Habitat Microsoft Safety Scanner

Detailed descriptions and imagery explaining each tool available inside Habitat. Feel free to post feature requests under each tools forum post if you would like to see something added or changed in the tools.
Post Reply
User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Habitat Microsoft Safety Scanner

Post by Cubert »

New in Habitat build 1.0.0.79, Habitat MS Safety Scanner Tool.

The Microsoft Safety Scanner, formerly Emergency Response Tool is now fully integrated into ConnectWise Automate.

Microsoft Safety Scanner is a scan tool designed to find and remove malware from Windows computers. Simply Run scans to find malware and try to reverse changes made by identified threats.

Safety Scanner helps remove malicious software from computers running Windows 10, Windows 10 Tech Preview, Windows 8.1, Windows 8, Windows 7, Windows Server 2019, Windows Server 2016, Windows Server Tech Preview, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, or Windows Server 2008.

As with most Habitat tools that have some automation, there is a global enable/disable switch in the main Habitat consoles Automated Services manager tool. You will need to enable the service before automated services are available.
Automated services will scan, repair or both when configured to do so at the Client consoles. Each client must be configured to scan or repair independently of the global automation. Visit each Client console to allow automation to scan the agents of the client. Just turning on the global automation services will not start scans on agents. Each client will need to be configured to allow scans and or repairs to a given agent. Disabling the global services will stop all automation for this tool across all clients but will not stop manual scans and repairs.

MS_Safety_Scan_GlobalEnable.PNG
MS_Safety_Scan_GlobalEnable.PNG (47.98 KiB) Viewed 6365 times


Client Console Tool Interface
MS_Safety_Scan_Client_Console_explained.PNG
MS_Safety_Scan_Client_Console_explained.PNG (54.75 KiB) Viewed 6365 times

Select an agent and then right click that agent to reveal menu of functions.
  • Open Console - Opens agent console
  • Enable Agent - Allow automated daily scans of the agent (Green is ON / Red is Off)
  • Auto Repair Agent - If previous scan reports errors then next scan would run the repair flag for MSERT (Green is On / Red is Off)
  • View Last Scan Log - Displays the last scan results from agent
  • Scan Now - Schedule a script to scan agent now
  • Repair Now - Schedule a script to run the repair function from MSERT now
You can monitor both the script and commands viewers from the agent console to see how and what the MSERT.exe returns if you need to trouble shoot an issue with an agent scanning.

The Client Console tool view shows each Microsoft agent and its current status by scan date. It shows the current configuration of an agent along with its current alarm status.

Alarm Status (Red is bad), You want to see green dots on each agent and a resent scan date. When an Alarm is good the expected log should look like the following image.

MS_Safety_Scan_Log_Viewer-clean.PNG
MS_Safety_Scan_Log_Viewer-clean.PNG (18.51 KiB) Viewed 6365 times


When the Alarm dot is red for an agent then view log should explain what it sees wrong.

MS_Safety_Scan_Log_Viewer-Alarm.PNG
MS_Safety_Scan_Log_Viewer-Alarm.PNG (25.97 KiB) Viewed 6365 times

You can manually and with Automation both scan and repair agents using the MSERT tool and its fully integrated into your Automate environment.

mwilhelmi
Posts: 37
Joined: Thu Nov 19, 2020 7:16 am
3

Re: Habitat Microsoft Safety Scanner

Post by mwilhelmi »

Hi,

really nice feature, but we have users complaining about performance impact during the scan.
Can we shedule when the scan runs and how often?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Microsoft Safety Scanner

Post by Cubert »

Let me have a look at that.

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Microsoft Safety Scanner

Post by Cubert »

Ok so how it currently works is,

Automate fires this service off twice a day, 12 AM and around 1 pm daily for any agent online.

If agent is enabled it will send a simple scan request to agent to verify current status, If Auto Repair is turned on then it will attempt the fix for what ever issue was reported.

What I can do for the short term is place another option to prevent the 1PM scan so instead of twice a day its only once and at 12 AM.

The draw back to this will be offline agents will not get scanned or repaired, but it offers some control over script schedules.

I will look at adding in a more robust scheduler in future versions.

mwilhelmi
Posts: 37
Joined: Thu Nov 19, 2020 7:16 am
3

Re: Habitat Microsoft Safety Scanner

Post by mwilhelmi »

Hi, any updates on sheduling the scans?

User avatar
Cubert
Posts: 2430
Joined: Tue Dec 29, 2015 7:57 pm
8
Contact:

Re: Habitat Microsoft Safety Scanner

Post by Cubert »

I have not worked on this yet.

I can give you a work around for the current builds of Habitat.


image1.png
image1.png (142.25 KiB) Viewed 3531 times
Turn off the automated safety scanner automation. This will stop all automated scans of agents globally.



image2.png
image2.png (112.66 KiB) Viewed 3531 times

Next find, copy and edit the Habitat MS Safety Scanner script. Name it what you like.



image3.png
image3.png (58.27 KiB) Viewed 3531 times

Uncheck the Function Script check box so you can see the script.



image4.png
image4.png (27.46 KiB) Viewed 3531 times

Select the global and Params tab and add the "MYCMD" parameter. When you schedule the script you will need to pass the "SCAN" as the variable "MYCMD"



Save your script file and reload your Systems cache.


Next find the client you want to schedule and select client, select scripts, find your script name from scripts list and schedule it to run how you would like it to run. This will only effect the automated scanning function. All other features will continue to work as described.

You will however now need to schedule all clients/locations/agents you want to scan as Automation for scanning is off.

To get the value from the plugin functions I would stay with at least a weekly schedule. You can push it out to monthly but may be putting yourself at more risk with little to no extra benefit.
Attachments
image5.png
image5.png (26.75 KiB) Viewed 3531 times

Post Reply

Return to “Habitat Documentation Forum”