/build/static/layout/Breadcrumb_cap_w.png

strange script being run by the agent

Windows 10 PCs, agent version 11.0.119

In a meeting today with our antivirus company, we were being shown some new features for white listing/black listing scripting.  One of the scripts that showed up (and was by default being blocked) was a powershell script named temp_script.ps1, and it was being executed out of C:\programdata\Quest\Kace\user.  Searching that directory yielded some log files but no script (so I'm assuming it's being generated on the fly as our AV isn't quarantining it, just not letting it run).  Can someone tell me what this script does?  I don't think it's something we created, as there's nothing in our scripting section of the K1100 with that name (and I don't think those scripted execute from that directory anyway).  Any thoughts?  Thanks.


0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: KevinG 5 days ago
10th Degree Black Belt
1

Every single PowerShell command used to get inventory is written to a temp script first and then executed.


Comments:
  • cool beans, thanks for the info! - scragman 5 days ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ