Find Ransomware Files on P Drive
Log In or Register to download the BES file, and more.

0 Votes

Description

Find files with specified extension on P drive.

Property Details

ID24345
StatusProduction - Fully Tested and Ready for Production
TitleFind Ransomware Files on P Drive
DomainBESC
SourceInternal
Source Release Date5/4/2016 12:00:00 AM
Keywordswannacry ransomware
Is TaskTrue
Added by on 5/15/2017 7:56:57 PM
Last Modified by on 5/15/2017 7:56:57 PM
Counters 1452 Views / 1 Download
User Rating 1 star 2 star 3 star 4 star 5 star * Average over 0 ratings. ** Log In or Register to add your rating.

Relevance

isWindows (Relevance 274)
Used in 229 fixlets and 3 analyses   * Results in a true/false
Show indented relevance
name of operating system starts with "Win"
Used in 1 fixlet   * Results in a true/false
Show indented relevance
exists folder "p:\"

Actions

Action 1 (default)

Action Link Click here to deploy this action.
Script Type BigFix Action Script
waithidden cmd /c if exist p:\ransomware_list.txt del p:\ransomware_list.txt /q /f
waithidden cmd /c dir p:\*.wn p:\*.wcry /a /s >p:\ransomware_list.txt
Success Criteria

This action will be considered successful when the applicability relevance evaluates to false.


Sharing

Social Media:
Share this page on Yammer

Comments

Log In or Register to leave comments!
cjwolford -
intended to be used with analysis that won't upload: if(exists file "p:\ransomware_list.txt") and (number of lines of file "p:\ransomware_list.txt" > 2) then ("RANSOMWARE DETECTED") else ("No File Found")