As you stated, you can wrap the install in a script. For the facilitating
detection, you have a couple options:
* Create a file on the file system and detect the existence of the file
* Write to the registry as you said and detect the registry entry
Those are the two methods I have used most.
Jeff
From: [email protected]
To: [email protected]
Subject: [mssms] Help with Detection Method
Date: Mon, 30 Mar 2015 19:34:20 +0000
I’m creating a deployment type for an application I’m working on and its not
the main app install, it’s a small script compiled to an .exe (written by the
vendor) that needs
to be run beforehand. The script just deletes some file associations (which
ones, I’m not clear on) and I’m trying to figure out what I can use for the
detection method. As far as I can tell, it doesn’t create any files, it doesn’t
create anything in Add/Remove,
and without knowing which files associations it’s modifying, I have nothing to
detect. I’ve reached out to the vendor so waiting on a response from them.
Assuming they can’t help, any ideas? I thought about using a Powershell script
to read from the event
logs (Applocker execution events) to see if its been run. I also thought about
wrapping it in a script that writes something to the registry which can be used
for detection. Before I went down that road, figured I’d see if there were any
other ideas.
Thanks!
James Beardsley | Firm Technology Group
Dixon Hughes Goodman LLP
Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient, you
are hereby notified
that any review, disclosure, copying, or dissemination of this transmission,
or taking of any action in reliance on its contents, or other use is strictly
prohibited. If you have received this transmission in error, please reply to
the sender listed above
immediately and permanently delete this message from your inbox. Thank you for
your cooperation.
