsToDelete, maxAge, IncludeSubFolders)
Loop
objInputFile.Close
Else
'wscript.echo "not found " & strLastRun
Set objInputFile = objFSO.OpenTextFile(strDirList,1)
Do until objInputFile.AtEndofStream
    strFolder = objInputFile.ReadLine
newrun strFolder,strExtensionsToDelete, IncludeSubFolders
Loop
objInputFile.Close
strExtensionsToDelete = "cab,zip,msi,msp"
Set objInputFile = objFSO.OpenTextFile(strDirList,1)
Do until objInputFile.AtEndOfStream
    strFolder = objInputFile.ReadLine
'wscript.echo"folder is " & strFolder
Call OtherFilesNewRun (strFolder,strExtensionsToDelete, IncludeSubFolders)
Loop
End If

SUB ByDate(ByVal strPath,strExtensionsToDelete,maxAge,includeSubFolders)
'wscript.echo "Bydate has been called"
'wscript.echo "maxAge = " & MaxAge
    DIM objFolder, objSubFolder, objFile, objhashlist, return, objhashfile, objWhitelist
    DIM strExt
'wscript.echo strPath
'SET objFolder = objFSO.GetFolder(strFolder)
        SET objFolder = objFSO.GetFolder(strPath)
'wscript.echo strpath
    FOR EACH objFile in ObjFolder.Files
    ''wscript.echo Chr(34) & objfile.path & Chr(34)
        FOR EACH strExt in SPLIT(UCASE(strExtensionsToDelete),",")
            'IF RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt THEN
                
IF DateDiff("n", objFile.DateLastModified, Now) < MaxAge Then
mydiff = objFile.DateLastModified - now
                    'wscript.echo Chr(34) & objfile.path & Chr(34)
                    'wscript.echo Chr(34) & objfile.DateLastModified & Chr(34)
                    'wscript.echo mydiff
                    'strSource = Chr(34) & objfile.path & Chr(34)
                    'objfso.CopyFile objfile.path, strOutdir, True
                    ''wscript.echo strHashExe & " /file " & chr(34) & objfile.path & chr(34) & " /scomma " & strHashOut
                    'Return = objShell.Run (strHashExe & " /file " & chr(34) & objfile.path & chr(34) & " /scomma " & strHashOut, 1, True)
                    'SET objHashFile = objFSO.OpenTextFile(strHashOut1, ForReading)
                    
                    'strHash = objHashFile.ReadLine
                    'objHashFile.Close
                    'Set objWhiteList = objFSO.OpenTextFile(strWhiteList, 8)
                    'objWhiteList.WriteLine ("*\." & objfile.name & "," & strHash & ",*")
                    'objWhiteList.Close
                    
                    'Loop
                    'objWhiteList.Close
                    
                    Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir & "\1" &chr(34) & " *.exe -r -aou" , 1, True)
                    EXIT For
                END IF
            'END If
        NEXT
    NEXT    
    IF includeSubFolders = TRUE THEN ' Recursive delete
        FOR EACH objSubFolder in objFolder.SubFolders
            Bydate objSubFolder.Path,strExtensionsToDelete,maxAge, includeSubFolders
        NEXT
    END IF
END SUB
objInputFile.Close
SUB newrun(ByVal strPath,strExtensionsToDelete,includeSubFolders)
'wscript.echo "newrun has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist, return, objhashfile, objWhitelist
    DIM strExt
'SET objFolder = objFSO.GetFolder(strFolder)
        SET objFolder = objFSO.GetFolder(strPath)
''wscript.echo strDirectory
    FOR EACH objFile in ObjFolder.Files
'wscript.echo objfile.path
        FOR EACH strExt in SPLIT(UCASE(strExtensionsToDelete),",")
            'IF RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt THEN
                

                    'Return = objShell.Run (strHashExe & " /file " & chr(34) & objfile.path & chr(34) & " /scomma " & strHashOut, 1, True)
                    'SET objHashFile = objFSO.OpenTextFile(strHashOut1, ForReading)
                    
                    'strHash = objHashFile.ReadLine
                    'objHashFile.Close
                    'Set objWhiteList = objFSO.OpenTextFile(strWhiteList, 8)
                    'objWhiteList.WriteLine ("*\." & objfile.name & "," & strHash & ",*")
                    'objWhiteList.Close
                    
                    'Loop
                    'objWhiteList.Close
                    Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir & "\1" &chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)
                    EXIT For
                
            'END If
        NEXT
    NEXT    
    IF includeSubFolders = TRUE THEN
        FOR EACH objSubFolder in objFolder.SubFolders
            newrun objSubFolder.Path,strExtensionsToDelete, includeSubFolders
        NEXT
    END IF
END SUB
objInputFile.Close

SUB OtherFilesBydate(ByVal strPath,BYVAL strExtensionsToDelete,BYVAL maxAge,includeSubFolders)
'wscript.echo "othersbydate has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    'SET objFolder = objFSO.GetFolder(strDirectory)
SET objFolder = objFSO.GetFolder(strPath)
''wscript.echo strDirectory
    FOR EACH objFile in objFolder.Files
        FOR EACH strExt in SPLIT(UCASE(strExtensionsToDelete),",")
        '    IF RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt THEN
                
IF DateDiff("n", objFile.DateLastModified, Now) < MaxAge THEN
                    ''wscript.echo Chr(34) & objfile.path & Chr(34)
                    'strSource = Chr(34) & objfile.path & Chr(34)
                    objfso.CopyFile objfile.path, strOutdir, True
                    EXIT FOR
                'END IF
            END IF
        NEXT
    NEXT    
    IF includeSubFolders = TRUE THEN ' Recursive delete
        FOR EACH objSubFolder in objFolder.SubFolders
            OtherFilesByDate objSubFolder.Path,strExtensionsToDelete,maxAge, includeSubFolders
        NEXT
    END IF
END Sub
SUB OtherFilesNewRun(ByVal strPath,BYVAL strExtensionsToDelete,includeSubFolders)
'wscript.echo "othersnewrun has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    'SET objFolder = objFSO.GetFolder(strDirectory)
SET objFolder = objFSO.GetFolder(strPath)
''wscript.echo strDirectory
    FOR EACH objFile in objFolder.Files
        FOR EACH strExt in SPLIT(UCASE(strExtensionsToDelete),",")
            IF RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt THEN
                
IF DateDiff("n", objFile.DateLastModified, Now) < MaxAge THEN
                    ''wscript.echo Chr(34) & objfile.path & Chr(34)
                    'strSource = Chr(34) & objfile.path & Chr(34)
                    objfso.CopyFile objfile.path, strOutdir, True
                    EXIT FOR
                END IF
            END IF
        NEXT
    NEXT    
    IF includeSubFolders = TRUE THEN ' Recursive delete
        FOR EACH objSubFolder in objFolder.SubFolders
            OtherFilesNewRun objSubFolder.Path,strExtensionsToDelete, includeSubFolders
        NEXT
    END IF
END SUB
'set strFolder = stroutdir
If objFSO.FolderExists(strOutDir) Then
Call Extract1 (strOutDir)
End If
SUB Extract1(ByVal strPath)
'wscript.echo "extract1 has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    
SET objFolder = objFSO.GetFolder(strPath)

    FOR EACH objFile in objFolder.Files
                    
                    
Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir1 &chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)        
                    
            
    NEXT    
    
END SUB
If objFSO.FolderExists(strOutDir1) Then
Call Extract2 (strOutDir1)
End If
SUB Extract2(ByVal strPath)
'wscript.echo "extract2 has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    
SET objFolder = objFSO.GetFolder(strPath)

    FOR EACH objFile in objFolder.Files
                    
                    
Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir2 &chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)        
                    
            
    NEXT    
    
END SUB
If objFSO.FolderExists(strOutDir2) Then
Call Extract3 (strOutDir2)
End If
SUB Extract3(ByVal strPath)
'wscript.echo "extract3 has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    
SET objFolder = objFSO.GetFolder(strPath)

    FOR EACH objFile in objFolder.Files
                    
                    
Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir3 &chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)        
                    
            
    NEXT    
    
END SUB
If objFSO.FolderExists(strOutDir3) Then
Call Extract4 (strOutDir3)
End If
SUB Extract4(ByVal strPath)
'wscript.echo "extract4 has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    
SET objFolder = objFSO.GetFolder(strPath)

    FOR EACH objFile in objFolder.Files
                    
                    
Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir4 &chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)        
                    
            
    NEXT    
    
END SUB
If objFSO.FolderExists(strOutDir4) Then
Call Extract5 (strOutDir4)
End if
SUB Extract5(ByVal strPath)
'wscript.echo "extract5 has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    
SET objFolder = objFSO.GetFolder(strPath)

    FOR EACH objFile in objFolder.Files
                    
                    
Return = objShell.Run (chr(34) & str7Zip & chr(34) & " e " & chr(34) & objfile.path & chr(34) & " -o" & chr(34) & strOutdir5 & chr(34) & " *.exe *.cab *.msi *.msp -r -aou" , 1, True)        
                    
            
    NEXT    
    
END Sub
If objFSO.FolderExists(strOutDir) Then
strExtensionsToDelete = "exe"
BigCSV strOutDir,strExtensionsToDelete, IncludeSubFolders
End If
SUB BigCSV(ByVal strPath,BYVAL strExtensionsToDelete,includeSubFolders)
'wscript.echo "BigCsv has been called"
    DIM objFolder, objSubFolder, objFile, objhashlist
    DIM strExt
    'SET objFolder = objFSO.GetFolder(strDirectory)
SET objFolder = objFSO.GetFolder(strPath)
''wscript.echo strDirectory
    FOR EACH objFile in objFolder.Files
    
        FOR EACH strExt in SPLIT(UCASE(strExtensionsToDelete),",")
            IF RIGHT(UCASE(objFile.Path),LEN(strExt)+1) = "." & strExt THEN
                

                    Return = objShell.Run (strHashExe & " /file " & chr(34) & objfile.path & chr(34) & " /scomma " & strHashOut, 1, True)
                    SET objHashFile = objFSO.OpenTextFile(strHashOut1, ForReading)
                    
                    strHash = objHashFile.ReadLine
                    objHashFile.Close
                    Set objWhiteList = objFSO.OpenTextFile(strWhiteList, 8)
                    objWhiteList.WriteLine ("*\." & objfile.name & "," & strHash & ",*")
                    objWhiteList.Close
                    EXIT FOR
            
            END IF
        NEXT
    NEXT    
    IF includeSubFolders = TRUE THEN
        FOR EACH objSubFolder in objFolder.SubFolders
            BigCSV objSubFolder.Path,strExtensionsToDelete, includeSubFolders
        NEXT
    END IF
END SUB

DeleteFolder strOutdel
Function DeleteFolder(strFolderPath)
'wscript.echo "deletefolder has been called"
Dim objFSO, objFolder
Set objFSO = CreateObject ("Scripting.FileSystemObject")
If objFSO.FolderExists(strFolderPath) Then
    objFSO.DeleteFolder strFolderPath, True
End If
End Function
If filesys.FileExists(strLastRun) Then
filesys.DeleteFile strLastRun
End If
filesys.CreateTextFile strLastRun, True
Return = objShell.Run (chr(34) & WScript.Arguments(1) & chr(34) & " /importhashes=" & Chr(34) & StrWhitelist & chr(34) & " /createifnotexist", 1, True)
__end
delete "{(pathname of parent folder of regapp "besclient.exe" & "\resport.vbs")}"
copy __createfile "{(pathname of parent folder of regapp "besclient.exe" & "\resport.vbs")}"
setting "RESAutoApprove_LAST_RUN"="{NOW}" on "{NOW}" for client
runhidden cmd /c cscript /nologo "{(pathname of parent folder of regapp "besclient.exe" & "\resport.vbs")}" "{(pathname of parent folder of regapp "besclient.exe")}" "{pathname of parent folder of parent folder of file of service "res" & "\pwrtech.exe"}" {parameter "lasttime"}
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments