From f62a7a3dda5aa1d4479c383cbe9767d7f194d903 Mon Sep 17 00:00:00 2001 From: tobor Date: Tue, 5 Sep 2023 11:26:34 -0600 Subject: [PATCH] Update Install.ps1 --- AutoRunsToWinEvent/Install.ps1 | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/AutoRunsToWinEvent/Install.ps1 b/AutoRunsToWinEvent/Install.ps1 index 46a3588..0151658 100644 --- a/AutoRunsToWinEvent/Install.ps1 +++ b/AutoRunsToWinEvent/Install.ps1 @@ -1,10 +1,11 @@ Write-Verbose -Message "[v] Create Program Files directories for Autoruns" $AutoRunsDir = "$env:ProgramFiles\AutorunsToWinEventLog" +$TaskName = "AutorunsToWinEventLog" New-Item -Path $AutoRunsDir -ItemType Directory -Force -ErrorAction SilentlyContinue | Out-Null Write-Verbose -Message "[v] Download Autorunsc64.exe if it doesn't exist" -$OSArchitecture = (Get-CimInstance -ClassName Win32_OperatingSystem).OSArchitecture -$AutrunsExecutable = "Autorunsc64.exe" +$OSArchitecture = (Get-CimInstance -ClassName Win32_OperatingSystem -Verbose:$False).OSArchitecture +$AutorunsExecutable = "Autorunsc64.exe" If ($OSArchitecture -notmatch "64") { $AutorunsExecutable = "Autorunsc.exe" @@ -15,17 +16,30 @@ $AutorunsPath = "$($AutoRunsDir)\$($AutorunsExecutable)" If (!(Test-Path -Path $AutoRunsPath)) { [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12 - Invoke-WebRequest -Uri "https://live.sysinternals.com/$($AutorunsExecutable)" -OutFile "$AutoRunsPath" -Method GET -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox + Invoke-WebRequest -Uri "https://live.sysinternals.com/$($AutorunsExecutable)" -OutFile $AutoRunsPath -Method GET -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox } # End If +Remove-Item -Path "$AutorunsDir\AutorunsToWinEventLog.ps1" -Force -ErrorAction SilentlyContinue | Out-Null +Start-Sleep -Seconds 1 Invoke-WebRequest -Uri "https://raw.githubusercontent.com/OsbornePro/BTPS-SecPack/master/AutoRunsToWinEvent/AutorunsToWinEventLog.ps1" -Method GET -UserAgent [Microsoft.PowerShell.Commands.PSUserAgent]::FireFox -OutFile "$AutorunsDir\AutorunsToWinEventLog.ps1" -$Action = New-ScheduledTaskAction -Execute "powershell" -Argument "-NoLogo -NonInteractive -WindowStyle Hidden C:\PROGRA~1\AutorunsToWinEventLog\AutorunsToWinEventLog.ps1" +$Action = New-ScheduledTaskAction -Execute powershell -Argument "-NoLogo -NonInteractive -WindowStyle Hidden $AutorunsDir\AutorunsToWinEventLog.ps1" $Trigger = New-ScheduledTaskTrigger -Daily -At 10am $Principal = New-ScheduledTaskPrincipal -UserId "NT AUTHORITY\SYSTEM" -RunLevel Highest -LogonType ServiceAccount -Register-ScheduledTask -TaskName "AutorunsToWinEventLog" -Action $Action -Trigger $Trigger -Principal $Principal +Try { + Register-ScheduledTask -TaskName $TaskName -Action $Action -Trigger $Trigger -Principal $Principal + +} Catch [Microsoft.Management.Infrastructure.CimException] { + + Write-Verbose -Message "[v] Task already exists" + +} Catch { + + $Error[0] + +} # End Try Catch Catch $Settings = New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -Hidden -ExecutionTimeLimit (New-TimeSpan -Minutes 60) -RestartCount 1 -StartWhenAvailable -Set-ScheduledTask -TaskName "AutorunsToWinEventLog" -Settings $Settings +Set-ScheduledTask -TaskName $TaskName -Settings $Settings