From 5dcc9965d393934a9932925e4576bc67b92e6328 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 23 Mar 2020 17:27:57 -0700 Subject: [PATCH 1/2] Add a wait for autoruns scheduled task --- Vagrant/scripts/install-autorunstowineventlog.ps1 | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/Vagrant/scripts/install-autorunstowineventlog.ps1 b/Vagrant/scripts/install-autorunstowineventlog.ps1 index 693331c..fd36469 100644 --- a/Vagrant/scripts/install-autorunstowineventlog.ps1 +++ b/Vagrant/scripts/install-autorunstowineventlog.ps1 @@ -6,6 +6,15 @@ If ((Get-ScheduledTask -TaskName "AutorunsToWinEventLog" -ea silent) -eq $null) . c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\AutorunsToWinEventLog\Install.ps1 Write-Host "AutorunsToWinEventLog installed. Starting the scheduled task. Future runs will begin at 11am" Start-ScheduledTask -TaskName "AutorunsToWinEventLog" + # https://mcpmag.com/articles/2018/03/16/wait-action-function-powershell.aspx + # Wait 30 seconds for the scheduled task to enter the "Running" state + $Timeout = 30 + $timer = [Diagnostics.Stopwatch]::StartNew() + while (($timer.Elapsed.TotalSeconds -lt $Timeout) -and ((Get-ScheduledTask -TaskName "AutorunsToWinEventLog").State -ne "Running")) { + Start-Sleep -Seconds 3 + Write-Host "Still waiting for scheduled task to start after "$timer.Elapsed.Seconds" seconds..." + } + $timer.Stop() $Tsk = Get-ScheduledTask -TaskName "AutorunsToWinEventLog" if ($Tsk.State -ne "Running") { From 242e1a7cf361de9fd4230e59dd93ff4c0b989ae1 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 23 Mar 2020 22:51:43 -0700 Subject: [PATCH 2/2] Adding a failover for the ISO download --- Vagrant/scripts/install-microsoft-ata.ps1 | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Vagrant/scripts/install-microsoft-ata.ps1 b/Vagrant/scripts/install-microsoft-ata.ps1 index d8cfc6f..01636a7 100644 --- a/Vagrant/scripts/install-microsoft-ata.ps1 +++ b/Vagrant/scripts/install-microsoft-ata.ps1 @@ -49,7 +49,14 @@ if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash If (-not ($actualHash -eq $fileHash)) { - throw "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash" + Write-Host "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash. Re-trying using BitsAdmin now..." + } + Remove-Item -Path "$env:temp\$title.iso" -Force + bitsadmin /Transfer ATA $downloadUrl "$env:temp\$title.iso" + $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash + If (-not ($actualHash -eq $fileHash)) + { + throw "$title.iso was not downloaded correctly after a retry: hash from downloaded file: $actualHash, should've been: $fileHash - Giving up." } } $Mount = Mount-DiskImage -ImagePath "$env:temp\$title.iso" -StorageType ISO -Access ReadOnly -PassThru