Question

我想分享这个脚本来阻止勒索软件，然后与大家分享。唯一的一点是我坚持这个添加多个驱动器并在创建文件时捕获错误或成功。

这是做什么的

安装FSRM。
创建文件屏幕工作错误的驱动器不能选择超过1。
它应该捕获文件是否已创建，因此我们可以说它失败了。
拒绝访问，并说它正在运行。

希望有人能够提供帮助

#Check If FSRM is Are Already Installed
$check = Get-WindowsFeature | Where-Object {$_.Name -eq "FS-Resource-Manager"}
if ($check.Installed -ne "True") {
    Install-WindowsFeature -Name FS-Resource-Manager -IncludeManagementTools
} else {
    Write-Host "Cool FSRM is already installed" -F Green
}

#define drive letters here
$drive = @("D:\", "E:\", "C:\users")

#Create notification is required

#$Notification = New-FsrmAction -Type Email -MailTo "[Admin Email];[File Owner]" -Subject "Warning: attempted to create a Ransomeware file text file" -Body "You attempted to create a Ransomeware. This is not allowed." -RunLimitInterval 120

New-FsrmFileGroup -Name "Anti-Ransomware File Groups" -IncludePattern @((Invoke-WebRequest -Uri "https://fsrm.experiant.ca/api/v1/combined" -UseBasicParsing).Content |
    ConvertFrom-Json | % {$_.filters})

New-FsrmFileScreen -Path "$drive" -IncludeGroup "Anti-Ransomware File Groups" -Active # -Notification $Notification

#test if its working
try {
    New-Item "$drive\$(get-random).xtbl" -Type File -ErrorAction Stop
    Write-Verbose "[RANSOMEWARE CONFIGURATION FAILED] Created $FullName"
} catch {
    $ErrorMessage = $_.Exception.Message 
    Write-Warning "[ERROR] access Denied"
    Write-Host "Congrats you have successfully configured Ransomeware block Sit back and relax"
}

Answer 1

成功

 $disks = GET-WMIOBJECT win32_logicaldisk -filter "DriveType='3'" | Where {$_.deviceid -ne "C:"}
            ForEach($disk in $disks) {
                                        $DRIVE = $DISK.DeviceID

                                    New-FsrmFileScreen -Path "$Drive\" –IncludeGroup "Anti-Ransomware File Groups" -Active  # -Notification $Notification

                                     }

#Test if its sucess

                                     foreach( $Disk in $disks ) {
                                      $DRIVE = $DISK.DeviceID

Try
    {
      #$newpath=Join-Path -Path $Drive -ChildPath "$(Get-Random).xtbl"
      $File = New-Item "$drive\$(Get-Random).xtbl"-type file -ErrorAction Stop -ErrorVariable 'ErrorMessage'
      Write-host "[RANSOMEWARE CONFIGURATION FAILED] Created $($File.FullName)" -ForegroundColor red
    }

    Catch
    {
        Write-Warning "[ERROR] access Denied"
        Write-Output "File not created: $($File.FullName)"
        Write-Host "Congrats you have successfully configured Ransomeware block Sit back and relax" -f green
    }
    }

   ##### create File screen and block all the shared items


    $paths=Get-WmiObject Win32_Share | Select Name,Path,Type | Where-Object { $_.Type -eq 0 } | Select -ExpandProperty Path

    foreach( $path in $paths ){
New-FsrmFileScreen -Path "$path" –IncludeGroup "Anti-Ransomware File Groups" -Active # -Notification $Notification

}

抓住成功和错误

1 个答案: