paulmataruso/tacticalrmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
415f08ba3a176e51ef30b32ff8efa9e77c69da4c
tacticalrmm/scripts_wip/Win_Software_Autoruns_Get.ps1
silversword411 4e5676e80f adding the wip
2021-04-29 11:45:32 -04:00

23 lines
873 B
PowerShell
Raw Blame History

###
# Author: Dave Long <dlong@cagedata.com>
# Uses Autoruns from Sysinternals to get all automatically running programs on PCs.
# Also tests autoruns against Virtus Total and shows how many AV programs detect
# each autorun as a virus.
#
# Running assumes acceptance of the Sysinternals and Virus Total licenses.
###
$AutorunsUrl = "https://download.sysinternals.com/files/Autoruns.zip"
$AutorunsOut = Join-Path $env:TEMP "Autoruns.zip"
$Autoruns = Join-Path $env:TEMP "Autoruns"
$OutputFile = Join-Path $Autoruns "autoruns.csv"
Invoke-WebRequest -Uri $AutorunsUrl -OutFile $AutorunsOut
Expand-Archive -Path $AutorunsOut -DestinationPath $Autoruns
Start-Process -Wait -FilePath $Autoruns/autorunsc.exe -NoNewWindow -PassThru -ArgumentList @("-v", "-vt", "-c", "-o $OutputFile")
Import-Csv -Path $OutputFile
Write-Host "Complete Autoruns output stored at $OutputFile"
Reference in New Issue View Git Blame Copy Permalink