Important Notice: On February 29th, this community will be put into read-only mode. All existing posts will remain but customers will be unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Remote Malware Scanning/Removal

Just thought I'd share the packages I made to remotely scan machines for malware using Emisoft Emergency Kit.  They have a home version that is free, or a paid version for use in corporate environments.  It's affordable and seems to work well so far.  It's been about on par with Malwarebytes.

The first thing you'd need to do is download the free version or pay for the Pro version.

https://www.emsisoft.com/en/software/eek/

Download, extract and copy to your repository.  You'll have to modify the paths in the XML to refelect your environment.

Change \\yourserver\yourshare in the XML

The XML has 4 packages, this could be streamlined I'm sure but this is how I did it.

2 packages for systems with no logged in user, these run as the deploy user. One package scans only and the other will scan and quarantine.

2 packages for systems with a user logged in. These packages run in the logged in users context, which usually provides better results with malware removal. One package scans only and the other scans and quarantines.

The packages will

  • Copy the EEK to the targets %windir%\temp directory
  • Grab a list of pre-scan processes running and log to the file share
  • Run the EEK and scan only or scan/quarantine (quarantine is encrypted and saved to file share)
  • Grab a list of post-scan processes running and log to the file share

This could be changed to scan/clean instead of quarantine.  There are some other command line switches available also.  I manually update my definitions, but you can have that occur at run-time if your clients have access to download.  I prefer manual to speed up the process.

See here and scroll down:
https://www.emsisoft.com/en/software/cmd/

You can download the packages XML file here:
https://drive.google.com/file/d/0B76eqSbPPtCjWWVPRXFnZVZkRjA/view?usp=sharing

Hopefully this helps someone else wanting to perform remote remediation without a full on setup of Malwarebytes Enterprise, Webroot or the like.

0

Comments

1 comment
Date Votes
  • Can you provide a step by step process on how to go about doing this? Where will the .XML file resides? What will the name of the .XML be called?

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post