ePO App: Get Sample - Collect and upload files from target systems

Version 2

    GETSAMPLE  is an app that allows the collection of suspicious file(s) from 1 or more managed systems using the Mcafee Agent. The app creates a password protected .zip file of the targeted file(s)(password is “infected”).  The .zip file is placed in the c:\quarantine directory and is copied to a network share if specified.

     

    To Use:

     

    1. Check the package into your Master Repository and replicate as required:

    2. Create a McAfee Agent product deployment task using the GETSAMPLE package and specify the arguments that will be passed to script.


    Usage:

    Get Sample uses 3 parameters

    1 – Name of the output .zip file.

    2 – Full path to file(s) use 8.3notation

    3 – Network share where .zip is tobe copied. (optional)

     

    These parameters are placed in the command line options of the deployment task.

     

    For Example:

     

                   Parameter1                                                      Parameter 2                                                      Parameter 3

    %computername%_SR12345678.zip C:\Docum~1\imabaduser2\Local~1\temp\*.exe \\33-epo-45\sample$

     

     

    getsample.png

     

    This zips up all .exe files from the imabaduser’s temp directory and copies the output .zip file to the defined share. 

     

    Note:

    If using a share it must be a null share since the user account accessing the share is local system account.

     

    Setting up null share on windows2003:  http://support.bigfix.com/bes/misc/null_session_share.html