Pattern download and then implement

[kiriswiss]

Hi everyone, our Management would like that we first download the script to our local Server, check it first if all is OK and then implement the script in our FSRM. Has anyone done something similiar or am I the first one with this requirement?

Thanks for any answer Regards Andre

[Rooven-tech]

Hi,

I think what you want to do is first is save the JSON file to the server and give it a name such as C:\Preview\BlockList.txt

Then edit your script so it looks like this

# Download list of CryptoLocker file extensions
Write-Host "`n####"
$monitoredExtensions = Get-Content C:\Preview\BlockList.txt

[kiriswiss]

Thanks for this update and sorry for late response. We would like to implement as well an automatic download of the pattern. But when I click on https://fsrm.experiant.ca/api/v1/get it tells me File not found. Is there a direct download link to download the file.... https://fsrm.experiant.ca/api/v1/get/get.json ==> file not found thanks for an update Andre

[jkmurphy1]

First link you provided works when I click on it.

On Fri, Jul 12, 2019, 4:14 AM kiriswiss notifications@github.com wrote:

Thanks for this update and sorry for late response. We would like to implement as well an automatic download of the pattern. But when I click on https://fsrm.experiant.ca/api/v1/get it tells me File not found. Is there a direct download link to download the file.... https://fsrm.experiant.ca/api/v1/get/get.json ==> file not found thanks for an update Andre

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/nexxai/CryptoBlocker/issues/66?email_source=notifications&email_token=AAYMOK5L227JTI7DN7OXGULP7BDOFA5CNFSM4GDHOYY2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODZZGSWY#issuecomment-510814555, or mute the thread https://github.com/notifications/unsubscribe-auth/AAYMOKZAC6RWSN43LYKKID3P7BDOFANCNFSM4GDHOYYQ .

[kiriswiss]

OK, yes I was able to download the file now... and I called it get.txt When I change my powershell script, I get now following error: Program 'filescrn.exe' failed to run: The filename or extension is too longAt C:\Scripts\Ransom\Test.ps1:254 char:5

• &filescrn.exe Filegroup Add "/Filegroup:$($group.fileGroupName)" ...

• 
  At C:\Scripts\Ransom\Test.ps1:254 char:82

• ... legroup:$($group.fileGroupName)" "/Members:$($group.array -Join '|')"

• 
  + CategoryInfo          : ResourceUnavailable: (:) [], ApplicationFailedException
  + FullyQualifiedErrorId : NativeCommandFailed

Line 214: $monitoredExtensions = Get-Content C:\Scripts\Ransom\get.txt Line 254: &filescrn.exe Filegroup Add "/Filegroup:$($group.fileGroupName)" "/Members:$($group.array -Join '|')"

What do I need to change? Thanks Andre

[Rooven-tech]

Try this script to download file. You will need to edit line 14 for path

`Function ConvertFrom-Json20 {

Deserializes JSON input into PowerShell object output

Param (
    [Object] $obj
)
Add-Type -AssemblyName System.Web.Extensions
$serializer = New-Object System.Web.Script.Serialization.JavaScriptSerializer
return ,$serializer.DeserializeObject($obj)

}

$jsonStr = Invoke-WebRequest -Uri https://fsrm.experiant.ca/api/v1/get -UseBasicParsing $monitoredExtensions = @(ConvertFrom-Json20 $jsonStr | ForEach-Object { $_.filters }) $monitoredExtensions | Out-file -filepath C:\path\get.txt`

[kiriswiss]

Thanks mate, you saved my weekend. Great, it works