AnsweredAssumed Answered

Custom file scan with PowerShell?

Question asked by Samuel on Apr 10, 2019
Latest reply on Apr 11, 2019 by DavidHobbs

There are several threads in the community about the custom registry scan using this signed script and the CSV file that goes with it:

  • Scan-CustomRegistry.snow-ps1
  • keys.csv

Is there a similar solution for custom file scan? I do not want to re-invent the wheel. But some products consist only in DLLs or any other type of file that manufacturers want to be paid for . But If I scan for DLL files, my DB will explode ... For this reason, DLL files are not scanned and would not make it into SLM because they are filtered out anyway.

If there was a solution to look for let's say a specific DLL file and then substitute it with a custom registry entry or custom-named EXE file as a substitute, I could create a custom rule that picks that up and triggers a detection.

 

Does that exist? Is someone willing to share a custom tool? Or should that go to the Ideas Board?

Outcomes