Another from the archives.

Ok Firstly thanks to Mark Berry from MCB Systems for the idea checking the registry.

The problem was checking if CryptoPrevent was already applied as the Local System bypasses the software policy restrictions so it would always think its not applied.
This version of the script checks the registry to see if the entry exists to verify if crypto locker is applied.

Every time the script is called it will check the version on the FoolishIT website and auto-update to the latest version.
Please note that the portable version does NOT include all the features (like definition updates) as is contained within the Premium Version

<#
    .Synopsis
    Download and apply CryptoPrevent.
    Automatically check for updates and download and install if nessacary.
        
    Copyright (c) 2014 by JCPIT. All rights reserved.
    Free for personal or commercial use.  May not be sold.
    No warranties.  Use at your own risk.
 
    .Notes 
    Name:       JCPIT.CryptoPrevent.ps1
    Author:     Jake Paternoster, JCPIT Support (jcpit.com.au)
    Created:    19/11/2014
    Last Edit:  20/11/2014
    Version:    1.3
    Version History:

    1.0 -  19/11/2014
    ==============================================================
    Initial Release
    
    1.1 - 19/11/2014
    ==============================================================
    FIX: Problem with TestCryptoPrevent Function

    1.2 - 20/11/2014
    ==============================================================
    FIX: Delete Files if already exist before downloading new ones.
    CHANGE: The order in which the updates are checked.
    CHANGE: Simplified Checking for CryptoPrevent Registry Entries
    CHANGE: Removed TestCryptoPrevent Function and moved inline
    CHANGE: Break out Download & Install code into InstallCryptoPrevent

    1.3 - 20/11/2014
    ==============================================================
    CHANGE: Code Refactoring

#>

$CPURL = "http://download.foolishit.com/CryptoPrevent.zip"
$CryptoPreventOptions = '/apply /silent /appdata /appdatadeep /appdatalocal /programdata /userprofile /startup /bin /syskey /cipher /vssadmin /fakeexts /whitelist'

$webClient = New-Object  -TypeName System.Net.WebClient
$AgentPath = (${env:ProgramFiles(x86)}, ${env:ProgramFiles} -ne $null)[0]

If (Test-Path  -Path "$AgentPath\Advanced Monitoring Agent") 
{
    $AgentPath = "$AgentPath\Advanced Monitoring Agent"
}
ElseIf (Test-Path  -Path "$AgentPath\Advanced Monitoring Agent GP") 
{
    $AgentPath = "$AgentPath\Advanced Monitoring Agent GP"
}
Else 
{
    Write-Host  -Object 'Agent Path Not Found'
}

function Expand-ZIPFile($file, $destination)
{
    $shell = New-Object -ComObject shell.application
    $zip = $shell.NameSpace($file)

    $copyFlags = 0x00
    $copyFlags += 0x04
    $copyFlags += 0x10
    
    foreach($item in $zip.items())
    {
        $shell.Namespace($destination).copyhere($item, $copyFlags)
    }
}

function Install-Cryptoprevent()
{
    Write-Host 'Downloading CryptoPrevent.zip...' 

    If (Test-Path  -Path "$AgentPath\CryptoPrevent.zip") 
    {
        Remove-Item  -Path "$AgentPath\CryptoPrevent.zip" 
    }
    If (Test-Path  -Path "$AgentPath\CryptoPrevent.exe") 
    {
        Remove-Item  -Path "$AgentPath\CryptoPrevent.exe" 
    } 
    If (Test-Path  -Path "$AgentPath\CryptoPreventTestCLI.exe") 
    {
        Remove-Item  -Path "$AgentPath\CryptoPreventTestCLI.exe" 
    }

    $webClient.DownloadFile($CPURL, "$AgentPath\CryptoPrevent.zip")
    
    Write-Host 'Extracting Archive...'
    Expand-ZIPFile -File "$AgentPath\CryptoPrevent.zip" -Destination "$AgentPath"

    Write-Host 'Applying CryptoPrevent'
    Start-Process -FilePath "$AgentPath\CryptoPrevent.exe" -ArgumentList "$CryptoPreventOptions" -NoNewWindow -Wait
    Write-Host 'CryptoPrevent Installed! Please Restart to take effect.'
}

If (Test-Path  -Path "$AgentPath\CryptoPrevent.exe") 
{
    # Check for latest version
    $PageData = $webClient.DownloadString('https://www.foolishit.com/vb6-projects/cryptoprevent/')

    $array = $PageData -split 'Current Version: '
    $array = $array[1] -split 'released '

    $LatestCPVersion = $array[0] -replace '[^\u0000-\u007F]'
    $InstalledCPVersion = [System.Diagnostics.FileVersionInfo]::GetVersionInfo('C:\Program Files (x86)\Advanced Monitoring Agent\CryptoPrevent.exe').FileVersion 

    Write-Host 'Latest version is '$LatestCPVersion
    Write-Host 'Installed Version is '$InstalledCPVersion

    If ([version]$LatestCPVersion -gt [version]$InstalledCPVersion) 
    {
        Write-Host 'A new version of CryptoPrevent is avaliable!'
        Install-Cryptoprevent
    }
    Else 
    {
        $Keys = Get-ChildItem  -Path HKLM:SOFTWARE\Policies\Microsoft\Windows\safer\codeidentifiers\0\Paths | Where-Object  -FilterScript {
            $_.GetValue('Description') -eq 'CryptoLocker Prevention' 
        } 
    
        if ($Keys -ne $null -and $Keys.Count -gt 0) 
        {
            Write-Host 'CryptoPrevent is already Applied!'
        }
        Else 
        {
            Write-Host 'Re-Applying Cryptoprevent...'
            Start-Process -FilePath "$AgentPath\CryptoPrevent.exe" -ArgumentList "$CryptoPreventOptions" -NoNewWindow -Wait
            Write-Host 'CryptoPrevent Installed! Please Restart to take effect.'
        }
    }
}
Else 
{
    Install-Cryptoprevent
}