Index

Intel SA 00086 Vulnerability Scan

Scan Endpoint for Intel SA 00086

Description

This Agent Procedure will scan the endpoint for the Intel-SA-00086 Vulnerability. It downloads and execute the tool from Intel (https://downloadcenter.intel.com/download/27150) to scan the endpoint.
A requirement prior to executing the procedure is to create a new custom field called "Intel Vulnerability" as a string. The procedure will then update the custom field to let you know if the endpoint is Safe, Vulnerable, Potentially Vulnerable or if the tool could not scan it.
You can find some information about the Vulnerability in this Intel Article: https://www.intel.com/content/www/us/en/support/articles/000025619/software.html
The script requires Powershell 5.0 to successfully run, Windows 7 endpoints are by default on Powershell 2.0

Categories
Developer
  • Name: Douglas Sanchez
  • Company: Kaseya
  • Website: http://www.kaseya.com
  • Contact Developer
  • Summary
  • Intel SA 00086 Vulnerability Scan
  • 20 Downloads
  • Released on December 1st, 2017
  • Reviews

    Intel SA 00086 Vulnerability Scan has no reviews.

    Discussion
    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    This is working on some machines but how do we run a report or use the advanced view filter correctly? It seems to not filter correctly. Also getting lots of script failures for different machines all saying: FAILED in processing THEN step 8, Get Variable, with error File Open Failed, Get content from file c:\kworking\intel.txt (Line 15)

    Gravatar for Chase Mendoza
    Chase Mendoza 3 days ago

    I noticed the same thing too. In my environment, it only works on Windows 10 so check if it is the same case for you. I have been tweaking the procedure as I write this and think I have a work around for this problem.

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    Yes it seems to only be Windows 10, how do you have it working on all Operating systems? Also, did you figure out the filter view to show all vulnerable or potentially vulnerable. We need a view or a report we can run after this.

    Gravatar for Chase Mendoza
    Chase Mendoza 3 days ago

    I don't have it working on all yet. I am testing a few things and should get it working here shortly. I cant add photos here so I can't show you how to get the view to work but I believe I know the issue you are having.

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    Can you email me screenshots for the view? jpate@teamlogicit.com

    Gravatar for Jonathan Haase
    Jonathan Haase 3 days ago

    TO fix it not running on anything other than windows 10 see the modification I recommended in the thread on the kaseya forums *here*. https://community.kaseya.com/xsp/f/28/t/23684.aspx. The view should be relatively simple, looking at the contents of the systeminfo column "Intel Vulnerability"

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    What are you using to edit? I see all this "

    Gravatar for Tom Schrader
    Tom Schrader 3 days ago

    After you import it into Kaseya, you can edit it at Agent Procedures>Schedule Create

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    I like that idea better, but when I click on edit procedure or view procedure I get a large exclamation mark in a circle. I will restart my browser and try again.

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    It works after editing in Kaseya. It runs on all devices it seems and the view works as well. I need to try and make a report that will show a pie chart of vulnerable and not vulnerable.

    Gravatar for Joseph Pate
    Joseph Pate 3 days ago

    Line 8 for me is now: echo {(Get-ItemProperty "HKLM:\SOFTWARE\Intel\Setup and Configuration Software\INTEL-SA-00086 Discovery Tool\System Status" -Name "System Risk")."System Risk" ^| Out-File #vAgentConfiguration.agentTempDir#\Intel.txt} >>>> #vAgentConfiguration.agentTempDir#\Inteltest.ps1

    Gravatar for John2E
    John2E 3 days ago

    I have the same issue as Joseph Pate last comment re: Failed Then Step 8 ...its like intel.txt is not being created so the value cant be pulled from it...not clear why though.

    Gravatar for Douglas Sanchez
    Douglas Sanchez 3 days ago

    The reason the script doesn't work on some machines is because it requires an updated Powershell. Windows 10 is on Powershell 5.0 by default, Windows 7 on 2.0. I advise upgrading Powershell in these endpoints and trying again. I published a procedure on the exchange to update Powershell to 5.0

    Gravatar for Joseph Pate
    Joseph Pate 2 days ago

    The changes allow it to work on all machines now, however we had 4 or 5 machines running 1-2 instances of the processes that would not go away and used up 100% cpu locking up the computers/servers. Killing the task removed the issue, but I am not sure how to stop it from going forward unless we included a taskkill after a wait period? This in the background command prompt worked but I am not good at scripting and adding a wait 60 seconds then run that: taskkill /IM Intel-SA-00086-console.exe /F