Loading...

Removing automatically Proactive Remediation scripts after execution on devices

Reply A+ A-


In this post I will show you a quick way to remove a Proactive Remediation script after its execution on devices.


Context

- You have created Proactive Remediation script

- It will be executed on devices

- It contains information you don't want to share

- You don't want other people can access to it

- You want to remove both detection and remediation scripts


Why removing script ?

See below some reasons of why removing Proactive Remediation script after its execution:

- This script contains information you don't want to share

- You don't want other people can access to it

- The script contains credentials 

- The script contains Azure App info

- The script contains BIOS password


The UserVoice

You can find there a UserVoice, feedback I opened for this.


Get the script

Click on the below GitHub picture to get the script


The solution

Add the code from the script available in the download link in your detection or remediation script.

You can also find the code here below:

It works as below:

1. Get the Proactive Remediation script current path

2. Export a script in %temp% folder

3. Run script once detection/remediation script is finished


The exported script will proceed as below:

1. It contains remediation script current path  

2. Remove current remediation script folder

Proactive_Remediations 1082678554722196551

Enregistrer un commentaire

Accueil item

Award

Learn KQL in one month

Sponsors

You want to support me ?

Mes articles en français

Books in French


Stats