Atm we have a problem with ppl playing games on our network. So i've made this cunning batch file that continuosly scans the network and mails me if anyone is running certain files.
Need:
psexec, pslist from pstools
Blat (commandline mailer)
in this case the exe file is called "elma"
:loop
@echo off
For /F %%a in ('net view ^| find "\\" ') do (
if exist temp.$$$ del temp.$$$
pslist %%a | find "elma" /I && echo "elma running on" >> temp.$$$ && echo %%a >> temp.$$$ && psexec %%a %comspec% /c set | find "userprofile" /I >> temp.$$$ && blat temp.$$$ -to andy@ourwebserver -server 192.168.0.15 -f academic\administrator -q
)
goto loop
this code is provided "as is" in that it's working for me.
usually when i find the program i use pskill to kill it & then quickly delete it thru the admin share.
===============
Security Forums
Need:
psexec, pslist from pstools
Blat (commandline mailer)
in this case the exe file is called "elma"
:loop
@echo off
For /F %%a in ('net view ^| find "\\" ') do (
if exist temp.$$$ del temp.$$$
pslist %%a | find "elma" /I && echo "elma running on" >> temp.$$$ && echo %%a >> temp.$$$ && psexec %%a %comspec% /c set | find "userprofile" /I >> temp.$$$ && blat temp.$$$ -to andy@ourwebserver -server 192.168.0.15 -f academic\administrator -q
)
goto loop
this code is provided "as is" in that it's working for me.
usually when i find the program i use pskill to kill it & then quickly delete it thru the admin share.
===============
Security Forums