Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - techknowledge

Pages: [1]
1
RogueKiller / Re: ===> False Positives <===
« on: December 05, 2019, 08:06:44 pm »
I change the script frequently.
Is the file pattern something I can set on my side?

2
RogueKiller / Re: ===> False Positives <===
« on: November 18, 2019, 03:43:02 pm »
I understand now.
$args = @"
-scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact
"@
Start-Process -FilePath $roguekillerexe -ArgumentList $args -Wait -RedirectStandardError $stdErrLog -NoNewWindow

Would it be change out -autodelete with something? I get the log sent every time it runs. If there is anything found in the log it goes direct to a tech rather than the general logging email address.

Could we create a follow up script that uses the log file to delete things previous found? That way we would avoid a second scan.

3
RogueKiller / Re: ===> False Positives <===
« on: November 15, 2019, 03:23:43 pm »
Unfortunately I will not be able to provide the script. However the script itself is not important in this situation. There are many scripts that I run through my MSP. They all run from that folder.

I fully understand not being able to white list a folder.
I was thinking more along the lines of providing a whitelist command line argument. If n argument already exists, could I get documentation on how to use it?

As it stands I have been forced to omit RougueKiller from my cleanup process.

Thank you again for your time, I do appreciate it.

4
RogueKiller / Re: ===> False Positives <===
« on: November 14, 2019, 04:14:41 pm »
The powershell script that calls rogue killer via my MSP gets killed by rogue killer. As a result code after the portion that runs roguekiller does not run.
The powershell script in the log will change with each run.

Thank you for your time.

Scan log file:
Code: [Select]
RogueKillerCMD V2.5.3.0 (x64) [Nov  8 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekillercmd/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : SYSTEM [Admin rights]
Started from : C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\roguekillercmd.exe
[[SIGNATURES]] : 20191112_105343, [[DRIVER]] : LOADED
Mode : Standard Scan, Remove -- Date : 2019/11/12 11:42:02 (Duration : 00:03:54)
Switches : -reportformat txt -reportpath C:\Programdata\TechKnowledgeCleanup\logs\RogueKillerLog.txt -portable-license C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\rk.lic

いいいいいいいいいいいい Remove いいいいいいいいいいいい
[Mal.Powershell ([[MALICIOUS]])] powershell.exe -- %ProgramFiles%\Pulseway\automation_c15ddc4a_4ca5_4033_9985_ae772f03c0cc.ps1 -> ERROR [0]

5
RogueKiller / Re: ===> False Positives <===
« on: September 11, 2019, 07:42:18 pm »
%ProgramFiles%\Pulseway\*.ps1
All of my powershell scripts that are running get killed by roguekiller.

roguekillercmd arguments: -scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact

Thank you for your time!

Pages: [1]