I would like to detect malware in this directory : c:\user\"login\AppData\Local\Temp
Could you help me for create a custom inventory rule for list all executable files in this directory ?

I have found this CIR :
ShellCommandTextReturn(c:\windows\system32\wbem\WMIC.exe datafile WHERE "drive='c:' AND path like '\\users\\%%' AND Extension='exe'" get name)

Thanks in advance
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


Please log in to comment
Admin Script Editor
Admin Script Editor is an integrated scripting environment available free here at ITNinja