agampher
commented
4 years ago I've had the same experience recently with Windows 2016.
Open kiriswiss opened 4 years ago
agampher
commented
4 years ago I've had the same experience recently with Windows 2016.
davidande
commented
4 years ago You can try my script as it does not use deprecated commands
Strelok27
commented
4 years ago Just want to chime in that I'm having the same issue (Server 2016)
kiriswiss
commented
4 years ago Hi Davidande, Thanks for your script. But I made some modifications to the 'main' script as we need to download the file first, check it and then implement it. Our Fileservers do not have direct access to the internet. If you can let me know in your script how to import an existing file and I will give it a try. Otherwise does anyone have a fix yet for the existing script? Thanks Andre
hcz8x
commented
4 years ago It had problem with get.json. PS can't process character "<" and ">", at "*._NEMTY_<*>_".
Temporary solution:
$jsonStr = Invoke-WebRequest -Uri https://fsrm.experiant.ca/api/v1/get
to
$jsonStr = Invoke-WebRequest -Uri $PSScriptRoot\get.jsonHope this helps you!
freezscholte
commented
4 years ago I also just fixed this issue an hour ago with the same fix as @crazyheo , we download our own list from fsrm.experiant.ca en host it on our own webservers, just in case the list goes offline or that something like this happens. I filtered ".NEMTY<>_" from our list and everything work again. It is in my opinion a single point of failure that when a extension cant be parsed or that the list is not online the file screens are not created anymore.
kiriswiss
commented
4 years ago Thanks guys for your support and help. Yes it is indeed the part .NEMTY<>_ As soon as I removed the <> all works again. Hope that this fix will be soon implemented on main file which we download once a week. But once again: Thanks, you saved my day
freezscholte
commented
4 years ago @kiriswiss
$jsonStr = Invoke-WebRequest -Uri https://fsrm.freez.it $monitoredExtensions = @(ConvertFrom-Json20 $jsonStr | ForEach-Object { $_.filters } )
After the above line you could also add this script line
$monitoredExtensions = $monitoredExtensions -replace '[<>]'
It will filter out the <> characters
JKMUser
commented
4 years ago Hi there,
I've changed the problem entry to remove the <> characters and the filter is now ._NEMTY
SparkyzCodez
commented
4 years ago I wrote a new PowerShell script that uses only W2012 and above commands. No filescrn.exe, no 4kb limits, and a boatload of additional options and features including honeypots. I test every revision on both W2012(r1) and r2, 2016, and 2019. It uses a JSON file that stays on your system and get's updated from Experiant. If Experiant is off-line then you are still protected. I also have a Python script that will search your entire system for any signs of ransomware files. It will scan 2.5 million files in about 2 minutes. using the VoidTools EverythingSearch engine. I hope you will all take a look and get involved.
freezscholte
commented
4 years ago I wrote a new PowerShell script that uses only W2012 and above commands. No filescrn.exe, no 4kb limits, and a boatload of additional options and features including honeypots. I test every revision on both W2012(r1) and r2, 2016, and 2019. It uses a JSON file that stays on your system and get's updated from Experiant. If Experiant is off-line then you are still protected. I also have a Python script that will search your entire system for any signs of ransomware files. It will scan 2.5 million files in about 2 minutes. using the VoidTools EverythingSearch engine. I hope you will all take a look and get involved.
Hi SparkyCodez, i'm gonna take a look at your script. Thanks for mentioning.
kiriswiss
commented
4 years ago Thank you all for your support, help and new scripts... it's much appreciated.
Hi Everyone, we import this script on a weekly basis. Since two weeks it does not work anymore, and I have no idea why. The script creates the file groups, but it fails with creating the file screen templates. When I check the script, this is the output:
Adding/replacing [Active] File Screen Template [CryptoBlockerTemplate] with eMail Notification [C:\Users\ADM_U3~1\AppData\Local\Temp\6\tmpEmail001.tmp] and Event Notification [C:\Users\ADM_U3~1\AppData\Local\Temp\6\tmpEvent001.tmp]..
This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in the FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.
This tool is deprecated and may be removed in future releases of Windows. Please use the Windows PowerShell cmdlets in the FileServerResourceManager module to administer File Server Resource Manager functionality. The requested object was not found.
Does anyone have any idea? The part from the script is exactly the same as it was a few weeks back. The only thing what we have changed is that we download the pattern file first, check it and then import it. But this was working as well just fine till two weeks ago.
For me it does somehow not create the following files under my user account [C:\Users\ADM_U3~1\AppData\Local\Temp\6\tmpEmail001.tmp] [C:\Users\ADM_U3~1\AppData\Local\Temp\6\tmpEvent001.tmp]
Any help would be appreciated Thanks in advance Andre