When working with Syntaro App Management you learn how helpful the Base Script can be. I have extended it to make it simpler to create your own packages. In the last few weeks I had the following challanges in customer projects.
Kill running Processes
Until last week you had to specify each process by process name. This is ok in most situations, but sometimes you have a application with a dozen of executables in their program files folder. So, I extended the Kill-Process functionality to allow closing by path and to use wildcards in the path.
Kill-Process -Path "C:\Program Files (x86)\Microsoft Office\*" Kill-Process -Path "C:\*\Microsoft Office\*"
Examples when specifying the process name:
Kill-Process -Name "winword.exe" Kill-Process -Name "winword*"
I hope this will also help you in future.
Simpler detection methods
The existing implementation of the Get-Installed Application was already very helpful in the detection script. If you just checked if the App is installed the following code was enough:
if(Get-InstalledApplication -ProductCode "{FA70E4D3-C628-44D5-991C-3F188488C30B}"){ $true } else { $false }
But when you started to check also for the version then it needed a few more lines (And this example is without error handling):
$App = Get-InstalledApplication -ProductCode "{FA70E4D3-C628-44D5-991C-3F188488C30B}" | Where-Object { [Version]$TargetAppVersion = 2.0.4 [Version]$CurrentAppVersion = [Version]($_.DisplayVersion) $CurrentAppVersion -ge $TargetAppVersion } if($App){ $true } else { $false }
So, I started thinking about the possible improvements. With the new version of the Base Script you can just use the following:
if(Get-InstalledApplication -ProductCode "{FA70E4D3-C628-44D5-991C-3F188488C30B}" -Version [Version]"2.0.4" -VersionComparison ge){ $true } else { $false }
Summery
With the new functions it is much simpler to create the detection script with much fewer lines of code. I hope this will help you in your projects. The new script is available as usual on Github.
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
0 Comments