Find application boolem

Th3C00k1M0nst3r · December 2, 2020, 11:33pm

Im not sure which way to go about this. but, it seems like we have problems with the reporting server. data seems screwed up. so I’m tailoring a script that:

has MBAM or Bitcloker encrypted without MBAM or Sophos
if it finds a Laptop without encryption TAG it and resolves it.

If ($deploymentType -ine 'Uninstall' -and $deploymentType -ine 'Repair') {
		##*===============================================
		##* PRE-INSTALLATION
		##*===============================================
		[string]$installPhase = 'Pre-Installation'

		## Show Welcome Message, close Internet Explorer if required, allow up to 3 deferrals, verify there is enough disk space to complete the install, and persist the prompt
		#Show-InstallationWelcome -CloseApps 'iexplore' -AllowDefer -DeferTimes 3 -CheckDiskSpace -PersistPrompt

		## Show Progress Message (with the default message)
		#Show-InstallationProgress

		## <Perform Pre-Installation tasks here>
        manage-bde -status C: > C:\MBAM_Status.txt

		##*===============================================
		##* INSTALLATION
		##*===============================================
		[string]$installPhase = 'Installation'

		## Handle Zero-Config MSI Installations
		If ($useDefaultMsi) {
			[hashtable]$ExecuteDefaultMSISplat =  @{ Action = 'Install'; Path = $defaultMsiFile }; If ($defaultMstFile) { $ExecuteDefaultMSISplat.Add('Transform', $defaultMstFile) }
			Execute-MSI @ExecuteDefaultMSISplat; If ($defaultMspFiles) { $defaultMspFiles | ForEach-Object { Execute-MSI -Action 'Patch' -Path $_ } }
		}

		## <Perform Installation tasks here>
##########################################################################################################################################################################
##########################################################################################################################################################################
##########################################################################################################################################################################

If(Get-InstalledApplication -Name 'Sophos')
    {
        Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
    }
ElseIf (Get-InstalledApplication -Name 'MBAM GUID') -OR (Get-InstalledApplication -Name 'MBAM GUID patched')
    {
        foreach($line in Get-Content C:\MBAM_Status.txt){
        if($line -match "Protection Status:    Protection On")
            {
                Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
                
            }
            elseif ($line -match "Protection Status:    Protection Off")
            {
                 Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
                
            }
            }
    }
Else
    {
    }
##########################################################################################################################################################################
##########################################################################################################################################################################
##########################################################################################################################################################################
		##*===============================================
		##* POST-INSTALLATION
		##*===============================================
		[string]$installPhase = 'Post-Installation'

		## <Perform Post-Installation tasks here>

		## Display a message at the end of the install
		#If (-not $useDefaultMsi) { Show-InstallationPrompt -Message 'You can customize text to appear at the end of an install or remove it completely for unattended installations.' -ButtonRightText 'OK' -Icon Information -NoWait }
	}

I think I broke it somewhere. not sure where. plus I don’t think that works as intended. I saw a Get-Registrykey but that means I would have to know all the versions of sopho’s GUID which I don’t have.

am I crazy to try to do this? >.<

luki1412 · December 4, 2020, 3:31pm

You are missing a pair of brackets for elseif. Heres the fixed one:

If (Get-InstalledApplication -Name 'Sophos')
{
    Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
}
ElseIf ((Get-InstalledApplication -Name 'MBAM GUID') -OR (Get-InstalledApplication -Name 'MBAM GUID patched'))
{
    foreach ($line in (Get-Content C:\MBAM_Status.txt)) 
    {
        if ($line -match "Protection Status:    Protection On")
        {
            Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
        }
        elseif ($line -match "Protection Status:    Protection Off")
        {
            Set-RegistryKey -Key 'HKLM:\System\COOKIE\Encryption' -Name 'ProtectionStatus' -Type String -Value '1'
        }
    }
}
Else
{
    
}

Hard to say whether your method is correct because I dont use Sophos but you need to find something consistent across all version and test for that. If there are many GUIDs then you can loop through all entries in the Uninstall key and check all Names whether its what you are looking for. You can also test for a file on the disk and get file info from it and check that.

Topic		Replies	Views
Potentially useful Dynamic Uninstall Script Logic Tips & Tricks	1	1112	February 20, 2022
Dynamic Uninstall Complete Deployment Scripts	3	3807	October 5, 2017
Getting RegKey Info and Formatting General Discussion	2	223	March 30, 2023
Stop install if specific version is installed General Discussion	8	3463	January 26, 2021
Uninstall exe if exists before installing newer version General Discussion	2	947	January 18, 2022

Find application boolem

Related Topics