1
News/Updates / Re: RogueKiller 13
« Last post by Satchfan on Today at 05:01:07 pm »Thanks Tigzy.
Recent Posts
2
News/Updates / Re: RogueKiller 13
« Last post by Tigzy on Today at 04:25:39 pm »Hello, version 13.5.7 is available 
Code: [Select]
V13.5.7 11/20/2019
=================
- Updated to core 3.2.17
* Added Background scan
* Fixed possible crash at scanner destroy
* Minor fixes
* Added background scan (low CPU usage) setting for scheduled scans
* Icons refactoring
3
News/Updates / Re: Adlice CDE
« Last post by Tigzy on Today at 10:41:59 am »Hello, version 2.6.9 is online
Code: [Select]
V2.6.9 11/20/2019
=================
- Updated to core 3.2.17
* Minor fixes
4
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 18, 2019, 03:43:02 pm »I understand now.
$args = @"
-scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact
"@
Start-Process -FilePath $roguekillerexe -ArgumentList $args -Wait -RedirectStandardError $stdErrLog -NoNewWindow
Would it be change out -autodelete with something? I get the log sent every time it runs. If there is anything found in the log it goes direct to a tech rather than the general logging email address.
Could we create a follow up script that uses the log file to delete things previous found? That way we would avoid a second scan.
$args = @"
-scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact
"@
Start-Process -FilePath $roguekillerexe -ArgumentList $args -Wait -RedirectStandardError $stdErrLog -NoNewWindow
Would it be change out -autodelete with something? I get the log sent every time it runs. If there is anything found in the log it goes direct to a tech rather than the general logging email address.
Could we create a follow up script that uses the log file to delete things previous found? That way we would avoid a second scan.
5
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on November 15, 2019, 09:07:45 pm »Hi techknowledge,
There does not exist such a switch at the moment.
Maybe, you could share the script with sensitive information removed ? Which parameters are passed to Powershell binary along the script ?
Regards.
There does not exist such a switch at the moment.
Maybe, you could share the script with sensitive information removed ? Which parameters are passed to Powershell binary along the script ?
Regards.
6
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 15, 2019, 03:23:43 pm »Unfortunately I will not be able to provide the script. However the script itself is not important in this situation. There are many scripts that I run through my MSP. They all run from that folder.
I fully understand not being able to white list a folder.
I was thinking more along the lines of providing a whitelist command line argument. If n argument already exists, could I get documentation on how to use it?
As it stands I have been forced to omit RougueKiller from my cleanup process.
Thank you again for your time, I do appreciate it.
I fully understand not being able to white list a folder.
I was thinking more along the lines of providing a whitelist command line argument. If n argument already exists, could I get documentation on how to use it?
As it stands I have been forced to omit RougueKiller from my cleanup process.
Thank you again for your time, I do appreciate it.
7
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on November 15, 2019, 01:50:08 am »Hi techknowledge,
Thanks for your feedback.
Could you please zip the detected powershell script and attach it with your next reply ?
Regards.
Thanks for your feedback.
Could you please zip the detected powershell script and attach it with your next reply ?
Regards.
8
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 14, 2019, 04:14:41 pm »The powershell script that calls rogue killer via my MSP gets killed by rogue killer. As a result code after the portion that runs roguekiller does not run.
The powershell script in the log will change with each run.
Thank you for your time.
Scan log file:
The powershell script in the log will change with each run.
Thank you for your time.
Scan log file:
Code: [Select]
RogueKillerCMD V2.5.3.0 (x64) [Nov 8 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekillercmd/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : SYSTEM [Admin rights]
Started from : C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\roguekillercmd.exe
[[SIGNATURES]] : 20191112_105343, [[DRIVER]] : LOADED
Mode : Standard Scan, Remove -- Date : 2019/11/12 11:42:02 (Duration : 00:03:54)
Switches : -reportformat txt -reportpath C:\Programdata\TechKnowledgeCleanup\logs\RogueKillerLog.txt -portable-license C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\rk.lic
いいいいいいいいいいいい Remove いいいいいいいいいいいい
[Mal.Powershell ([[MALICIOUS]])] powershell.exe -- %ProgramFiles%\Pulseway\automation_c15ddc4a_4ca5_4033_9985_ae772f03c0cc.ps1 -> ERROR [0]9
News/Updates / Re: UCheck: News/Updates
« Last post by Tigzy on November 08, 2019, 05:30:43 pm »Version 3.4.3 is available
Code: [Select]
V3.4.3 11/08/2019
=================
- Updated to core 3.2.16
* Minor fixes
* Fixed a potential issue where Exclusions were not working properly
10
News/Updates / Re: Adlice Diag
« Last post by Tigzy on November 08, 2019, 03:52:03 pm »Version 1.4.3 is available
Code: [Select]
V1.4.3 11/07/2019
=================
- Updated to core 3.2.16
* Fixed possible crash when exiting during a scan
* Minor fixes
