Another from the archives.
Ok Firstly thanks to Mark Berry from MCB Systems for the idea checking the registry.
The problem was checking if CryptoPrevent was already applied as the Local System bypasses the software policy restrictions so it would always think its not applied.
This version of the script checks the registry to see if the entry exists to verify if crypto locker is applied.Every time the script is called it will check the version on the FoolishIT website and auto-update to the latest version.
Please note that the portable version does NOT include all the features (like definition updates) as is contained within the Premium Version
<# .Synopsis Download and apply CryptoPrevent. Automatically check for updates and download and install if nessacary. Copyright (c) 2014 by JCPIT. All rights reserved. Free for personal or commercial use. May not be sold. No warranties. Use at your own risk. .Notes Name: JCPIT.CryptoPrevent.ps1 Author: Jake Paternoster, JCPIT Support (jcpit.com.au) Created: 19/11/2014 Last Edit: 20/11/2014 Version: 1.3 Version History: 1.0 - 19/11/2014 ============================================================== Initial Release 1.1 - 19/11/2014 ============================================================== FIX: Problem with TestCryptoPrevent Function 1.2 - 20/11/2014 ============================================================== FIX: Delete Files if already exist before downloading new ones. CHANGE: The order in which the updates are checked. CHANGE: Simplified Checking for CryptoPrevent Registry Entries CHANGE: Removed TestCryptoPrevent Function and moved inline CHANGE: Break out Download & Install code into InstallCryptoPrevent 1.3 - 20/11/2014 ============================================================== CHANGE: Code Refactoring #> $CPURL = "http://download.foolishit.com/CryptoPrevent.zip" $CryptoPreventOptions = '/apply /silent /appdata /appdatadeep /appdatalocal /programdata /userprofile /startup /bin /syskey /cipher /vssadmin /fakeexts /whitelist' $webClient = New-Object -TypeName System.Net.WebClient $AgentPath = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0] If (Test-Path -Path "$AgentPath\Advanced Monitoring Agent") { $AgentPath = "$AgentPath\Advanced Monitoring Agent" } ElseIf (Test-Path -Path "$AgentPath\Advanced Monitoring Agent GP") { $AgentPath = "$AgentPath\Advanced Monitoring Agent GP" } Else { Write-Host -Object 'Agent Path Not Found' } function Expand-ZIPFile($file, $destination) { $shell = New-Object -ComObject shell.application $zip = $shell.NameSpace($file) $copyFlags = 0x00 $copyFlags += 0x04 $copyFlags += 0x10 foreach($item in $zip.items()) { $shell.Namespace($destination).copyhere($item, $copyFlags) } } function Install-Cryptoprevent() { Write-Host 'Downloading CryptoPrevent.zip...' If (Test-Path -Path "$AgentPath\CryptoPrevent.zip") { Remove-Item -Path "$AgentPath\CryptoPrevent.zip" } If (Test-Path -Path "$AgentPath\CryptoPrevent.exe") { Remove-Item -Path "$AgentPath\CryptoPrevent.exe" } If (Test-Path -Path "$AgentPath\CryptoPreventTestCLI.exe") { Remove-Item -Path "$AgentPath\CryptoPreventTestCLI.exe" } $webClient.DownloadFile($CPURL, "$AgentPath\CryptoPrevent.zip") Write-Host 'Extracting Archive...' Expand-ZIPFile -File "$AgentPath\CryptoPrevent.zip" -Destination "$AgentPath" Write-Host 'Applying CryptoPrevent' Start-Process -FilePath "$AgentPath\CryptoPrevent.exe" -ArgumentList "$CryptoPreventOptions" -NoNewWindow -Wait Write-Host 'CryptoPrevent Installed! Please Restart to take effect.' } If (Test-Path -Path "$AgentPath\CryptoPrevent.exe") { # Check for latest version $PageData = $webClient.DownloadString('https://www.foolishit.com/vb6-projects/cryptoprevent/') $array = $PageData -split 'Current Version: ' $array = $array[1] -split 'released ' $LatestCPVersion = $array[0] -replace '[^\u0000-\u007F]' $InstalledCPVersion = [System.Diagnostics.FileVersionInfo]::GetVersionInfo('C:\Program Files (x86)\Advanced Monitoring Agent\CryptoPrevent.exe').FileVersion Write-Host 'Latest version is '$LatestCPVersion Write-Host 'Installed Version is '$InstalledCPVersion If ([version]$LatestCPVersion -gt [version]$InstalledCPVersion) { Write-Host 'A new version of CryptoPrevent is avaliable!' Install-Cryptoprevent } Else { $Keys = Get-ChildItem -Path HKLM:SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths | Where-Object -FilterScript { $_.GetValue('Description') -eq 'CryptoLocker Prevention' } if ($Keys -ne $null -and $Keys.Count -gt 0) { Write-Host 'CryptoPrevent is already Applied!' } Else { Write-Host 'Re-Applying Cryptoprevent...' Start-Process -FilePath "$AgentPath\CryptoPrevent.exe" -ArgumentList "$CryptoPreventOptions" -NoNewWindow -Wait Write-Host 'CryptoPrevent Installed! Please Restart to take effect.' } } } Else { Install-Cryptoprevent }