Custom inventory rule for list exe files in a directory
Hello,
I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?
I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)
Thanks in advance
I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?
I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)
Thanks in advance
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
SMal.tmcc
9 years ago
have you seen my blog from DWUF last year?
http://www.itninja.com/blog/view/using-the-k1000-to-help-manage-your-pups-presented-at-dell-world-user-forum-2014-lessons-from-the-field
http://www.itninja.com/blog/view/using-the-k1000-to-help-manage-your-pups-presented-at-dell-world-user-forum-2014-lessons-from-the-field
