On Mon, Jun 2, 2014 at 10:22 PM, Trieu Ngo Duy <[email protected]> wrote: > Thanks everyone for the reply. My purpose is to prevent one party agent > software Windows 7. Much I've learned in the past week but no way to solve > it. Can you help me write a script for this. > >
Basic instructions: Write a normal batch script for Windows, distribute it to your agents in the ossec/active-response/bin directory (hopefully, it could be way different on Windows I guess), and set it up on the server as an active response. If you need more than that, please ask specific questions. > 2014-06-03 8:23 GMT+07:00 Michael Starks <[email protected]>: > >> On 06/01/2014 09:37 PM, Trieu Ngo Duy wrote: >>> >>> help me about active response. how to execute this command: REG ADD HKCU >>> \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer >>> \ DisallowRun in agent window ? >>> thank you very much..! >> >> >> I have used the following to check the registry run key so maybe you could >> use something similar for an active response: >> >> %WINDIR%\system32\reg.exe query >> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s | >> %WINDIR%\system32\findstr.exe /BV "! REG.EXE" | %WINDIR%\system32\findstr >> /BV "^$" >> >> >> -- >> >> --- You received this message because you are subscribed to the Google >> Groups "ossec-list" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> For more options, visit https://groups.google.com/d/optout. > > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
