Prep for Tamper Protection #110
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
Alan-Huntress
commented
Dec 26, 2024
Alan-Huntress
commented
- Remove/delete services when using uninstall flag
- Additional logging to note which user context the script is running under. For troubleshooting TP issues.
- Warn if TP could interfere, i.e. if TP is detected (checks the service status instead of the context)
- Script checks for assets in \Program Files\ instead of checking for services since some uninstall methods leave the services in place. This check is needed to prevent RMM's from hammering the Huntress portal with repeated installs.
- Fixed orphan checker, should no longer go down that execution path unless an orphaned agent is actually detected.
- Switched to using SC.exe instead of WMI calls for removing service(s), more reliable with a wider variety of machines
Remove/delete services when using uninstall flag
Additional logging to note which user context the script is running under. For troubleshooting TP issues.
Warn if TP could interfere, i.e. if TP is detected (checks the service status instead of the context)
Script checks for assets in \Program Files\ instead of checking for services since some uninstall methods leave the services in place. This check is needed to prevent RMM's from hammering the Huntress portal with repeated installs.
Fixed orphan checker, should no longer go down that execution path unless an orphaned agent is actually detected.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
rob-no
reviewed
Jan 7, 2025
|
For security reasons, it's recommended to use the full path for |
Remove/delete services when using uninstall flag (now including Huntmon) Additional logging to note which user context the script is running under. For troubleshooting TP issues. Warn if TP could interfere, i.e. if TP is detected (checks the service status instead of the context) Script checks for assets in \Program Files\ instead of checking for services since some uninstall methods leave the services in place. This check is needed to prevent RMM's from hammering the Huntress portal with repeated installs. Fixed orphan checker, should no longer go down that execution path unless an orphaned agent is actually detected. Switched to using SC.exe instead of WMI calls for removing service(s), more reliable with a wider variety of machines. Using full path to avoid path hijacks. Removed unnecessary variable execution wrap Switch $NULL comparators to prevent null check panic Updated year
Prep for Tamper Protection
rob-no
approved these changes
Jan 9, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.