Recent Posts

Pages: [1] 2 3 ... 10
1
News/Updates / Re: RogueKiller 13
« Last post by Satchfan on Today at 05:01:07 pm »
Thanks Tigzy.
2
News/Updates / Re: RogueKiller 13
« Last post by Tigzy on Today at 04:25:39 pm »
Hello, version 13.5.7 is available :)

Code: [Select]
V13.5.7 11/20/2019
=================
- Updated to core 3.2.17
  * Added Background scan
  * Fixed possible crash at scanner destroy
  * Minor fixes
* Added background scan (low CPU usage) setting for scheduled scans
* Icons refactoring
3
News/Updates / Re: Adlice CDE
« Last post by Tigzy on Today at 10:41:59 am »
Hello, version 2.6.9 is online :)

Code: [Select]
V2.6.9 11/20/2019
=================
- Updated to core 3.2.17
  * Minor fixes
4
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 18, 2019, 03:43:02 pm »
I understand now.
$args = @"
-scan "-reportformat txt -reportpath $ThisApplicationLogFile -portable-license $roguekillerlicense" -autodelete -no_interact
"@
Start-Process -FilePath $roguekillerexe -ArgumentList $args -Wait -RedirectStandardError $stdErrLog -NoNewWindow

Would it be change out -autodelete with something? I get the log sent every time it runs. If there is anything found in the log it goes direct to a tech rather than the general logging email address.

Could we create a follow up script that uses the log file to delete things previous found? That way we would avoid a second scan.
5
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on November 15, 2019, 09:07:45 pm »
Hi techknowledge,

There does not exist such a switch at the moment.
Maybe, you could share the script with sensitive information removed ? Which parameters are passed to Powershell binary along the script ?


Regards.
6
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 15, 2019, 03:23:43 pm »
Unfortunately I will not be able to provide the script. However the script itself is not important in this situation. There are many scripts that I run through my MSP. They all run from that folder.

I fully understand not being able to white list a folder.
I was thinking more along the lines of providing a whitelist command line argument. If n argument already exists, could I get documentation on how to use it?

As it stands I have been forced to omit RougueKiller from my cleanup process.

Thank you again for your time, I do appreciate it.
7
RogueKiller / Re: ===> False Positives <===
« Last post by Curson on November 15, 2019, 01:50:08 am »
Hi techknowledge,

Thanks for your feedback.
Could you please zip the detected powershell script and attach it with your next reply ?

Regards.
8
RogueKiller / Re: ===> False Positives <===
« Last post by techknowledge on November 14, 2019, 04:14:41 pm »
The powershell script that calls rogue killer via my MSP gets killed by rogue killer. As a result code after the portion that runs roguekiller does not run.
The powershell script in the log will change with each run.

Thank you for your time.

Scan log file:
Code: [Select]
RogueKillerCMD V2.5.3.0 (x64) [Nov  8 2019] (Premium) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekillercmd/
Operating System : Windows 10 (10.0.17763) 64 bits
Started in : Normal mode
User : SYSTEM [Admin rights]
Started from : C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\roguekillercmd.exe
[[SIGNATURES]] : 20191112_105343, [[DRIVER]] : LOADED
Mode : Standard Scan, Remove -- Date : 2019/11/12 11:42:02 (Duration : 00:03:54)
Switches : -reportformat txt -reportpath C:\Programdata\TechKnowledgeCleanup\logs\RogueKillerLog.txt -portable-license C:\Programdata\TechKnowledgeCleanup\bin\scanners\roguekiller\rk.lic

いいいいいいいいいいいい Remove いいいいいいいいいいいい
[Mal.Powershell ([[MALICIOUS]])] powershell.exe -- %ProgramFiles%\Pulseway\automation_c15ddc4a_4ca5_4033_9985_ae772f03c0cc.ps1 -> ERROR [0]
9
News/Updates / Re: UCheck: News/Updates
« Last post by Tigzy on November 08, 2019, 05:30:43 pm »
Version 3.4.3 is available :)

Code: [Select]
V3.4.3 11/08/2019
=================
- Updated to core 3.2.16
 * Minor fixes
* Fixed a potential issue where Exclusions were not working properly
10
News/Updates / Re: Adlice Diag
« Last post by Tigzy on November 08, 2019, 03:52:03 pm »
Version 1.4.3 is available :)

Code: [Select]
V1.4.3 11/07/2019
=================
- Updated to core 3.2.16
 * Fixed possible crash when exiting during a scan
 * Minor fixes
Pages: [1] 2 3 ... 10