{"id":353681,"date":"2024-09-20T22:43:13","date_gmt":"2024-09-20T22:43:13","guid":{"rendered":"https:\/\/www.ninjaone.com\/script-hub\/automatiser-le-scanner-de-securite-microsoft-safety-scanner\/"},"modified":"2024-10-13T19:04:14","modified_gmt":"2024-10-13T19:04:14","slug":"automatiser-le-scanner-de-securite-microsoft-safety-scanner","status":"publish","type":"script_hub","link":"https:\/\/www.ninjaone.com\/fr\/script-hub\/automatiser-le-scanner-de-securite-microsoft-safety-scanner\/","title":{"rendered":"Comment automatiser le scanner de s\u00e9curit\u00e9 Microsoft \u00e0 l’aide d’un script PowerShell"},"content":{"rendered":"

Avec le contexte actuel de la s\u00e9curit\u00e9 informatique, les professionnels de l’informatique et les fournisseurs de services g\u00e9r\u00e9s (MSP)<\/a> ont pour priorit\u00e9 de s’assurer que les syst\u00e8mes sont exempts de logiciels malveillants et d’autres menaces. Bien qu’il existe plusieurs outils pour y parvenir, l’automatisation de la d\u00e9tection et de la r\u00e9ponse aux menaces peut r\u00e9duire de mani\u00e8re significative le temps et les efforts n\u00e9cessaires au maintien d’un environnement s\u00e9curis\u00e9.<\/p>\n

Le scanner de s\u00e9curit\u00e9 Microsoft ou Microsoft Safety Scanner (MSERT)<\/a> est un outil de ce type qui peut \u00eatre int\u00e9gr\u00e9 dans un flux de travail automatis\u00e9. Dans cet article, nous allons explorer un script PowerShell qui\u00a0automatise le t\u00e9l\u00e9chargement, l’ex\u00e9cution et la cr\u00e9ation de rapports MSERT<\/strong>, ce qui permet aux professionnels de l’informatique de garder leurs syst\u00e8mes en s\u00e9curit\u00e9 plus facilement.<\/p>\n

Contexte<\/h2>\n

Microsoft Safety Scanner est un outil d’analyse gratuit et \u00e0 la demande con\u00e7u pour d\u00e9tecter et supprimer les logiciels malveillants (malware)<\/a> des syst\u00e8mes Windows. Il est fr\u00e9quemment mis \u00e0 jour et est destin\u00e9 \u00e0 \u00eatre utilis\u00e9 dans des environnements o\u00f9 les d\u00e9finitions de s\u00e9curit\u00e9 les plus r\u00e9centes sont n\u00e9cessaires, mais o\u00f9 une solution permanente n’est pas envisageable.<\/p>\n

Le script dont nous allons parler dans ce billet rationalise le processus d’utilisation de MSERT en automatisant son t\u00e9l\u00e9chargement, son ex\u00e9cution et le traitement des r\u00e9sultats. Cette fonction est particuli\u00e8rement utile dans les environnements o\u00f9 des analyses r\u00e9guli\u00e8res sont n\u00e9cessaires, mais o\u00f9 l’intervention manuelle n’est pas pratique.<\/p>\n

Pour les professionnels de l’informatique et les MSP, la possibilit\u00e9 d’automatiser ce processus r\u00e9duit le risque d’erreur humaine, garantit la coh\u00e9rence des analyses et lib\u00e8re un temps pr\u00e9cieux pour d’autres t\u00e2ches. Ce script est un outil puissant pour maintenir un environnement informatique s\u00e9curis\u00e9<\/a> avec un minimum d’efforts.<\/p>\n

Le script\u00a0:<\/h2>\n
#Requires -Version 5.1\r\n\r\n<#\r\n.SYNOPSIS\r\n    Run the Microsoft Safety Scanner, collect the results, and optionally save the results to a multiline custom field.\r\n.DESCRIPTION\r\n    Run the Microsoft Safety Scanner, collect the results, and optionally save the results to a multiline custom field.\r\n.EXAMPLE\r\n    (No Parameters)\r\n    \r\n    Downloading MSERT from https:\/\/go.microsoft.com\/fwlink\/?LinkId=212732\r\n    Waiting for 3 seconds.\r\n    Download Attempt 1\r\n    Download Successful!\r\n    Initiating Scan\r\n    Exit Code: 7\r\n    [Critical] Infections found!\r\n\r\n    ---------------------------------------------------------------------------------------\r\n    Microsoft Safety Scanner v1.405, (build 1.405.445.0)\r\n    Started On Thu Feb 22 13:33:34 2024\r\n\r\n    Engine: 1.1.24010.10\r\n    Signatures: 1.405.445.0\r\n    MpGear: 1.1.16330.1\r\n    Run Mode: Scan Run in Quiet Mode\r\n\r\n    Quick Scan Results:\r\n    -------------------\r\n    Threat Detected: Virus:DOS\/EICAR_Test_File, not removed.\r\n        Action: NoAction, Result: 0x00000000\r\n            file:\/\/C:\\Windows\\system32\\eicarcom2.zip->eicar_com.zip->eicar.com\r\n                SigSeq: 0x00000555DC2DDDB0\r\n            file:\/\/C:\\Windows\\system32\\eicar.com\r\n                SigSeq: 0x00000555DC2DDDB0\r\n            file:\/\/C:\\Windows\\eicar.com\r\n                SigSeq: 0x00000555DC2DDDB0\r\n            containerfile:\/\/C:\\Windows\\system32\\eicarcom2.zip\r\n\r\n    Results Summary:\r\n    ----------------\r\n    Found Virus:DOS\/EICAR_Test_File, not removed.\r\n    Successfully Submitted MAPS Report\r\n    Successfully Submitted Heartbeat Report\r\n    Microsoft Safety Scanner Finished On Thu Feb 22 13:35:58 2024\r\n\r\n\r\n    Return code: 7 (0x7)\r\n\r\nPARAMETER: -ScanType \"Full\"\r\n    Specifies the type of scan to perform. \"Full\" for a complete disk scan, or \"Quick\" for a scan of common exploit locations.\r\n\r\nPARAMETER: -Timeout \"ReplaceMeWithANumber\"\r\n    Sets a time limit for the scan in minutes. If the scan exceeds this duration, it is canceled, and an error is output. Replace \"ReplaceMeWithANumber\" with the desired time limit in minutes.\r\n\r\nPARAMETER: -CustomField \"ReplaceWithNameOfCustomField\"\r\n    Specifies the name of the multiline custom field where scan results are optionally saved. Enter the field name to enable this feature.\r\n.OUTPUTS\r\n    None\r\n.NOTES\r\n    Minimum OS Architecture Supported: Windows 10, Server 2016\r\n    Release Notes: Initial Release\r\nBy using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https:\/\/www.ninjaone.com\/terms-of-use.\r\n    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. \r\n    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. \r\n    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. \r\n    Warranty Disclaimer: The script is provided \u201cas is\u201d and \u201cas available\u201d, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. \r\n    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. \r\n    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. \r\n    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).\r\n#>\r\n\r\n[CmdletBinding()]\r\nparam (\r\n    [Parameter()]\r\n    [String]$ScanType = \"Quick\",\r\n    [Parameter()]\r\n    [Int]$Timeout = 30,\r\n    [Parameter()]\r\n    [String]$CustomField,\r\n    [Parameter()]\r\n    [String]$DownloadURL = \"https:\/\/go.microsoft.com\/fwlink\/?LinkId=212732\"\r\n)\r\n\r\nbegin {\r\n    # Set parameters using dynamic script variables.\r\n    if($env:scanType -and $env:scanType -notlike \"null\"){ $ScanType = $env:scanType }\r\n    if($env:scanTimeoutInMinutes -and $env:scanTimeoutInMinutes -notlike \"null\"){ $Timeout = $env:scanTimeoutInMinutes }\r\n    if($env:customFieldName -and $env:customFieldName -notlike \"null\"){ $CustomField = $env:customFieldName }\r\n\r\n    # If a timeout is specified, check that it's in the valid range.\r\n    if($Timeout -lt 1 -or $Timeout -ge 120){\r\n        Write-Host \"[Error] Timeout must be greater than or equal to 1 minute and less than 120 minutes.\"\r\n        exit 1\r\n    }\r\n\r\n    # If we're not given a scan type, error out.\r\n    if(-not $ScanType){\r\n        Write-Host \"[Error] Please select a scan type (Quick or Full).\"\r\n        exit 1\r\n    }\r\n\r\n    # Check that the scan type is valid.\r\n    switch($ScanType){\r\n        \"Quick\" { Write-Verbose \"Quick Scan Selected!\"}\r\n        \"Full\" { Write-Verbose \"Full Scan Selected!\" }\r\n        default { \r\n            Write-Host \"[Error] Invalid scan type selected!\"\r\n            exit 1\r\n        }\r\n    } \r\n\r\n    # Checks for local administrator rights.\r\n    function Test-IsElevated {\r\n        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()\r\n        $p = New-Object System.Security.Principal.WindowsPrincipal($id)\r\n        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)\r\n    }\r\n\r\n    # Utility function for downloading files.\r\n    function Invoke-Download {\r\n        param(\r\n            [Parameter()]\r\n            [String]$URL,\r\n            [Parameter()]\r\n            [String]$Path,\r\n            [Parameter()]\r\n            [int]$Attempts = 3,\r\n            [Parameter()]\r\n            [Switch]$SkipSleep\r\n        )\r\n\r\n        $SupportedTLSversions = [enum]::GetValues('Net.SecurityProtocolType')\r\n        if ( ($SupportedTLSversions -contains 'Tls13') -and ($SupportedTLSversions -contains 'Tls12') ) {\r\n            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol::Tls13 -bor [System.Net.SecurityProtocolType]::Tls12\r\n        }\r\n        elseif ( $SupportedTLSversions -contains 'Tls12' ) {\r\n            [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.SecurityProtocolType]::Tls12\r\n        }\r\n        else {\r\n            # Not everything requires TLS 1.2, but we'll try anyway.\r\n            Write-Warning \"TLS 1.2 and or TLS 1.3 are not supported on this system. This download may fail!\"\r\n            if ($PSVersionTable.PSVersion.Major -lt 3) {\r\n                Write-Warning \"PowerShell 2 \/ .NET 2.0 doesn't support TLS 1.2.\"\r\n            }\r\n        }\r\n\r\n        $i = 1\r\n        While ($i -le $Attempts) {\r\n            # Some cloud services have rate-limiting\r\n            if (-not ($SkipSleep)) {\r\n                $SleepTime = Get-Random -Minimum 3 -Maximum 15\r\n                Write-Host \"Waiting for $SleepTime seconds.\"\r\n                Start-Sleep -Seconds $SleepTime\r\n            }\r\n        \r\n            if ($i -ne 1) { Write-Host \"\" }\r\n            Write-Host \"Download Attempt $i\"\r\n\r\n            $PreviousProgressPreference = $ProgressPreference\r\n            $ProgressPreference = 'SilentlyContinue'\r\n            try {\r\n                # Invoke-WebRequest is preferred because it supports links that redirect, e.g., https:\/\/t.ly\r\n                if ($PSVersionTable.PSVersion.Major -lt 4) {\r\n                    # Downloads the file\r\n                    $WebClient = New-Object System.Net.WebClient\r\n                    $WebClient.DownloadFile($URL, $Path)\r\n                }\r\n                else {\r\n                    # Standard options\r\n                    $WebRequestArgs = @{\r\n                        Uri                = $URL\r\n                        OutFile            = $Path\r\n                        MaximumRedirection = 10\r\n                        UseBasicParsing    = $true\r\n                    }\r\n\r\n                    # Downloads the file\r\n                    Invoke-WebRequest @WebRequestArgs\r\n                }\r\n\r\n                $ProgressPreference = $PreviousProgressPreference\r\n                $File = Test-Path -Path $Path -ErrorAction SilentlyContinue\r\n            }\r\n            catch {\r\n                Write-Warning \"An error has occurred while downloading!\"\r\n                Write-Warning $_.Exception.Message\r\n\r\n                if (Test-Path -Path $Path -ErrorAction SilentlyContinue) {\r\n                    Remove-Item $Path -Force -Confirm:$false -ErrorAction SilentlyContinue\r\n                }\r\n\r\n                $File = $False\r\n            }\r\n\r\n            if ($File) {\r\n                $i = $Attempts\r\n            }\r\n            else {\r\n                Write-Warning \"File failed to download.\"\r\n                Write-Host \"\"\r\n            }\r\n\r\n            $i++\r\n        }\r\n\r\n        if (-not (Test-Path -Path $Path)) {\r\n            [PSCustomObject]@{\r\n                ExitCode = 1\r\n            }\r\n        }\r\n        else {\r\n            [PSCustomObject]@{\r\n                ExitCode = 0\r\n            }\r\n        }\r\n    }\r\n\r\n    # Utility function to help set custom fields\r\n    function Set-NinjaProperty {\r\n        [CmdletBinding()]\r\n        Param(\r\n            [Parameter(Mandatory = $True)]\r\n            [String]$Name,\r\n            [Parameter()]\r\n            [String]$Type,\r\n            [Parameter(Mandatory = $True, ValueFromPipeline = $True)]\r\n            $Value,\r\n            [Parameter()]\r\n            [String]$DocumentName\r\n        )\r\n    \r\n        $Characters = $Value | Measure-Object -Character | Select-Object -ExpandProperty Characters\r\n        if($Characters -ge 10000){\r\n            throw [System.ArgumentOutOfRangeException]::New(\"Character limit exceeded, value is greater than 10,000 characters.\")\r\n        }\r\n        \r\n        # If we're requested to set the field value for a Ninja document we'll specify it here.\r\n        $DocumentationParams = @{}\r\n        if ($DocumentName) { $DocumentationParams[\"DocumentName\"] = $DocumentName }\r\n        \r\n        # This is a list of valid fields that can be set. If no type is given, it will be assumed that the input doesn't need to be changed.\r\n        $ValidFields = \"Attachment\", \"Checkbox\", \"Date\", \"Date or Date Time\", \"Decimal\", \"Dropdown\", \"Email\", \"Integer\", \"IP Address\", \"MultiLine\", \"MultiSelect\", \"Phone\", \"Secure\", \"Text\", \"Time\", \"URL\", \"WYSIWYG\"\r\n        if ($Type -and $ValidFields -notcontains $Type) { Write-Warning \"$Type is an invalid type! Please check here for valid types. https:\/\/ninjarmm.zendesk.com\/hc\/en-us\/articles\/16973443979789-Command-Line-Interface-CLI-Supported-Fields-and-Functionality\" }\r\n        \r\n        # The field below requires additional information to be set\r\n        $NeedsOptions = \"Dropdown\"\r\n        if ($DocumentName) {\r\n            if ($NeedsOptions -contains $Type) {\r\n                # We'll redirect the error output to the success stream to make it easier to error out if nothing was found or something else went wrong.\r\n                $NinjaPropertyOptions = Ninja-Property-Docs-Options -AttributeName $Name @DocumentationParams 2>&1\r\n            }\r\n        }\r\n        else {\r\n            if ($NeedsOptions -contains $Type) {\r\n                $NinjaPropertyOptions = Ninja-Property-Options -Name $Name 2>&1\r\n            }\r\n        }\r\n        \r\n        # If an error is received it will have an exception property, the function will exit with that error information.\r\n        if ($NinjaPropertyOptions.Exception) { throw $NinjaPropertyOptions }\r\n        \r\n        # The below type's require values not typically given in order to be set. The below code will convert whatever we're given into a format ninjarmm-cli supports.\r\n        switch ($Type) {\r\n            \"Checkbox\" {\r\n                # While it's highly likely we were given a value like \"True\" or a boolean datatype it's better to be safe than sorry.\r\n                $NinjaValue = [System.Convert]::ToBoolean($Value)\r\n            }\r\n            \"Date or Date Time\" {\r\n                # Ninjarmm-cli expects the  Date-Time to be in Unix Epoch time so we'll convert it here.\r\n                $Date = (Get-Date $Value).ToUniversalTime()\r\n                $TimeSpan = New-TimeSpan (Get-Date \"1970-01-01 00:00:00\") $Date\r\n                $NinjaValue = $TimeSpan.TotalSeconds\r\n            }\r\n            \"Dropdown\" {\r\n                # Ninjarmm-cli is expecting the guid of the option we're trying to select. So we'll match up the value we were given with a guid.\r\n                $Options = $NinjaPropertyOptions -replace '=', ',' | ConvertFrom-Csv -Header \"GUID\", \"Name\"\r\n                $Selection = $Options | Where-Object { $_.Name -eq $Value } | Select-Object -ExpandProperty GUID\r\n        \r\n                if (-not $Selection) {\r\n                    throw [System.ArgumentOutOfRangeException]::New(\"Value is not present in dropdown\")\r\n                }\r\n        \r\n                $NinjaValue = $Selection\r\n            }\r\n            default {\r\n                # All the other types shouldn't require additional work on the input.\r\n                $NinjaValue = $Value\r\n            }\r\n        }\r\n        \r\n        # We'll need to set the field differently depending on if its a field in a Ninja Document or not.\r\n        if ($DocumentName) {\r\n            $CustomField = Ninja-Property-Docs-Set -AttributeName $Name -AttributeValue $NinjaValue @DocumentationParams 2>&1\r\n        }\r\n        else {\r\n            $CustomField = Ninja-Property-Set -Name $Name -Value $NinjaValue 2>&1\r\n        }\r\n        \r\n        if ($CustomField.Exception) {\r\n            throw $CustomField\r\n        }\r\n    }\r\n    \r\n    $ExitCode = 0\r\n\r\n    # If the log file already exists remove it.\r\n    if(Test-Path -Path \"$env:SYSTEMROOT\\debug\\msert.log\"){\r\n        Remove-Item -Path \"$env:SYSTEMROOT\\debug\\msert.log\" -Force -ErrorAction SilentlyContinue\r\n    }\r\n}\r\nprocess {\r\n    # Error out if we don't have local admin permissions.\r\n    if (-not (Test-IsElevated)) {\r\n        Write-Host \"[Error] Access Denied. Please run with Administrator privileges.\"\r\n        exit 1\r\n    }\r\n\r\n    # Download MSERT.\r\n    Write-Host \"Downloading MSERT from $DownloadURL\"\r\n    $MSERTPath = \"$env:TEMP\\MSERT.exe\"\r\n    $Download = Invoke-Download -Path $MSERTPath -URL $DownloadURL\r\n    if($Download.ExitCode -ne 0){\r\n        Write-Host \"[Error] Failed to download MSERT please check that $DownloadURL is reachable!\"\r\n        exit 1\r\n    }\r\n\r\n    Write-Host \"Download Successful!\"\r\n\r\n    # Start the MSERT Scan with the parameters given.\r\n    Write-Host \"Initiating Scan\"\r\n    $Arguments = New-Object System.Collections.Generic.List[string]\r\n    if($ScanType -eq \"Full\"){\r\n        $Arguments.Add(\"\/F\")\r\n    }\r\n    $Arguments.Add(\"\/Q\")\r\n    $Arguments.Add(\"\/N\")\r\n\r\n    try{\r\n        # Run it with our specified timeout.\r\n        $TimeoutInSeconds = $Timeout * 60\r\n        $MSERTProcess = Start-Process -FilePath $MSERTPath -ArgumentList $Arguments -NoNewWindow -PassThru\r\n        $MSERTProcess | Wait-Process -Timeout $TimeoutInSeconds -ErrorAction Stop\r\n    }catch{\r\n        Write-Host \"[Alert] The Microsoft Safety Scanner exceeded the specified timeout of $Timeout minutes, and the script is now terminating.\"\r\n        $MSERTProcess | Stop-Process -Force\r\n        $TimedOut = $True\r\n        $ExitCode = 1\r\n    }\r\n    Write-Host \"Exit Code: $($MSERTProcess.ExitCode)\"\r\n\r\n    # If the report is missing, something has clearly gone wrong.\r\n    if(-not (Test-Path -Path $env:SYSTEMROOT\\debug\\msert.log)){\r\n        Write-Host \"[Error] The report from MSERT.exe is missing?\"\r\n        exit 1\r\n    }\r\n\r\n    # Get the contents of the MSERT log and error out if it's blank.\r\n    $Report = Get-Content -Path \"$env:SYSTEMROOT\\debug\\msert.log\"\r\n    if(-not $Report){\r\n        Write-Host \"[Error] The report from MSERT.exe is empty?\"\r\n        exit 1\r\n    }\r\n\r\n    # If threats are detected, send out the alert.\r\n    $Report | ForEach-Object {\r\n        if($_ -match \"No infection found\"){\r\n            $NoInfectionFoundTextPresent = $True\r\n        }\r\n\r\n        if($_ -match \"Threat Detected\" ){\r\n            $ThreatDetectedTextPresent = $True\r\n        }\r\n    }\r\n\r\n    \r\n    if(($ThreatDetectedTextPresent -or -not $NoInfectionFoundTextPresent) -and -not $TimedOut){\r\n        Write-Host \"[Critical] Infections found!\"\r\n    }elseif($ExitCode -ne 1 -and -not $TimedOut){\r\n        Write-Host \"[Success] Scan has completed no infections detected.\"\r\n    }\r\n\r\n    # Save to a custom field upon request.\r\n    if($CustomField){\r\n        try {\r\n            Write-Host \"Attempting to set Custom Field '$CustomField'.\"\r\n            Set-NinjaProperty -Name $CustomField -Value ($Report | Out-String)\r\n            Write-Host \"Successfully set Custom Field '$CustomField'!\"\r\n        }\r\n        catch {\r\n            if($_.Exception.Message){\r\n                Write-Host \"[Error] $($_.Exception.Message)\"\r\n            }\r\n\r\n            if($_.Message){\r\n                Write-Host \"[Error] $($_.Message)\"\r\n            }\r\n\r\n            $ExitCode = 1\r\n        }\r\n    }\r\n\r\n    # Send out the report to the activity log.\r\n    $Report | Write-Host\r\n\r\n    # Remove the old log file.\r\n    if(Test-Path -Path \"$env:SYSTEMROOT\\debug\\msert.log\"){\r\n        Remove-Item -Path \"$env:SYSTEMROOT\\debug\\msert.log\" -Force -ErrorAction SilentlyContinue\r\n    }\r\n\r\n    # Exit.\r\n    exit $ExitCode\r\n}\r\nend {\r\n    \r\n    \r\n     \r\n}<\/pre>\n
 <\/p>\n\n
<\/h2>
<\/p><\/div>
<\/a><\/div><\/div>\n
Description d\u00e9taill\u00e9e<\/h2>\n
Le script PowerShell fourni est con\u00e7u pour automatiser plusieurs t\u00e2ches cl\u00e9s li\u00e9es \u00e0 l’ex\u00e9cution de Microsoft Safety Scanner :<\/p>\n
    \n
  1. Traitement des param\u00e8tres<\/strong>\u00a0: Le script commence par d\u00e9finir des param\u00e8tres pour le type d’analyse (rapide ou compl\u00e8te), un d\u00e9lai d’attente et un champ personnalis\u00e9 facultatif dans lequel les r\u00e9sultats peuvent \u00eatre enregistr\u00e9s. Ces param\u00e8tres sont d\u00e9finis par d\u00e9faut, mais peuvent \u00e9galement \u00eatre remplac\u00e9s par des variables d’environnement, ce qui permet une utilisation flexible dans diff\u00e9rents sc\u00e9narios.<\/li>\n
  2. Configuration de l’environnement<\/strong>: Avant de poursuivre, le script v\u00e9rifie si l’utilisateur dispose des privil\u00e8ges administratifs n\u00e9cessaires. Sans cela, le script s’arr\u00eatera, ce qui garantit que seul le personnel autoris\u00e9 peut ex\u00e9cuter des analyses potentiellement perturbatrices.<\/li>\n
  3. T\u00e9l\u00e9chargement de fichiers<\/strong>: L’une des principales fonctions du script consiste \u00e0 t\u00e9l\u00e9charger la derni\u00e8re version de MSERT \u00e0 partir des serveurs de Microsoft. Cette op\u00e9ration est g\u00e9r\u00e9e par la fonction Invoke-Download, qui prend en charge les protocoles TLS 1.2 et 1.3 pour les connexions s\u00e9curis\u00e9es. La fonction tente de t\u00e9l\u00e9charger le fichier plusieurs fois pour tenir compte d’\u00e9ventuels probl\u00e8mes de r\u00e9seau ou de limitation du d\u00e9bit par le serveur.<\/li>\n
  4. Ex\u00e9cution de l’analyse<\/strong>: Une fois t\u00e9l\u00e9charg\u00e9, le script lance l’analyse \u00e0 l’aide des param\u00e8tres sp\u00e9cifi\u00e9s. Il peut effectuer une analyse rapide des emplacements d’exploitation courants ou une analyse compl\u00e8te du disque entier, selon le choix de l’utilisateur. L’analyse est effectu\u00e9e en mode silencieux afin de minimiser les interruptions.<\/li>\n
  5. R\u00e9sultats<\/strong>: Une fois l’analyse termin\u00e9e, le script traite le fichier journal g\u00e9n\u00e9r\u00e9 par MSERT. Il v\u00e9rifie si des menaces ont \u00e9t\u00e9 d\u00e9tect\u00e9es et affiche les r\u00e9sultats sur la console. Si cela est sp\u00e9cifi\u00e9, il enregistre \u00e9galement les r\u00e9sultats dans un champ personnalis\u00e9 de NinjaOne, qui peut \u00eatre utilis\u00e9 pour des analyses ou des rapports suppl\u00e9mentaires.<\/li>\n
  6. Nettoyage<\/strong>: Enfin, le script supprime l’ex\u00e9cutable MSERT t\u00e9l\u00e9charg\u00e9 et le fichier journal pour nettoyer le syst\u00e8me, en veillant \u00e0 ne pas laisser de fichiers inutiles.<\/li>\n<\/ol>\n
    Cas d’utilisation potentiels<\/h2>\n
    Imaginez un sc\u00e9nario dans lequel une entreprise MSP est responsable de la s\u00e9curit\u00e9 de centaines de terminaux chez plusieurs clients. Lancer manuellement des analyses de logiciels malveillants sur chaque machine prendrait beaucoup de temps et serait inefficace.<\/p>\n
    En d\u00e9ployant ce script sur tous les terminaux, l’entreprise MSP peut s’assurer que chaque syst\u00e8me est r\u00e9guli\u00e8rement analys\u00e9 \u00e0 la recherche de menaces, les r\u00e9sultats \u00e9tant automatiquement transmis \u00e0 sa console de gestion. Si une menace est d\u00e9tect\u00e9e, l’entreprise MSP peut r\u00e9agir rapidement, en minimisant les dommages potentiels et en maintenant un environnement s\u00e9curis\u00e9 pour ses clients.<\/p>\n
    Comparaisons<\/h2>\n
    L’approche utilis\u00e9e dans ce script contraste avec les m\u00e9thodes traditionnelles et manuelles d’ex\u00e9cution de Microsoft Safety Scanner. Normalement, un professionnel de l’informatique devrait t\u00e9l\u00e9charger MSERT, l’ex\u00e9cuter manuellement, puis examiner les r\u00e9sultats – des \u00e9tapes qui sont sujettes \u00e0 des oublis et \u00e0 des incoh\u00e9rences.<\/p>\n
    En automatisant le processus \u00e0 l’aide de PowerShell, le script garantit que les analyses sont effectu\u00e9es de mani\u00e8re uniforme et r\u00e9guli\u00e8re, ce qui r\u00e9duit le risque d’erreur humaine<\/a> et garantit que les protocoles de s\u00e9curit\u00e9 sont toujours respect\u00e9s.<\/p>\n
    Par rapport \u00e0 d’autres solutions automatis\u00e9es, telles qu’un logiciel antivirus complet avec protection en temps r\u00e9el, ce script offre une alternative l\u00e9g\u00e8re, \u00e0 la demande, qui peut \u00eatre int\u00e9gr\u00e9e dans des pratiques de s\u00e9curit\u00e9 plus grandes. Il est particuli\u00e8rement utile dans les environnements o\u00f9 il n’est pas possible ou n\u00e9cessaire d’installer un logiciel antivirus complet sur chaque machine.<\/p>\n
    FAQ<\/h2>\n
    1.\u00a0Que se passe-t-il si le script s’interrompt au cours d’une analyse ?<\/strong>
    \nSi l’analyse d\u00e9passe le d\u00e9lai sp\u00e9cifi\u00e9, le script met fin au processus et \u00e9met une alerte. Cela permet d’\u00e9viter que l’analyse ne s’ex\u00e9cute ind\u00e9finiment et n’affecte les performances du syst\u00e8me.<\/p>\n
    2.\u00a0Le script peut-il \u00eatre utilis\u00e9 sur d’anciennes versions de Windows ?<\/strong>
    \nLe script n\u00e9cessite au moins Windows 10 ou Server 2016. Les anciennes versions de Windows peuvent ne pas prendre en charge certaines des fonctionnalit\u00e9s utilis\u00e9es dans le script, telles que TLS 1.2\/1.3 ou certaines cmdlets PowerShell.<\/p>\n
    3.\u00a0Comment le script g\u00e8re-t-il les probl\u00e8mes de r\u00e9seau pendant le t\u00e9l\u00e9chargement ?<\/strong>
    \nLa fonction Invoke-Download comprend plusieurs tentatives de t\u00e9l\u00e9chargement de l’ex\u00e9cutable MSERT. Si le t\u00e9l\u00e9chargement \u00e9choue apr\u00e8s plusieurs tentatives, le script affiche une erreur et se termine.<\/p>\n
    4.\u00a0Est-il possible d’ex\u00e9cuter ce script en toute s\u00e9curit\u00e9 dans un environnement de production ?<\/strong>
    \nOui, le script est con\u00e7u dans un souci de s\u00e9curit\u00e9, notamment en v\u00e9rifiant les privil\u00e8ges d’administration et en traitant avec soin les erreurs potentielles. Toutefois, il est toujours recommand\u00e9 de tester les scripts dans un environnement contr\u00f4l\u00e9 avant de les d\u00e9ployer \u00e0 grande \u00e9chelle.<\/p>\n
    Implications<\/h2>\n
    Les r\u00e9sultats de ce script peuvent avoir des cons\u00e9quences importantes pour la s\u00e9curit\u00e9 informatique. En automatisant la recherche de logiciels malveillants<\/a>, les \u00e9quipes informatiques peuvent s’assurer que les syst\u00e8mes sont r\u00e9guli\u00e8rement contr\u00f4l\u00e9s pour d\u00e9tecter les menaces, r\u00e9duisant ainsi le risque d’infections non d\u00e9tect\u00e9es. Cette approche proactive de la s\u00e9curit\u00e9 peut contribuer \u00e0 pr\u00e9venir les violations de donn\u00e9es<\/a> et autres incidents de s\u00e9curit\u00e9, qui peuvent avoir de graves cons\u00e9quences pour les entreprises, notamment des pertes financi\u00e8res et une atteinte \u00e0 leur r\u00e9putation.<\/p>\n
    Recommandations<\/h2>\n
    Lors de l’utilisation de ce script, il est important de suivre les bonnes pratiques suivantes :<\/p>\n