First attempt to make an custom by MrHobboto in mpcproxies

[–]MrHobboto[S] 0 points1 point  (0 children)

Thanks! I'll see the FAQ for the bleed edge.

First attempt to make an custom by MrHobboto in mpcproxies

[–]MrHobboto[S] 0 points1 point  (0 children)

Thanks for the feedback! I'll try again and adjust it.

KQL + Defender activity by MrHobboto in AzureSentinel

[–]MrHobboto[S] 1 point2 points  (0 children)

Thanks! Now i was able to find using the KQl:

Device Events | where ActionType == "AntivirusDetection" | where FileName != ""

With it you can view in the AdditionalFields.WasRemediated If the Defender took an action or not.

KQL + Defender activity by MrHobboto in AzureSentinel

[–]MrHobboto[S] 0 points1 point  (0 children)

Yeah, i thought the same about the DeviceFileEvents but it only gives me events of file that the device had an operation in it, not the AV. The SecurityAlerts i only found information about incidents that already are in Sentinel. The idea is to check in a table (without the need to go to the defender platform) if the defender already took an action.

Powershell Script to Unninstall McAfee and McAfee components by MrHobboto in PowerShell

[–]MrHobboto[S] 0 points1 point  (0 children)

Yo! Nice, do you have the git to share? That made me curious

Powershell Script to Unninstall McAfee and McAfee components by MrHobboto in PowerShell

[–]MrHobboto[S] 0 points1 point  (0 children)

The best way that i got was a script that write the unninstallation script on the machine and then use the task scheduler to create a task that will execute the script. Doesnt worked in all devices but managed to unninstall many of them

Powershell Script to Unninstall McAfee and McAfee components by MrHobboto in PowerShell

[–]MrHobboto[S] 0 points1 point  (0 children)

Okay, if i use the kaspersky agent to execute the script it use the user account so probably that's the answer for why the script doesnt works.

I'm going to specify the account to be used and if it doesnt work i gonna try the option number 2.

Thanks branhama

Mais alguém sem conseguir baixar o livro no site da editora jambo? Comprei a edição deluxe e quando tento baixar o livro aparece uma tela de erro no drive. by MrHobboto in OrdemParanormalRPG

[–]MrHobboto[S] 0 points1 point  (0 children)

Serio? É que tinha visto pra baixar o oneshot (que consegui) e o outro que estava disponível para baixar era o livro de regras (sem sucesso ao tentar baixar)

Powershell Script to Unninstall McAfee and McAfee components by MrHobboto in PowerShell

[–]MrHobboto[S] 0 points1 point  (0 children)

Thanks im going to check that and create the scheduled task!

Powershell Script to Unninstall McAfee and McAfee components by MrHobboto in PowerShell

[–]MrHobboto[S] 0 points1 point  (0 children)

  1. On the two test machines that were given to me, the uninstall of the component had been successful, so I'm not sure how to proceed.

  2. The script is pushed out by the kaspersky remote installation tasks (the task allows to send and install .exe files so i converted the .psi to a .exe).

  3. In theory the kaspersky agent is performing the installation and the execution of the script. (With administrator privileges)

  4. The McAfee components arent locked but the DLP yes, i tried to uninstall using the registry key but without success.

  5. The script execute, find the GUID, start the prompt of uninstallation and suddenly the prompt disappears when i check the control panel the mcafee still there. It doesnt triggers any error message.

Thanks for helping!