SkipList.txt only works if the file extension is pulled from API

[Gaz1986]

Anyone else had issues when adding file extensions not pulled from the API, i.e. *.doc?

For example I've noticed .one has been added (OneNote) which I've added to the list but it only excludes from FileGroup2 if the other extensions in SkipList that do not exist in the list of extensions pulled from the API have been removed, for example I've added .doc, *.iso etc. to SkipList and it doesn't work with these extensions exist in SkipList.

Cheers,

[Peck49]

Are you re-running the script after you made the adjustment to SkipList.txt? I apologize for the simple nature of the question. It's just that I'm not seeing that behavior in my implementation...

[Gaz1986]

Yes, I have the script run twice a day, so updated SkipList.txt, re-ran and noticed .one is in FileGroup2 when adding other extensions, when SkipList.txt just has .one the extension is not in FileGroup2.

So when it works, SkipList.txt contains:

*.one

When it doesn't work. SkipList.txt contains:

.bak .iso .docx .doc .xlsx .other extensions.... *.one

When SkipList.txt contains:

.one .OMG!

both of these extensions do not appear in FileGroup2.

Cheers,

[JustinCochran]

When I ran it I noticed that it puts the skip list.txt in the windows/system32 directory. So I changed he code to specify the full path to the file and then it worked.

Do a search on your computer for that file and see if it's in multiple locations.

[Peck49]

I have a test server up in my environment. I'll play with it later today and see if I can recreate it...

[Gaz1986]

Yes I had noticed that too, at the very beginning of the script I have: cd C:\FolderName and can see when I delete SkipList it recreates it in this folder.

Here's the code I'm using regarding SkipList:

Download list of CryptoLocker file extensions

$webClient = New-Object System.Net.WebClient $jsonStr = $webClient.DownloadString("https://fsrm.experiant.ca/api/v1/get") $monitoredExtensions = @(ConvertFrom-Json20 $jsonStr | ForEach-Object { $_.filters })

If (Test-Path .\WhiteList.txt) { $Exclusions = Get-Content .\WhiteList.txt | ForEach-Object { $.Trim() } $monitoredExtensions = $monitoredExtensions | Where-Object { $Exclusions -notcontains $ }

} Else { $emptyFile = @' *.one '@ Set-Content -Path .\WhiteList.txt -Value $emptyFile }

Split the $monitoredExtensions array into fileGroups of less than 4kb to allow processing by filescrn.exe

$fileGroups = @(New-CBArraySplit $monitoredExtensions)

Perform these steps for each of the 4KB limit split fileGroups

ForEach ($group in $fileGroups) { Write-Host "Adding/replacing File Group [$($group.fileGroupName)] with monitored file [$($group.array -Join ",")].." &filescrn.exe filegroup Delete "/Filegroup:$($group.fileGroupName)" /Quiet &filescrn.exe Filegroup Add "/Filegroup:$($group.fileGroupName)" "/Members:$($group.array -Join '|')" &filescrn.exe Filegroup Add "/Filegroup:$($group.fileGroupName)" }

Cheers,

[Peck49]

Another question. I assume you scheduled the script through task scheduler. Did you specify the "Start in" directory in your scheduled task?

[Gaz1986]

So I'm using a remote management agent to run the script, but can confirm it runs in the correct directory as it creates the relevant skiplist file and also exports the Template and Filegroups to XML files in the correct folder location at the end of the script.

Cheers,

[andi-blafasl]

I also had the Problem that the SkipList.txt was created and read from c:\windows\system32\ instead of the Script directory. I had setup the Task in Task Scheduler with the optional "Start in" Parameter, but this does not work (at least with Server 2008 R2). I would suggest to update the Skript with the absolute path to the SkipList instead of the relative path!

There is a Pull Request with the changes for absolute path.