Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Swiftyyyy
Collaborator

Working with .bat files

Hi,

I'm looking for a workflow suggestion.
We're managing an environment with Harmony Endpoint, however in that environment there's a strong need for tasks to be performed through batch files.
The issue is that Threat Emulation (very) often grabs these .bat files, despite them being written by a trusted administrator internally.

Now of course we could create an exclusion for the directory the admin writes the files in, but that only resolves the "creation" part, the issue is also quite often the distribution and successful execution after the fact.

We could suggest a move to Powershell scripts which can be signed by the organizations internal PKI, however would that be any guarantee that they wont trigger remediation on Threat Emulation regardless?

In interest of maintaing a secure environment the customer is willing to adjust their workflow, but I'd like to at least meet them half way and provide a workflow which will genuinely work.

We can add the signature into Forensics as an exclusion, but what good does that do if it's Threat Emulation that does the matching, unless a file being signed with the chain of trust valid also helps with TE.

Regards,

0 Kudos
3 Replies
G_W_Albrecht
Legend
Legend

0 Kudos
Swiftyyyy
Collaborator

Ah, sorry for the misunderstanding; I was referring to executing these scripts through a different deployment method, not via Push Operation.

Soo.. in summary, how can I ensure that our internal scripts are trusted by the Harmony Endpoint agent (and not immediately remediated) when ran through other deployment tools.

0 Kudos
G_W_Albrecht
Legend
Legend

Open a SR# with TAC to learn that - i can only suggest to use sk173414 as this push operation has been created for a purpose 😎

CCSE CCTE CCSM SMB Specialist
0 Kudos