mirror of
https://github.com/Yamato-Security/WELA.git
synced 2025-12-06 09:12:46 +01:00
fix: update Task Scheduler operational channel enabled state check
This commit is contained in:
fukusuket
8
WELA.ps1
8
WELA.ps1
@@ -1338,7 +1338,7 @@ function GuideYamatoSecurity
|
|||||||
$guid = ""
|
$guid = ""
|
||||||
$eids = @()
|
$eids = @()
|
||||||
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
||||||
$enabled = $true
|
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
|
||||||
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
||||||
$rules | ForEach-Object { $_.applicable = $enabled }
|
$rules | ForEach-Object { $_.applicable = $enabled }
|
||||||
$auditResult += [WELA]::New(
|
$auditResult += [WELA]::New(
|
||||||
@@ -2536,7 +2536,7 @@ function GuideASD {
|
|||||||
$guid = ""
|
$guid = ""
|
||||||
$eids = @()
|
$eids = @()
|
||||||
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
||||||
$enabled = $true
|
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
|
||||||
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
||||||
$rules | ForEach-Object { $_.applicable = $enabled }
|
$rules | ForEach-Object { $_.applicable = $enabled }
|
||||||
$auditResult += [WELA]::New(
|
$auditResult += [WELA]::New(
|
||||||
@@ -3734,7 +3734,7 @@ function GuideMSC {
|
|||||||
$guid = ""
|
$guid = ""
|
||||||
$eids = @()
|
$eids = @()
|
||||||
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
||||||
$enabled = $true
|
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
|
||||||
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
||||||
$rules | ForEach-Object { $_.applicable = $enabled }
|
$rules | ForEach-Object { $_.applicable = $enabled }
|
||||||
$auditResult += [WELA]::New(
|
$auditResult += [WELA]::New(
|
||||||
@@ -4929,7 +4929,7 @@ function GuideMSS {
|
|||||||
$guid = ""
|
$guid = ""
|
||||||
$eids = @()
|
$eids = @()
|
||||||
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
$channels = @("Microsoft-Windows-TaskScheduler/Operational")
|
||||||
$enabled = $true
|
$enabled = CheckRegistryValue -registryPath "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-TaskScheduler/Operational" -valueName "Enabled" -expectedValue 1
|
||||||
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
$rules = $all_rules | Where-Object { RuleFilter $_ $eids $channels $guid }
|
||||||
$rules | ForEach-Object { $_.applicable = $enabled }
|
$rules | ForEach-Object { $_.applicable = $enabled }
|
||||||
$auditResult += [WELA]::New(
|
$auditResult += [WELA]::New(
|
||||||
|
|||||||
Reference in New Issue
Block a user