/build/static/layout/Breadcrumb_cap_w.png

Deleting a file in System32 folder

Hello,

I am trying to remove a file from the System32 directory (C:\Windows\System32\MpSigStub.exe) , however no matter what I try it doesn't seem to want to delete the file.  I have Tried running an online shell script with the following:

del "C:\Windows\System32\MpSigStub.exe" which works when I run it in my elevated cmd window perfectly fine. In my none elevated cmd window I get an access is denied error. 

I am running this as local system but still the file doesn't delete. 

I have tried an Online KScript with the following: 

Verify

  1. Verify that the file “$(KACE_SYS_DIR)\MpSigStub.exe” exists

    On Success

    1. Launch “$(KACE_SYS_DIR)\cmd.exe” with params “del ”C:\Windows\System32\MpSigStub.exe“”.

And still the file remains. 

Please could someone let me know where I am going wrong? Is there a way of using an elevated CMD prompt with KACE? 

Thanks

James

Asked 4 years ago 1623 views
0 Comments   [ + ] Show comments

Answers (2)

Posted by: RandomITdude24 4 years ago
4th Degree Black Belt
2

I got it to work with the following


Hz5i1aAzMgPR80MGtPsdAwAAdFSnD0UAAAAAcC54pggAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANiY9P8DFKTZBUgTCR4AAAAASUVORK5CYII=

Posted by: flip1001 4 years ago
Black Belt
1

Try replacing $(KACE_SYS_DIR) and C:\Windows\System32 with C:\Windows\Sysnative

Comments:
  • Hello,

    Thank you for your response unfortunately this has not worked either. - Morpheus83uk 4 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ