im trying to fix the unquoted trusted service vulnerability
I take a registry key data that has a space but not surrounded by quotes and add quotes.
Not sure if the action below accomplishes this.
I found a powershell script but would rather use code that i understand.
Edit:
I used a powershell script with template from JGStew
delete __createfile
// CREATEFILE
createfile until END_OF_FILE
REPLACE THIS LINE WITH THE ps1 YOU WANT TO RUN ON THE ENDPOINT and replace all { with {{
waithidden { pathname of file ((it as string) of value “Path” of key “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell” of native registry) } -ExecutionPolicy Bypass -File powershell.ps1
I’m typing this on a mobile device, so forgive typos and I can’t check syntax.
In addition to the limitations of actionscript not having loops, you need to understand that parameters are of type string and trying to set them with relevance that resolves to another type, or plurals of any type will fail. You then need to look at how strings are concatenated.
I resolved this in our environment with 2 fixlets:
will run every X time on all machines
initiates ps script to find relevant services and if found it creates txt file with some info regarding them.
if the machine had relevance service before and now does no then the txt file will not be present at the machine.
Will run every X time on each machine with the txt file present from the 1st action
initiates ps script to fix all services (registry change) according to the txt file.
I used ChatGPT to assist me generating the script.
Beside this, I created a property that query the txt file… this is just “nice to have”