search

NextronSystems / aurora-agent-lite

Repository to handle issues with our free EDR agent Aurora Lite
26 stars 0 forks source link

AURORA: Error MODULE: Aurora-Agent MESSAGE: unknown command "exclude" for "aurora-agent-util" #4

Open wikijm opened 1 year ago

wikijm commented 1 year ago

Hi,

I tried to exclude processes related to my cybersecurity suite due to rule 'Potential Antivirus Software DLL Sideloading' (quite efficient, but generates too much alarms for me).

Procedure I followed: https://aurora-agent-manual.nextron-systems.com/en/latest/usage/aurora-agent-util.html#excluding-processes

I'm facing error message below:

PS C:\Program Files\Aurora-Agent> .\aurora-agent-util.exe exclude
Error: unknown command "exclude" for "aurora-agent-util"
Run 'aurora-agent-util --help' for usage.
Feb  5 09:08:16 [REDACTED] AURORA: Error MODULE: Aurora-Agent MESSAGE: unknown command "exclude" for "aurora-agent-util"

Result of 'version' command:

PS C:\Program Files\Aurora-Agent> .\aurora-agent-util.exe version
      ___                                  __    _ __
     /   | __  ___________  _________ _   / /   (_) /____
    / /| |/ / / / ___/ __ \/ ___/ __ `/  / /   / / __/ _ \
   / ___ / /_/ / /  / /_/ / /  / /_/ /  / /___/ / /_/  __/
  /_/  |_\__,_/_/   \____/_/   \__,_/  /_____/_/\__/\___/

  Aurora Agent Lite Version 1.1.5 (2a65c69d13bed), Signature Revision 2023/02/04-190348 (Sigma 0.22-1986-gfebefa7e0)
  (C) Nextron Systems GmbH, 2022

Result of 'upgrade' command:

PS C:\Program Files\Aurora-Agent> .\aurora-agent-util.exe upgrade
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: License file found OWNER: [REDACTED] VALID: true VALID_FROM: [REDACTED] VALID_TO: [REDACTED]
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: Checking for new version PRODUCT: aurora-agent-lite-win
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: Already up to date PRODUCT: aurora-agent-lite-win VERSION: 1.1.5
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: No Aurora Agent upgrade available, checking for signature update
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: License file found OWNER: [REDACTED] VALID: true VALID_FROM: [REDACTED] VALID_TO: [REDACTED]
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: Checking for new version PRODUCT: aurora-signatures-lite
Feb  5 09:18:47 [REDACTED] AURORA: Info MODULE: Aurora-Agent MESSAGE: Already up to date PRODUCT: aurora-signatures-lite VERSION: 23.2.4-190347

Is it due to the use of Free version?

Regards, WikiJM

Neo23x0 commented 1 year ago

I think it's an error that this function is not included in the free version. We're gonna fix this soon. But it's anyway just a shortcut to add entries to the config file conf/process-excludes.cfg which I see is undocumented 🙄.

Screenshot 2023-02-05 at 11 16 25 Screenshot 2023-02-05 at 11 17 07
wikijm commented 1 year ago

Thanks for your answer! Sounds good to me, ticket can be closed at your convenience.

Have a nice weekend 😃