Scripting Question

Custom inventory rule for list exe files in a directory

06/15/2015 2401 views
I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?

I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)

Thanks in advance
0 Comments   [ + ] Show comments


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ