I believe I saw this capability when I was taking some training, but I’m not always great at remembering everything when I’m drinking off a fire hose. What we’re finding is some malware, and its spreading quickly enough to cause concern, that as far as we know is being quarantined by our antivirus at the VM host level, but needs a manual cleanup at the VM. I’m looking for the capability to search for the specific file and delete it. Is that a capability within BigFix? I think I want to start with writing relevance to see how spread out this problem is, but I’m not great at writing it. Like at all.
So a few months ago I was trying to delete an icon from the desktop… I never did it, cause as you. there is too much to remember. I did get some help from the forum. but at the end not final code. Perhaps you can put together the puzzle that I wasn’t able to.
To my understanding there is a way of deleting a file from a location.
So here’s what we’re finding. This trojan sits in the root of C and is called my.exe. There’s also a corresponding service called WinDefService. What we’ve been able to do is stop that service if it’s running and then we can delete the file. I’ve tried writing the action commands in my relevance, but I’m unable to save it so I can run the fixlet to fix this. If someone could help me with the Action Script I’d appreciate it. Here’s what I put in . . .
net stop windefservice
del C:\my.exe
sc delete “Windows Defender System Service”
Sorry for the request, scripting isn’t my strong suit.