In this Blogpost we are creating a Task and a Custom Inventory Dataclass that will help us to find computers affected by the Log4Shell vulnerability.
Before you start implementing this, be aware that this script may take very long to run (depending on multiple factors). You may have to extend the time „Task stops after“ in the advanced options of the Task.
Update: Because of some requests I´ve created a newer Version of the Script with some modifications. Just scroll down to Version 1.1.
Using Custom Inventory it just an additional option to detect the Log4Shell vulnerability.
Step1: Create a Custom Dataclass and add the following attribute
Step2: Copy the following script and paste it into a Run script Task and make sure to change the Script type to Powershell.
The following Powershell Script is based on the work of Jose Espitia with minimal modifications…
$List = [System.Collections.ArrayList]::new()
$TotalResults = [System.Collections.ArrayList]::new()
$Drives = (Get-PSDrive -PSProvider FileSystem | Where-Object { $_.Used -gt 0 }).Root
If(!(Test-Path "$env:SystemDrive\Temp")) { New-Item -ItemType Directory "$env:SystemDrive\Temp" -Force }
ForEach($Drive in $Drives) {
Robocopy $Drive C:\Temp *.jar /s /b /l /fp /xj /ndl /njh /njs /nc /ns | ForEach-Object { $List.Add("$_")} | Out-Null
}
$EncodedHashes = "IyAyLlggdmVyc2lvbnMKCmJmNGY0MTQwMzI4MGMxYjExNTY1MGQ0NzBmOWIyNjBhNWM5MDQyYzA0ZDliY2MyYTZjYTUwNGE2NjM3OWIyZDYgIC4vYXBhY2hlLWxvZzRqLTIuMC1hbHBoYTItYmluL2xvZzRqLWNvcmUtMi4wLWFscGhhMi5qYXIKNThlOWY3MjA4MWVmZmY5YmRhYWJkODJlM2IzZWZlNWIxYjlmMTY2NmNlZmUyOGY0MjlhZDcxNzZhNmQ3NzBhZSAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGExLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMS5qYXIKZWQyODVhZDVhYzZhOGNmMTM0NjFkNmMyODc0ZmRjZDNiZjY3MDAyODQ0ODMxZjY2ZTIxYzJkMGFkZGE0M2ZhNCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGEyLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMi5qYXIKZGJmODhjNjIzY2MyYWQ5OWQ4MmZhNGM1NzVmYjEwNWUyMDgzNDY1YTQ3Yjg0ZDY0ZTJlMWE2M2UxODNjMjc0ZSAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGEzLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMy5qYXIKYTM4ZGRmZjFlNzk3YWRiMzlhMDg4NzY5MzJiYzI1MzhkNzcxZmY3ZGIyMzg4NWZiODgzZmVjNTI2YWZmNGZjOCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE0LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNC5qYXIKN2Q4Njg0MTQ4OWFmZDEwOTc1NzZhNjQ5MDk0YWUxZWZiNzliMzE0N2NkMTYyYmEwMTk4NjFkZmFkNGU5NTczYiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE1LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNS5qYXIKNGJmYjBkNTAyMmRjNDk5OTA4ZGE0NTk3ZjNlMTlmOWY2NGQzY2M5OGNlNzU2YTIyNDljNzIxNzlkM2Q3NWM0NyAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE2LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNi5qYXIKNDczZjE1YzA0MTIyZGFkODEwYzkxOWIyZjM0ODRkNDY1NjBmZDJkZDQ1NzNmNjY5NWQzODcxOTU4MTZiMDJhNiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE3LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNy5qYXIKYjNmYWU0Zjg0ZDQzMDNjZGJhZDQ2OTY1NTRiNGU4ZDIzODFhZDNmYWY2ZTBjM2M4ZDJjZTYwYTQzODhjYWEwMiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE4LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhOC5qYXIKZGNkZTYwMzNiMjA1NDMzZDZlOTg1NWM5Mzc0MGY3OTg5NTFmYTNhM2YyNTIwMzVhNzY4ZDlmMzU2ZmRlODA2ZCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE5LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhOS5qYXIKODUzMzhmNjk0Yzg0NGM4YjY2ZDhhMWI5ODFiY2YzODYyN2Y5NTU3OTIwOWIyNjYyMTgyYTAwOWQ4NDllMWE0YyAgLi9hcGFjaGUtbG9nNGotMi4wLWJpbi9sb2c0ai1jb3JlLTIuMC5qYXIKZGIzOTA2ZWRhZDYwMDlkMTg4NmVjMWUyYTE5ODI0OWI2ZDk5ODIwYTM1NzVmOGVjODBjNmNlNTdmMDhkNTIxYSAgLi9hcGFjaGUtbG9nNGotMi4wLXJjMS1iaW4vbG9nNGotY29yZS0yLjAtcmMxLmphcgplYzQxMWEzNGZlZTQ5NjkyZjE5NmU0ZGMwYTkwNWIyNWQwNjY3ODI1OTA0ODYyZmRiYTE1M2RmNWU1MzE4M2UwICAuL2FwYWNoZS1sb2c0ai0yLjAtcmMyLWJpbi9sb2c0ai1jb3JlLTIuMC1yYzIuamFyCmEwMGE1NGUzZmI4Y2I4M2ZhYjM4Zjg3MTRmMjQwZWNjMTNhYjljNDkyNTg0YWE1NzFhZWM1ZmM3MWI0ODczMmQgIC4vYXBhY2hlLWxvZzRqLTIuMC4xLWJpbi9sb2c0ai1jb3JlLTIuMC4xLmphcgpjNTg0ZDEwMDA1OTFlZmEzOTEzODYyNjRlMGQ0M2VjMzVmNGRiYjE0NmNhZDkzOTBmNzMzNThkOWM4NGVlNzhkICAuL2FwYWNoZS1sb2c0ai0yLjAuMi1iaW4vbG9nNGotY29yZS0yLjAuMi5qYXIKOGJkYjY2Mjg0M2MxZjRiMTIwZmI0YzI1YTU2MzYwMDgwODU5MDBjZGY5OTQ3YjFkYWRiOWI2NzJlYTYxMzRkYyAgLi9hcGFjaGUtbG9nNGotMi4xLWJpbi9sb2c0ai1jb3JlLTIuMS5qYXIKYzgzMGNkZThmOTI5YzM1ZGFkNDJjYmRiNmIyODQ0N2RmNjljZWZmZTk5OTM3YmY0MjBkMzI0MjRkZjRkMDc2YSAgLi9hcGFjaGUtbG9nNGotMi4yLWJpbi9sb2c0ai1jb3JlLTIuMi5qYXIKNmFlM2IwY2I2NTdlMDUxZjk3ODM1YTY0MzJjMmIwZjUwYTY1MWIzNmI2ZDRhZjM5NWJiZTkwNjBiYjRlZjRiMiAgLi9hcGFjaGUtbG9nNGotMi4zLWJpbi9sb2c0ai1jb3JlLTIuMy5qYXIKNTM1ZTE5YmYxNGQ4Yzc2ZWMwMGE3ZTg0OTAyODdjYTJlMjU5N2NhZTJkZTViOGYxZjY1ZWI4MWVmMWMyYTRjNiAgLi9hcGFjaGUtbG9nNGotMi40LWJpbi9sb2c0ai1jb3JlLTIuNC5qYXIKNDJkZTM2ZTYxZDQ1NGFmZmY1ZTUwZTY5MzA5NjFjODViNTVkNjgxZTIzOTMxZWZkMjQ4ZmQ5YjliOTI5NzIzOSAgLi9hcGFjaGUtbG9nNGotMi40LjEtYmluL2xvZzRqLWNvcmUtMi40LjEuamFyCjRmNTNlNGQ1MmVmY2NjZGM0NDYwMTc0MjZjMTUwMDFiYjBmZTQ0NGM3YTZjZGM5OTY2Zjg3NDFjZjIxMGQ5OTcgIC4vYXBhY2hlLWxvZzRqLTIuNS1iaW4vbG9nNGotY29yZS0yLjUuamFyCmRmMDAyNzcwNDUzMzhjZWFhNmY3MGE3YjhlZWUxNzg3MTBiM2JhNTFlYWMyOGMxMTQyZWM4MDIxNTc0OTJkZTYgIC4vYXBhY2hlLWxvZzRqLTIuNi1iaW4vbG9nNGotY29yZS0yLjYuamFyCjI4NDMzNzM0YmQ5ZTMxMjFlMGEwYjc4MjM4ZDUxMzE4MzdiOWRiZTI2ZjFhOTMwYmM4NzJiYWQ0NGU2OGU0NGUgIC4vYXBhY2hlLWxvZzRqLTIuNi4xLWJpbi9sb2c0ai1jb3JlLTIuNi4xLmphcgpjZjY1ZjBkMzM2NDBmMmNkMGEwYjA2ZGQ4NmE1YzYzNTM5MzhjY2IyNWY0ZmZkMTQxMTZiNDg4NDE4MWUwMzkyICAuL2FwYWNoZS1sb2c0ai0yLjYuMi1iaW4vbG9nNGotY29yZS0yLjYuMi5qYXIKNWJiODRlMTEwZDVmMThjZWU0NzAyMWEwMjRkMzU4MjI3NjEyZGQ2ZGFjN2I5N2ZhNzgxZjg1YzZhZDNjY2VlNCAgLi9hcGFjaGUtbG9nNGotMi43LWJpbi9sb2c0ai1jb3JlLTIuNy5qYXIKY2NmMDJiYjkxOWUxYTQ0YjEzYjM2NmVhMWIyMDNmOTg3NzI2NTA0NzVmMmEwNmU5ZmFjNGIzYzk1N2E3YzNmYSAgLi9hcGFjaGUtbG9nNGotMi44LWJpbi9sb2c0ai1jb3JlLTIuOC5qYXIKODE1YTczZTIwZTkwYTQxMzY2MmVlZmU4NTk0NDE0Njg0ZGYzZDU3MjNlZGNkNzYwNzBlMWE1YWVlODY0NjE2ZSAgLi9hcGFjaGUtbG9nNGotMi44LjEtYmluL2xvZzRqLWNvcmUtMi44LjEuamFyCjEwZWYzMzExMTVjYmJkMThiNWJlM2YzNzYxZTA0NjUyM2Y5Yzk1YzEwMzQ4NDA4MmIxOGU2N2E3YzM2ZTU3MGMgIC4vYXBhY2hlLWxvZzRqLTIuOC4yLWJpbi9sb2c0ai1jb3JlLTIuOC4yLmphcgpkYzgxNWJlMjk5ZjgxYzE4MGFhOGQyOTI0ZjFiMDE1ZjJjNDY2ODZlODY2YmM0MTBlNzJkZTc1ZjdjZDQxYWFlICAuL2FwYWNoZS1sb2c0ai0yLjkuMC1iaW4vbG9nNGotY29yZS0yLjkuMC5qYXIKOTI3NWY1ZDU3NzA5ZTIyMDQ5MDBkM2RhZTI3MjdmNTkzMmY4NWQzODEzYWQzMWM5ZDM1MWRlZjAzZGQzZDAzZCAgLi9hcGFjaGUtbG9nNGotMi45LjEtYmluL2xvZzRqLWNvcmUtMi45LjEuamFyCmYzNWNjYzk5Nzg3OTdhODk1ZTViZWU1OGZhOGMzYjdhZDZkNWVlNTUzODZlOWU1MzJmMTQxZWU4ZWQyZTkzN2QgIC4vYXBhY2hlLWxvZzRqLTIuMTAuMC1iaW4vbG9nNGotY29yZS0yLjEwLjAuamFyCjUyNTY1MTdlNjIzN2I4ODhjNjVjODY5MWYyOTIxOWI2NjU4ZDgwMGMyM2U4MWQ1MTY3YzRhOGJiZDJhMGRhYTMgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMC1iaW4vbG9nNGotY29yZS0yLjExLjAuamFyCmQ0NDg1MTc2YWVhNjdjYzg1ZjVjY2M0NWJiNjYxNjZmOGJmYzcxNWFlNGE2OTVmMGQ4NzBhMWY4ZDg0OGNjM2QgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMS1iaW4vbG9nNGotY29yZS0yLjExLjEuamFyCjNmY2M0YzFmMmY4MDZhY2ZjMzk1MTQ0Yzk4YjhiYTJhODBmZTFiZjVlM2FkMzM5NzU4OGJiZDI2MTBhMzcxMDAgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMi1iaW4vbG9nNGotY29yZS0yLjExLjIuamFyCjA1N2E0OGZlMzc4NTg2YjY5MTNkMjliNGIxMDE2MmI0YjUwNDUyNzdmMWJlNjZiN2EwMWZiN2UzMGJkMDVlZjMgIC4vYXBhY2hlLWxvZzRqLTIuMTIuMC1iaW4vbG9nNGotY29yZS0yLjEyLjAuamFyCjVkYmQ2YmIyMzgxYmY1NDU2M2VhMTViYzlmYmI2ZDcwOTRlYWY3MTg0ZTY5NzVjNTBmODk5NmY3N2JmYzNmMmMgIC4vYXBhY2hlLWxvZzRqLTIuMTIuMS1iaW4vbG9nNGotY29yZS0yLjEyLjEuamFyCmMzOWIwZWExNGU3NzY2NDQwYzU5ZTVhZTVmNDhhZGVlMDM4ZDliMWM3YTEzNzViMzc2ZTk2NmNhMTJjMjJjZDMgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMC1iaW4vbG9nNGotY29yZS0yLjEzLjAuamFyCjZmMzhhMjU0ODJkODJjZDExOGM0MjU1ZjI1YjlkNzhkOTY4MjFkMjJiYWI0OThjZGNlOWNkYTdhNTYzY2E5OTIgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMS1iaW4vbG9nNGotY29yZS0yLjEzLjEuamFyCjU0OTYyODM1OTkyZTMwMzkyOGFhOTA5NzMwY2UzYTUwZTMxMTA2OGMwOTYwYzcwOGU4MmFiNzY3MDFkYjVlNmIgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMi1iaW4vbG9nNGotY29yZS0yLjEzLjIuamFyCmU1ZTliMGY4ZDcyZjRlN2I5MDIyYjdhODNjNjczMzM0ZDc5Njc5ODExOTFkMmQ5OGY5YzU3ZGM5N2I0Y2FhZTEgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMy1iaW4vbG9nNGotY29yZS0yLjEzLjMuamFyCjY4ZDc5Mzk0MGMyOGRkZmY2NjcwYmU3MDM2OTBkZmRmOWU3NzMxNTk3MGM0MmM0YWY0MGNhNzI2MWE4NTcwZmEgIC4vYXBhY2hlLWxvZzRqLTIuMTQuMC1iaW4vbG9nNGotY29yZS0yLjE0LjAuamFyCjlkYTBmNWNhN2M4ZWFiNjkzZDA5MGFlNzU5Mjc1YjlkYjRjYTVhY2RiY2ZlNGE2M2QzODcxZTBiMTczNjc0NjMgIC4vYXBhY2hlLWxvZzRqLTIuMTQuMS1iaW4vbG9nNGotY29yZS0yLjE0LjEuamFyCjAwNmZjNjYyM2ZiYjk2MTA4NDI0M2NmYzMyN2M4ODVmM2M1N2YyZWJhOGVlMDVmYmM0ZTkzZTUzNTg3NzhjODUgIC4vbG9nNGotMi4wLWFscGhhMS9sb2c0ai1jb3JlLTIuMC1hbHBoYTEuamFy"
$FileHashes = -split [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($EncodedHashes)) | Where-Object {$_.Length -eq 64 }
$List = $List -replace '(^\s+|\s+$)',''
ForEach($Item in $List) {
If($Item.Length -gt 0) {
$Hash = (Get-FileHash -Path $Item -Algorithm SHA256).Hash
If($FileHashes -contains $Hash) {
$Result = [PSCustomObject]@{
"FileHash" = $Hash
"FileName" = $Item
}
$TotalResults.Add($Result)
}
}
}
$TotalResults
#-------- Please don't modify begin -----------
## Create instance of Altiris NSE component
$nse = New-Object -ComObject Altiris.AeXNSEvent
## Set the header data of the NSE
$nse.To = "{50FBF1F5-17C5-47f1-92A8-D800B2515535}"
$nse.Priority = 1
$objIRInstance = $nse.AddDataClass('Log4Shell')
$objIRDataClass = $nse.AddDataBlock($objIRInstance)
#Add new row of data
foreach ($res in $TotalResults) {
#Add new row of data
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, $($res.FileHash))
$objIRDataRow.SetField(1, $($res.FileName))
}
#Send the data
$nse.sendqueued()
Step3: Create a report using the following SQL Query
SELECT dbo.vComputer.Guid AS _ItemGuid, dbo.vComputer.Name, dbo.vComputer.[OS Name], dbo.Inv_Log4Shell.*, dbo.vHWComputerSystem.Manufacturer, dbo.vHWComputerSystem.Model
FROM dbo.vHWComputerSystem INNER JOIN
dbo.vComputer INNER JOIN
dbo.Inv_Log4Shell ON dbo.vComputer.Guid = dbo.Inv_Log4Shell._ResourceGuid ON dbo.vHWComputerSystem._ResourceGuid = dbo.Inv_Log4Shell._ResourceGuid
Version 1.1
The variable $dest allows to modify the folder where to write to, in this Example: C:\install – The previous Script uses C:\Temp which led to some problems…
The variable $Drives allows to modify the Drives where to scan for .jar Files – in this Example the script currently excludes Drive D:\ and E:\ – just extend the script with additional Driveletters -and ($_.Root -notlike 'D:\') -and ($_.Root -notlike 'E:\')
You can also exclude specific Directories using the /XD Parameter when using the Robocopy command and add the directories.
Example: Robocopy $Drive $dest *.jar /l /njh /njs /ndl /ns /nc /fp /e /xj /xd "c:\your folder to exclude"
$dest = 'C:\install'
$CustomFileHashes = @(
)
Remove-Variable List,TotalResults -Force -ErrorAction SilentlyContinue
$Drives = (Get-PSDrive -PSProvider FileSystem | Where-Object { ($_.Used -gt 0) -and ($_.Root -notlike 'D:\') -and ($_.Root -notlike 'E:\') }).Root
$List = ForEach($Drive in $Drives) {
Robocopy $Drive $dest *.jar /l /njh /njs /ndl /ns /nc /fp /e /xj
}
$EncodedHashes = "IyAyLlggdmVyc2lvbnMKCmJmNGY0MTQwMzI4MGMxYjExNTY1MGQ0NzBmOWIyNjBhNWM5MDQyYzA0ZDliY2MyYTZjYTUwNGE2NjM3OWIyZDYgIC4vYXBhY2hlLWxvZzRqLTIuMC1hbHBoYTItYmluL2xvZzRqLWNvcmUtMi4wLWFscGhhMi5qYXIKNThlOWY3MjA4MWVmZmY5YmRhYWJkODJlM2IzZWZlNWIxYjlmMTY2NmNlZmUyOGY0MjlhZDcxNzZhNmQ3NzBhZSAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGExLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMS5qYXIKZWQyODVhZDVhYzZhOGNmMTM0NjFkNmMyODc0ZmRjZDNiZjY3MDAyODQ0ODMxZjY2ZTIxYzJkMGFkZGE0M2ZhNCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGEyLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMi5qYXIKZGJmODhjNjIzY2MyYWQ5OWQ4MmZhNGM1NzVmYjEwNWUyMDgzNDY1YTQ3Yjg0ZDY0ZTJlMWE2M2UxODNjMjc0ZSAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGEzLWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhMy5qYXIKYTM4ZGRmZjFlNzk3YWRiMzlhMDg4NzY5MzJiYzI1MzhkNzcxZmY3ZGIyMzg4NWZiODgzZmVjNTI2YWZmNGZjOCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE0LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNC5qYXIKN2Q4Njg0MTQ4OWFmZDEwOTc1NzZhNjQ5MDk0YWUxZWZiNzliMzE0N2NkMTYyYmEwMTk4NjFkZmFkNGU5NTczYiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE1LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNS5qYXIKNGJmYjBkNTAyMmRjNDk5OTA4ZGE0NTk3ZjNlMTlmOWY2NGQzY2M5OGNlNzU2YTIyNDljNzIxNzlkM2Q3NWM0NyAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE2LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNi5qYXIKNDczZjE1YzA0MTIyZGFkODEwYzkxOWIyZjM0ODRkNDY1NjBmZDJkZDQ1NzNmNjY5NWQzODcxOTU4MTZiMDJhNiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE3LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhNy5qYXIKYjNmYWU0Zjg0ZDQzMDNjZGJhZDQ2OTY1NTRiNGU4ZDIzODFhZDNmYWY2ZTBjM2M4ZDJjZTYwYTQzODhjYWEwMiAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE4LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhOC5qYXIKZGNkZTYwMzNiMjA1NDMzZDZlOTg1NWM5Mzc0MGY3OTg5NTFmYTNhM2YyNTIwMzVhNzY4ZDlmMzU2ZmRlODA2ZCAgLi9hcGFjaGUtbG9nNGotMi4wLWJldGE5LWJpbi9sb2c0ai1jb3JlLTIuMC1iZXRhOS5qYXIKODUzMzhmNjk0Yzg0NGM4YjY2ZDhhMWI5ODFiY2YzODYyN2Y5NTU3OTIwOWIyNjYyMTgyYTAwOWQ4NDllMWE0YyAgLi9hcGFjaGUtbG9nNGotMi4wLWJpbi9sb2c0ai1jb3JlLTIuMC5qYXIKZGIzOTA2ZWRhZDYwMDlkMTg4NmVjMWUyYTE5ODI0OWI2ZDk5ODIwYTM1NzVmOGVjODBjNmNlNTdmMDhkNTIxYSAgLi9hcGFjaGUtbG9nNGotMi4wLXJjMS1iaW4vbG9nNGotY29yZS0yLjAtcmMxLmphcgplYzQxMWEzNGZlZTQ5NjkyZjE5NmU0ZGMwYTkwNWIyNWQwNjY3ODI1OTA0ODYyZmRiYTE1M2RmNWU1MzE4M2UwICAuL2FwYWNoZS1sb2c0ai0yLjAtcmMyLWJpbi9sb2c0ai1jb3JlLTIuMC1yYzIuamFyCmEwMGE1NGUzZmI4Y2I4M2ZhYjM4Zjg3MTRmMjQwZWNjMTNhYjljNDkyNTg0YWE1NzFhZWM1ZmM3MWI0ODczMmQgIC4vYXBhY2hlLWxvZzRqLTIuMC4xLWJpbi9sb2c0ai1jb3JlLTIuMC4xLmphcgpjNTg0ZDEwMDA1OTFlZmEzOTEzODYyNjRlMGQ0M2VjMzVmNGRiYjE0NmNhZDkzOTBmNzMzNThkOWM4NGVlNzhkICAuL2FwYWNoZS1sb2c0ai0yLjAuMi1iaW4vbG9nNGotY29yZS0yLjAuMi5qYXIKOGJkYjY2Mjg0M2MxZjRiMTIwZmI0YzI1YTU2MzYwMDgwODU5MDBjZGY5OTQ3YjFkYWRiOWI2NzJlYTYxMzRkYyAgLi9hcGFjaGUtbG9nNGotMi4xLWJpbi9sb2c0ai1jb3JlLTIuMS5qYXIKYzgzMGNkZThmOTI5YzM1ZGFkNDJjYmRiNmIyODQ0N2RmNjljZWZmZTk5OTM3YmY0MjBkMzI0MjRkZjRkMDc2YSAgLi9hcGFjaGUtbG9nNGotMi4yLWJpbi9sb2c0ai1jb3JlLTIuMi5qYXIKNmFlM2IwY2I2NTdlMDUxZjk3ODM1YTY0MzJjMmIwZjUwYTY1MWIzNmI2ZDRhZjM5NWJiZTkwNjBiYjRlZjRiMiAgLi9hcGFjaGUtbG9nNGotMi4zLWJpbi9sb2c0ai1jb3JlLTIuMy5qYXIKNTM1ZTE5YmYxNGQ4Yzc2ZWMwMGE3ZTg0OTAyODdjYTJlMjU5N2NhZTJkZTViOGYxZjY1ZWI4MWVmMWMyYTRjNiAgLi9hcGFjaGUtbG9nNGotMi40LWJpbi9sb2c0ai1jb3JlLTIuNC5qYXIKNDJkZTM2ZTYxZDQ1NGFmZmY1ZTUwZTY5MzA5NjFjODViNTVkNjgxZTIzOTMxZWZkMjQ4ZmQ5YjliOTI5NzIzOSAgLi9hcGFjaGUtbG9nNGotMi40LjEtYmluL2xvZzRqLWNvcmUtMi40LjEuamFyCjRmNTNlNGQ1MmVmY2NjZGM0NDYwMTc0MjZjMTUwMDFiYjBmZTQ0NGM3YTZjZGM5OTY2Zjg3NDFjZjIxMGQ5OTcgIC4vYXBhY2hlLWxvZzRqLTIuNS1iaW4vbG9nNGotY29yZS0yLjUuamFyCmRmMDAyNzcwNDUzMzhjZWFhNmY3MGE3YjhlZWUxNzg3MTBiM2JhNTFlYWMyOGMxMTQyZWM4MDIxNTc0OTJkZTYgIC4vYXBhY2hlLWxvZzRqLTIuNi1iaW4vbG9nNGotY29yZS0yLjYuamFyCjI4NDMzNzM0YmQ5ZTMxMjFlMGEwYjc4MjM4ZDUxMzE4MzdiOWRiZTI2ZjFhOTMwYmM4NzJiYWQ0NGU2OGU0NGUgIC4vYXBhY2hlLWxvZzRqLTIuNi4xLWJpbi9sb2c0ai1jb3JlLTIuNi4xLmphcgpjZjY1ZjBkMzM2NDBmMmNkMGEwYjA2ZGQ4NmE1YzYzNTM5MzhjY2IyNWY0ZmZkMTQxMTZiNDg4NDE4MWUwMzkyICAuL2FwYWNoZS1sb2c0ai0yLjYuMi1iaW4vbG9nNGotY29yZS0yLjYuMi5qYXIKNWJiODRlMTEwZDVmMThjZWU0NzAyMWEwMjRkMzU4MjI3NjEyZGQ2ZGFjN2I5N2ZhNzgxZjg1YzZhZDNjY2VlNCAgLi9hcGFjaGUtbG9nNGotMi43LWJpbi9sb2c0ai1jb3JlLTIuNy5qYXIKY2NmMDJiYjkxOWUxYTQ0YjEzYjM2NmVhMWIyMDNmOTg3NzI2NTA0NzVmMmEwNmU5ZmFjNGIzYzk1N2E3YzNmYSAgLi9hcGFjaGUtbG9nNGotMi44LWJpbi9sb2c0ai1jb3JlLTIuOC5qYXIKODE1YTczZTIwZTkwYTQxMzY2MmVlZmU4NTk0NDE0Njg0ZGYzZDU3MjNlZGNkNzYwNzBlMWE1YWVlODY0NjE2ZSAgLi9hcGFjaGUtbG9nNGotMi44LjEtYmluL2xvZzRqLWNvcmUtMi44LjEuamFyCjEwZWYzMzExMTVjYmJkMThiNWJlM2YzNzYxZTA0NjUyM2Y5Yzk1YzEwMzQ4NDA4MmIxOGU2N2E3YzM2ZTU3MGMgIC4vYXBhY2hlLWxvZzRqLTIuOC4yLWJpbi9sb2c0ai1jb3JlLTIuOC4yLmphcgpkYzgxNWJlMjk5ZjgxYzE4MGFhOGQyOTI0ZjFiMDE1ZjJjNDY2ODZlODY2YmM0MTBlNzJkZTc1ZjdjZDQxYWFlICAuL2FwYWNoZS1sb2c0ai0yLjkuMC1iaW4vbG9nNGotY29yZS0yLjkuMC5qYXIKOTI3NWY1ZDU3NzA5ZTIyMDQ5MDBkM2RhZTI3MjdmNTkzMmY4NWQzODEzYWQzMWM5ZDM1MWRlZjAzZGQzZDAzZCAgLi9hcGFjaGUtbG9nNGotMi45LjEtYmluL2xvZzRqLWNvcmUtMi45LjEuamFyCmYzNWNjYzk5Nzg3OTdhODk1ZTViZWU1OGZhOGMzYjdhZDZkNWVlNTUzODZlOWU1MzJmMTQxZWU4ZWQyZTkzN2QgIC4vYXBhY2hlLWxvZzRqLTIuMTAuMC1iaW4vbG9nNGotY29yZS0yLjEwLjAuamFyCjUyNTY1MTdlNjIzN2I4ODhjNjVjODY5MWYyOTIxOWI2NjU4ZDgwMGMyM2U4MWQ1MTY3YzRhOGJiZDJhMGRhYTMgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMC1iaW4vbG9nNGotY29yZS0yLjExLjAuamFyCmQ0NDg1MTc2YWVhNjdjYzg1ZjVjY2M0NWJiNjYxNjZmOGJmYzcxNWFlNGE2OTVmMGQ4NzBhMWY4ZDg0OGNjM2QgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMS1iaW4vbG9nNGotY29yZS0yLjExLjEuamFyCjNmY2M0YzFmMmY4MDZhY2ZjMzk1MTQ0Yzk4YjhiYTJhODBmZTFiZjVlM2FkMzM5NzU4OGJiZDI2MTBhMzcxMDAgIC4vYXBhY2hlLWxvZzRqLTIuMTEuMi1iaW4vbG9nNGotY29yZS0yLjExLjIuamFyCjA1N2E0OGZlMzc4NTg2YjY5MTNkMjliNGIxMDE2MmI0YjUwNDUyNzdmMWJlNjZiN2EwMWZiN2UzMGJkMDVlZjMgIC4vYXBhY2hlLWxvZzRqLTIuMTIuMC1iaW4vbG9nNGotY29yZS0yLjEyLjAuamFyCjVkYmQ2YmIyMzgxYmY1NDU2M2VhMTViYzlmYmI2ZDcwOTRlYWY3MTg0ZTY5NzVjNTBmODk5NmY3N2JmYzNmMmMgIC4vYXBhY2hlLWxvZzRqLTIuMTIuMS1iaW4vbG9nNGotY29yZS0yLjEyLjEuamFyCmMzOWIwZWExNGU3NzY2NDQwYzU5ZTVhZTVmNDhhZGVlMDM4ZDliMWM3YTEzNzViMzc2ZTk2NmNhMTJjMjJjZDMgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMC1iaW4vbG9nNGotY29yZS0yLjEzLjAuamFyCjZmMzhhMjU0ODJkODJjZDExOGM0MjU1ZjI1YjlkNzhkOTY4MjFkMjJiYWI0OThjZGNlOWNkYTdhNTYzY2E5OTIgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMS1iaW4vbG9nNGotY29yZS0yLjEzLjEuamFyCjU0OTYyODM1OTkyZTMwMzkyOGFhOTA5NzMwY2UzYTUwZTMxMTA2OGMwOTYwYzcwOGU4MmFiNzY3MDFkYjVlNmIgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMi1iaW4vbG9nNGotY29yZS0yLjEzLjIuamFyCmU1ZTliMGY4ZDcyZjRlN2I5MDIyYjdhODNjNjczMzM0ZDc5Njc5ODExOTFkMmQ5OGY5YzU3ZGM5N2I0Y2FhZTEgIC4vYXBhY2hlLWxvZzRqLTIuMTMuMy1iaW4vbG9nNGotY29yZS0yLjEzLjMuamFyCjY4ZDc5Mzk0MGMyOGRkZmY2NjcwYmU3MDM2OTBkZmRmOWU3NzMxNTk3MGM0MmM0YWY0MGNhNzI2MWE4NTcwZmEgIC4vYXBhY2hlLWxvZzRqLTIuMTQuMC1iaW4vbG9nNGotY29yZS0yLjE0LjAuamFyCjlkYTBmNWNhN2M4ZWFiNjkzZDA5MGFlNzU5Mjc1YjlkYjRjYTVhY2RiY2ZlNGE2M2QzODcxZTBiMTczNjc0NjMgIC4vYXBhY2hlLWxvZzRqLTIuMTQuMS1iaW4vbG9nNGotY29yZS0yLjE0LjEuamFyCjAwNmZjNjYyM2ZiYjk2MTA4NDI0M2NmYzMyN2M4ODVmM2M1N2YyZWJhOGVlMDVmYmM0ZTkzZTUzNTg3NzhjODUgIC4vbG9nNGotMi4wLWFscGhhMS9sb2c0ai1jb3JlLTIuMC1hbHBoYTEuamFy"
[System.Collections.Generic.List[string]]$FileHashes = -split [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String($EncodedHashes)) | Where-Object {$_.Length -eq 64 }
If($CustomFileHashes -ne $null) { $CustomFileHashes | ForEach-Object { $FileHashes.Add("$_")} }
$TotalResults = ForEach($Item in $List.Where({$_}).Trim()) {
If($Item.Length -gt 0) {
$Hash = (Get-FileHash -Path $Item -Algorithm SHA256).Hash
If($FileHashes -contains $Hash) {
$Result = [PSCustomObject]@{
"FileHash" = $Hash
"FileName" = $Item
}
$Result
}
}
}
$TotalResults
#-------- Please don't modify begin -----------
## Create instance of Altiris NSE component
$nse = New-Object -ComObject Altiris.AeXNSEvent
## Set the header data of the NSE
$nse.To = "{50FBF1F5-17C5-47f1-92A8-D800B2515535}"
$nse.Priority = 1
$objIRInstance = $nse.AddDataClass('Log4Shell')
$objIRDataClass = $nse.AddDataBlock($objIRInstance)
#Add new row of data
foreach ($res in $TotalResults) {
#Add new row of data
$objIRDataRow = $objIRDataClass.AddRow()
$objIRDataRow.SetField(0, $($res.FileHash))
$objIRDataRow.SetField(1, $($res.FileName))
}
#Send the data
$nse.sendqueued()
Symantec EPM Products are not affected by this vulnerability. Click here for further information.
https://www.joseespitia.com/2021/12/15/how-to-detect-the-log4shell-vulnerability-with-powershell/ – by Jose Espitia
Symantec Security Advisory for Log4j 2 CVE-2021-44228 Vulnerability – https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793
Download a affected File for detection by the Custom Inventory Script
https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/2.0-rc1/log4j-core-2.0-rc1.jar
Endpoint Management 
Olá, não está funcionando para mim.
Fiz a cópia do arquivo de teste mas não está aparecendo na tabela depois de terminado o scan .. o que pode ser de errado ?
Obrigado pela ajuda
LikeLike