Download of Autorunsc64.exe Incorrectly Uses HTTPS

palantir / windows-event-forwarding

A repository for using windows event forwarding for incident detection and response

Other

1.22k stars 267 forks source link

Download of Autorunsc64.exe Incorrectly Uses HTTPS #54

Open null-default opened 3 years ago

null-default commented 3 years ago

The following line of AutorunsToWinEventLog/Install.ps1 fails, due to live.sysinternals.com being hosted over HTTP and not HTTPS:

Invoke-WebRequest -Uri "https://live.sysinternals.com/autorunsc64.exe" -OutFile "$autorunsPath"

Fix should be as simple as changing the URI to http:// instead of https://.

clong commented 3 years ago

live.sysinternals.com should be hosted on both HTTP and HTTPS, but they seem to be having a fair amount of HTTPS downtime lately. The correct fix here is to add a failover to HTTP.

null-default commented 3 years ago

@clong is correct. #55 adds the HTTP failover, addressing this issue.

spanningtrees42 commented 1 year ago

In admin command prompt I'm getting error: "mc : error: 0x2 trying to open file ." I successfully opened and saved it in ecmangen and closed it so I don't think it's due to the file being open/in-use. I'm doing this on a Windows 10 v22H2 pc with internet access running SDK v10.0.26624(It's actually an earlier version, Microsoft posted an update saying this is expected behavior to display a higher number when it's actually lower.) The WEF server I built doesn't have that access.