Merge pull request #407 from clong/autoruns_wait

Add a wait for autoruns scheduled task
2020-03-23 22:52:36 -07:00
parent d9ccdbb162 242e1a7cf3
commit 47f2d618ac
2 changed files with 17 additions and 1 deletions
--- a/Vagrant/scripts/install-autorunstowineventlog.ps1
+++ b/Vagrant/scripts/install-autorunstowineventlog.ps1
@@ -6,6 +6,15 @@ If ((Get-ScheduledTask -TaskName "AutorunsToWinEventLog" -ea silent) -eq $null)
    . c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\AutorunsToWinEventLog\Install.ps1
    Write-Host "AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am"
    Start-ScheduledTask -TaskName "AutorunsToWinEventLog"
+    # https://mcpmag.com/articles/2018/03/16/wait-action-function-powershell.aspx
+    # Wait 30 seconds for the scheduled task to enter the "Running" state
+    $Timeout = 30
+    $timer = [Diagnostics.Stopwatch]::StartNew()
+    while (($timer.Elapsed.TotalSeconds -lt $Timeout) -and ((Get-ScheduledTask -TaskName "AutorunsToWinEventLog").State -ne "Running")) {
+        Start-Sleep -Seconds 3
+        Write-Host "Still waiting for scheduled task to start after "$timer.Elapsed.Seconds" seconds..."
+    }
+    $timer.Stop()
    $Tsk = Get-ScheduledTask -TaskName "AutorunsToWinEventLog"
    if ($Tsk.State -ne "Running")
    {
--- a/Vagrant/scripts/install-microsoft-ata.ps1
+++ b/Vagrant/scripts/install-microsoft-ata.ps1
@@ -49,7 +49,14 @@ if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center
        $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
        If (-not ($actualHash -eq $fileHash))
        {
-            throw "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash"
+            Write-Host "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash. Re-trying using BitsAdmin now..."
+        }
+        Remove-Item -Path "$env:temp\$title.iso" -Force
+        bitsadmin /Transfer ATA $downloadUrl "$env:temp\$title.iso"
+        $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash
+        If (-not ($actualHash -eq $fileHash))
+        {
+            throw "$title.iso was not downloaded correctly after a retry: hash from downloaded file: $actualHash, should've been: $fileHash - Giving up."
        }
    }
    $Mount = Mount-DiskImage -ImagePath "$env:temp\$title.iso" -StorageType ISO -Access ReadOnly -PassThru