• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login
SecTeer VulnDetect & PatchPro Support Forum VulnDetect
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Download VulnDetect Installer
  • Login

Updating SysInternals

Scheduled Pinned Locked Moved [Corporate] Deployment -> Custom Software
1 Posts 1 Posters 2.1k Views 1 Watching
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    Tom VulnDetect Team Member
    last edited by Tom 15 May 2024, 10:39

    Based on customer requests we've examined ways to update Portable Apps, like apps form the SysInternals bundle.

    There are many ways to achieve this, but we wanted one that works well with the Custom Software feature in VulnDetect.

    We also wanted to avoid making one Config per App in the SysInternals bundle.

    And, since these files can live in various places, including folders that are writable by non-privileged users, we wanted to be careful not to overwrite the wrong files or follow symbolic links.

    The script will not overwrite files unless they have the company name specified in the $companyNameToCheck variable, it will also not touch files in the $excludedDirs.

    The combination of Custom Software and this script assumes that you add a ZIP archive as an Additonal File and that the ZIP archive contains a folder called "files" with all the SysInternal files you want to replace, e.g. the entire SysInternals bundle.
    5ab3afde-6712-4598-8609-b55043ba85fc-image.png

    You can also edit the $sourceDir variable if you want to use a different layout in your ZIP archive.

    The below script was created by ChatGPT (by OpenAI). It was created based on the above requirements and it has been reviewed and tested by SecTeer.

    Note: This script is intended to run in an automated fashion and with a sub folder of known trusted files. Executing this in the wrong location and altering variables and conditions may have unforeseen consequences, because the script overwrites files recursively.

    # Define the company name to check for
$companyNameToCheck = "Sysinternals - www.sysinternals.com"

# Get the current working directory and set the source directory to the "files" subfolder
$sourceDir = Join-Path -Path (Get-Location) -ChildPath "files"
$drive = "C:\"

# List of directories to exclude (common shim file locations)
$excludedDirs = @(
    "$env:SystemRoot\AppPatch",
    "$env:SystemRoot\System32\ShimCache"
)

# Function to get the latest file from a directory
function Get-LatestFile {
    param (
        [string]$directory,
        [string]$fileName
    )
    $files = Get-ChildItem -Path $directory -Filter $fileName
    $latestFile = $files | Sort-Object LastWriteTime -Descending | Select-Object -First 1
    return $latestFile
}

# Function to check the "Company Name" and "Product Name" properties of a file
function Get-FileProperties {
    param (
        [string]$filePath
    )
    $properties = Get-ItemProperty -Path $filePath -Name 'VersionInfo'
    return @{
        CompanyName = $properties.VersionInfo.CompanyName
        ProductName = $properties.VersionInfo.ProductName
    }
}

# Function to recursively replace files in the target directory with the latest from the source directory
function Replace-Files {
    param (
        [string]$sourceDir,
        [string]$drive,
        [string]$companyNameToCheck
    )

    # Get the list of files in the source directory
    $sourceFiles = Get-ChildItem -Path $sourceDir

    # Iterate over each file in the source directory
    foreach ($sourceFile in $sourceFiles) {
        # Get the latest version of the source file
        $latestSourceFile = Get-LatestFile -directory $sourceDir -fileName $sourceFile.Name

        # Find matching files in the drive recursively, excluding the source directory and excluded directories
        $matchingFiles = Get-ChildItem -Path $drive -Filter $sourceFile.Name -Recurse -ErrorAction SilentlyContinue | Where-Object {
            $_.FullName -notlike "$sourceDir*" -and
            $excludedDirs -notcontains $_.DirectoryName
        }

        # Replace each matching file with the latest source file if the company name matches and it is not a Chocolatey shim file
        foreach ($targetFile in $matchingFiles) {
            $properties = Get-FileProperties -filePath $targetFile.FullName
            if ($properties.CompanyName -eq $companyNameToCheck -and $properties.ProductName -notlike "*Chocolatey Shim*") {
                Copy-Item -Path $latestSourceFile.FullName -Destination $targetFile.FullName -Force
                Write-Output "Replaced $($targetFile.FullName) with $($latestSourceFile.FullName)"
            } else {
                Write-Output "Skipped $($targetFile.FullName) as it is either not from '$companyNameToCheck' or it is a Chocolatey shim file"
            }
        }
    }
}

# Call the function to replace files
Replace-Files -sourceDir $sourceDir -drive $drive -companyNameToCheck $companyNameToCheck

    /Tom
    Download the latest SecTeer VulnDetect agent here:
    https://vulndetect.com/dl/secteerSetup.exe

    1 Reply Last reply Reply Quote 0
    • T Tom moved this topic from [Custom Software guide drafts] on 15 May 2024, 12:40
    1 out of 1
    • First post
      1/1
      Last post
    Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

    Please see our Privacy and Data Processing Policy
    Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
    Forum software by NodeBB