help me how to write a script on windows active response? used to add a registry key to any? thanks
2014-06-03 19:04 GMT+07:00 dan (ddp) <[email protected]>: > On Mon, Jun 2, 2014 at 10:22 PM, Trieu Ngo Duy <[email protected]> > wrote: > > Thanks everyone for the reply. My purpose is to prevent one party agent > > software Windows 7. Much I've learned in the past week but no way to > solve > > it. Can you help me write a script for this. > > > > > > Basic instructions: > Write a normal batch script for Windows, distribute it to your agents > in the ossec/active-response/bin directory (hopefully, it could be way > different on Windows I guess), and set it up on the server as an > active response. > > If you need more than that, please ask specific questions. > > > 2014-06-03 8:23 GMT+07:00 Michael Starks <[email protected]>: > > > >> On 06/01/2014 09:37 PM, Trieu Ngo Duy wrote: > >>> > >>> help me about active response. how to execute this command: REG ADD > HKCU > >>> \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer > >>> \ DisallowRun in agent window ? > >>> thank you very much..! > >> > >> > >> I have used the following to check the registry run key so maybe you > could > >> use something similar for an active response: > >> > >> %WINDIR%\system32\reg.exe query > >> HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /s | > >> %WINDIR%\system32\findstr.exe /BV "! REG.EXE" | > %WINDIR%\system32\findstr > >> /BV "^$" > >> > >> > >> -- > >> > >> --- You received this message because you are subscribed to the Google > >> Groups "ossec-list" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/d/optout. > > > > > > -- > > > > --- > > You received this message because you are subscribed to the Google Groups > > "ossec-list" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/d/optout. > > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
