Index

Intel SA 00086 Vulnerability Scan

Scan Endpoint for Intel SA 00086

Description

This Agent Procedure will scan the endpoint for the Intel-SA-00086 Vulnerability. It downloads and execute the tool from Intel (https://downloadcenter.intel.com/download/27150) to scan the endpoint.
A requirement prior to executing the procedure is to create a new custom field called "Intel Vulnerability" as a string. The procedure will then update the custom field to let you know if the endpoint is Safe, Vulnerable, Potentially Vulnerable or if the tool could not scan it.
You can find some information about the Vulnerability in this Intel Article: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html

Developer
  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Intel SA 00086 Vulnerability Scan
  • 43 Downloads
  • Released on December 1st, 2017
  • Reviews

    Intel SA 00086 Vulnerability Scan has no reviews.

    Discussion
    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    This is working on some machines but how do we run a report or use the advanced view filter correctly? It seems to not filter correctly.
    Also getting lots of script failures for different machines all saying:
    FAILED in processing THEN step 8, Get Variable, with error File Open Failed, Get content from file c:\kworking\intel.txt (Line 15)

    Gravatar for Chase Mendoza
    Chase Mendoza 12 months ago

    I noticed the same thing too. In my environment, it only works on Windows 10 so check if it is the same case for you.
    I have been tweaking the procedure as I write this and think I have a work around for this problem.

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    Yes it seems to only be Windows 10, how do you have it working on all Operating systems?
    Also, did you figure out the filter view to show all vulnerable or potentially vulnerable. We need a view or a report we can run after this.

    Gravatar for Chase Mendoza
    Chase Mendoza 12 months ago

    I don't have it working on all yet. I am testing a few things and should get it working here shortly. I cant add photos here so I can't show you how to get the view to work but I believe I know the issue you are having.

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    Can you email me screenshots for the view? jpate@teamlogicit.com

    Gravatar for Jonathan Haase
    Jonathan Haase 12 months ago

    TO fix it not running on anything other than windows 10 see the modification I recommended in the thread on the kaseya forums *here*. https://community.kaseya.com/xsp/f/28/t/23684.aspx.

    The view should be relatively simple, looking at the contents of the systeminfo column "Intel Vulnerability"

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    What are you using to edit? I see all this "

    Gravatar for Tom Schrader
    Tom Schrader 12 months ago

    After you import it into Kaseya, you can edit it at Agent Procedures>Schedule Create

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    I like that idea better, but when I click on edit procedure or view procedure I get a large exclamation mark in a circle.
    I will restart my browser and try again.

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    It works after editing in Kaseya.
    It runs on all devices it seems and the view works as well.
    I need to try and make a report that will show a pie chart of vulnerable and not vulnerable.

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    Line 8 for me is now:

    echo {(Get-ItemProperty "HKLM:\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00086 Discovery Tool\System Status" -Name "System Risk")."System Risk" ^| Out-File #vAgentConfiguration.agentTempDir#\Intel.txt} >>>> #vAgentConfiguration.agentTempDir#\Inteltest.ps1

    Gravatar for John2E
    John2E 12 months ago

    I have the same issue as Joseph Pate last comment re: Failed Then Step 8 ...its like intel.txt is not being created so the value cant be pulled from it...not clear why though.

    Gravatar for Douglas Sanchez
    Douglas Sanchez 12 months ago

    The reason the script doesn't work on some machines is because it requires an updated Powershell. Windows 10 is on Powershell 5.0 by default, Windows 7 on 2.0. I advise upgrading Powershell in these endpoints and trying again. I published a procedure on the exchange to update Powershell to 5.0

    Gravatar for Joseph Pate
    Joseph Pate 12 months ago

    The changes allow it to work on all machines now, however we had 4 or 5 machines running 1-2 instances of the processes that would not go away and used up 100% cpu locking up the computers/servers.
    Killing the task removed the issue, but I am not sure how to stop it from going forward unless we included a taskkill after a wait period?

    This in the background command prompt worked but I am not good at scripting and adding a wait 60 seconds then run that:
    taskkill /IM Intel-SA-00086-console.exe /F

    Gravatar for Youri
    Youri 11 months ago

    @douglas Sanchez: script doesn't work on my own machine, i've windows 10 pro 64 bit on a hp probook 650 g2. Gives : Failed THEN in step 8 (line 15)”.

    Gravatar for John2E
    John2E 10 months ago

    Is there a "final" current solution for this script that does not require updating powershell to v5 on Win7 machines? I agree with the poster on the other thread that it makes more sense to alter your script @DouglasSanchez to be backward compatible than to upgrade 1,700 systems to powershell v5, then run this script. Anyone?

    Thank you.

    Gravatar for Douglas Sanchez
    Douglas Sanchez 10 months ago

    @John2E I have actually altered the script as per the recommendation so that it does not require Powershell 5.0. I forgot to mention it here in the comment and edit the post. Doing that right now.

    Gravatar for John2E
    John2E 10 months ago

    @DouglasSanchez - Thank you. This script is extremely helpful. I appreciate your good work and sharing with the community.