Flu Shot
It’s the art of avoiding being sick by pricking yourself regularly in the hopes that you may dodge a bullet!
The plugin on the other hand,
In comes “Flu Shot” for LabTech, A no install AV and Malware scanner using the Emsisoft Command line Scanner – Version 9.0 to scan a PC on a set schedule and to clean off the PC if anything was found. After each scan you can see the results of that scan in the LabTech plugin visible in the computer console.
In the first version you can launch scans manually from the console or schedule the Give PC A Flu Shot on a system or a group. The Send the Nurse Over script is just a worker script launched by the Give PC A Flu Shot, do not schedule or execute this script alone. (It just won’t do anything useful) Import the scripts, then using the plugin manage under the help menu of your LabTech console, you can upload the plugin and activate it. Make sure the scripts go to the correct folders in Labtech then start scanning systems.
The script will cause the scanner to update all AV defs to current status, runs a full system scan on PC, finds and removes all threats. Reports back to LabTech (on average in 1 hour) then finds and loads results of the scans. You will see in the display all the scans, how many files were scanned, how long scan took, and what was found and what was deleted.
New in Version 1.1.
We now added the ability to setup custom scanning configs, selecting a system you can modify the scan policy for that system from the Flu Shot Tab. We also now save and display the actual log files from the scanner based on log time under the new Logs tab of the Flu Shot Plugin.
New in Version 1.2
Several bug fixes and improved scripts, Oh yea we also added in help documentation so you can get all the help you need with managing FluShot.
New in Version 1.2.1
We added a new Client Tab that provided a overview of the scan history for all computers the are under the client. We added the ability to export that view as a report in Excel. We added a few more nurse checks for long running scans and now do now force the download of the scanner if a local copy exists. This will prevent some of the download denials we have seen when a lot of systems scan at same time.
New in Version 1.3.1
We added a new sub tab for “Quick Scans” that will allow you to run a quick interactive scan and see the results in the terminal provided. We added UK time support to the Nurse collection scripts and corrected several issues in the scripts and console.
Flu Shot Version 1.3.3
Please comment here how it works for you so we know if we need to fix anything.
Great work! Small issue I am having–logs do not get published. I can see the scan running, but ultimately the logs tab is empty.
Any thoughts?
Awesome additions. I installed the new version today and am getting errors immediately when I select the FluShot tab:
Error-> Object reference not set to an instance of an object.
This pops up twice then goes aways.
Go to the config tab and save a config? Does error stop? You also maybe missing tables that are not creating as they should.
See if you have 3 tables for the plugin.
plugin_sw_flushot_config
plugin_sw_flushot_logs
plugin_sw_flueshot_screenings
You maybe missing 2 tables.
Here is SQL to create missing tables.
CREATE TABLE `plugin_sw_flushot_logs` ( `ClientID` int(11) NOT NULL, `ComputerID` int(11) NOT NULL, `Logs` longtext, `LogDate` varchar(45) NOT NULL, PRIMARY KEY (`ComputerID`,`LogDate`)) ENGINE=InnoDB DEFAULT CHARSET=utf8
CREATE TABLE `plugin_sw_flushot_config` ( `ClientID` int(11) NOT NULL, `ComputerID` int(11) NOT NULL, `ScanType` varchar(45) DEFAULT NULL, `RK` varchar(8) DEFAULT NULL, `MEM` varchar(8) DEFAULT NULL, `TRACE` varchar(8) DEFAULT NULL, `COOKIES` varchar(8) DEFAULT NULL, `PUP` varchar(8) DEFAULT NULL, `ZIP` varchar(8) DEFAULT NULL, `NTFS` varchar(8) DEFAULT NULL, `AC` varchar(8) DEFAULT NULL, `FileAction` varchar(45) DEFAULT NULL, `NurseCheck` int(11) DEFAULT NULL, PRIMARY KEY (`ComputerID`)) ENGINE=InnoDB DEFAULT CHARSET=utf8
execute each SQL statement in SQLYlog on the LT server. For some odd reason the code is not being executed in the plugin correctly. I will look in to this in next release.
Thanks you sir. Dead on…two tables did not create. I’m rocking and rolling now. Thanks for all your assistance and contributions.
Any thoughts on not being to view the logs?
Manny do you see entry in the Scan Tab? if so there should be a log for that scan.
Some scans take hours to run and may cause the pickup script to time out before the system returns data. Retry running a scan, if a previous log file now exists we will process that file first then rescan system. You will then see (after processing) the older log scan dates and information.
You can also sit on PC and manually run scan and what for the a2cmd process to start and then finish on PC. look to see if a antimalware.log file was produced in c:\windows\ltsvc\emsisoft\
if its there do you see that the “Nurse” is still scheduled to run again in the scripts tab. If so it should pickup log file. if not we timed out some where. Send me all the script log history showing the entire scan process and Nurse script schedule and executions.
I will look over logs and see what the script was doing and what was returned.
Hello,
I am not seeing the flushot config tab.
the plugin is active and it shows under workstations. I can run scripts but they fail in line 11 (batch file) i am assuming there are configs i should make in the tab before this. Any thoughts on the tab? maybe im just looking in the wrong places.
Does your version say 1.1 ?
The tab should be there in V1.1
Ok we just released version 1.2.1 that now includes several fixes and new client tab with Excel reporting
I get an Error -> There is no row at position 0 when I try to Run Scan
I reimported the scripts and it works fine now
Just installed the plugin and it is showing as active in plugins but I do not see any evidence it is there under scripts or anywhere else. I checked and the (3) FluShot tables are there. Am I missing something?
Thanks,
Jason
Flue shot should show up under each computer console in Labtech as A TAB.
You should also have a flushot scripts folder with several scripts in it. Try searching scripts fro “Give PC A FluShot”to see where LT imported scripts to. Then just move them to the correct folder.
You may also need to restart the LT console after loading plugins. It some times needs a full refresh to load new plugins.
Cubert
Hi
Is there a place to setup a default scan config for all computers – or do I need to edit the script – seems line 99 is the place to do this.
Thanks
Vaughn
On line 37 We check if a config was found, if row count = 0 we goto AddConfig on line 98 which should add a default config of
Scan type = Smart
With Root kit and PUP and a few other minor settings but looking at code I see a bug.
I forgot to add to the SQL insert the columns to update so line 99 fails for all .
I am updating the script now to fix. Will release a new version in a day or so after testing.
Anyone reading this can just change the SQL statement to:
INSERT INTO plugin_sw_flushot_config (`ClientID`,
`ComputerID`,
`ScanType`,
`RK`,
`MEM`,
`TRACE`,
`COOKIES`,
`PUP`,
`ZIP`,
`NTFS`,
`AC`,
`FileAction`,
`NurseCheck`) Values (%clientid%, %computerid%, ‘Smart’,’True’,’True’,’False’,’True’,’True’,’False’,’False’,’False’,’Quarantine’,0)
Is there a way to have it only report on what it finds and not quarantine or delete?
Would hate for some sort of false positive to happen and major issues occur
We just launched a major version update, Version 1.3.1 is now available for download and adds several new features and bug fixes.
UK time support is now added and a new interactive quick scan.
Still not seeing logs, nor does the processes tab in LT show the exe running. Any tips?
Thank you for your efforts to help guys like us, unfortunately my install is not working-
Flushot 1.3.1, Error -> there is no row at position 0.
Do you have a resolution to this?
Thank you.
Phil, if you run the quick scan does it produce an output? If so then relaunching main scan and allow it to complete, may take several hours based of files and system speed. Wait for the nurse to be scheduled as that script is the script that grabs the log files..
Vince,
Sounds like your missing a SQL table. You should have 3 tables
#1 plugin_sw_flushot_config
#2 plugin_sw_flushot_logs
#3 plugin_sw_flushot_screenings
Can you verify all 3 exist?
Love the plugin. IS there a way to include the scan results into a LT report or is there a report default that we can send to a client?
We have a couple of Win7 Desktops crash to blue screen when FluShot runs. I have logs and information that I can send and not in the public domain.
Having an issue when running this via LT. I keep getting “No log files found,” which means we don’t see a result. Any ideas or advice?
NM – figured out it won’t run on servers without a license. 🙂
Plugin works- got through the other errors mentioned with the 3 tables but when trying to deploy I get this:
The script(5910) failed in the THEN section at step 12
Start Deploy FluShot
IF True Parameter1: Parameter2: Parameter3: Time Taken: 39324.5488
L1 Script Note Parameter1: #Lets prepare for a scan Parameter2: Parameter3: Time Taken: 39324.6488
L3 Folder Create Parameter1: c:\windows\ltsvc\FluShot Parameter2: Parameter3: Time Taken: 39324.8488
L4 Folder Create Parameter1: C:\windows\LTSvc\FluShot\Quara Parameter2: Parameter3: Time Taken: 39330.9498
L5 Script Note Parameter1: # Lets see if the Emsisoft sca Parameter2: Parameter3: Time Taken: 39335.0508
L6 IF File Check Parameter1: C:\Windows\LTSvc\FluShot\a2cmd Parameter2: 0 Parameter3: Time Taken: 39335.1508
L7 IF File Check Parameter1: c:\windows\ltsvc\FluShot\a2cmd Parameter2: 0 Parameter3: :GRAB7ZIP Time Taken: 39339.2518
L12 File Download Parameter1: Software\7za.exe Parameter2: c:\windows\ltsvc\FluShot\7za.e Parameter3: Time Taken: 39341.3528
THis is due to the fact that you are failing to see the 7za.exe file under your http:://ltserveraddress/labtech/transfer/software directory. Make sure to move any files like 7za.exe to the directories that the scripts are looking for the files in.
Hi,
I installed it, and got the object not defined error twice. I ran the two sql commands above, and now the error comes in only once. I think it is about the config table because the parameters dont save. I am using labtech 10 if that makes a difference.
Thank you
Should restart the LT DBagent before using plugin, this will create the tables and prep the plugin
How do i enter this statement in my LT Server, kinda lost.
CREATE TABLE `plugin_sw_flushot_logs` ( `ClientID` int(11) NOT NULL, `ComputerID` int(11) NOT NULL, `Logs` longtext, `LogDate` varchar(45) NOT NULL, PRIMARY KEY (`ComputerID`,`LogDate`)) ENGINE=InnoDB DEFAULT CHARSET=utf8
CREATE TABLE `plugin_sw_flushot_config` ( `ClientID` int(11) NOT NULL, `ComputerID` int(11) NOT NULL, `ScanType` varchar(45) DEFAULT NULL, `RK` varchar(8) DEFAULT NULL, `MEM` varchar(8) DEFAULT NULL, `TRACE` varchar(8) DEFAULT NULL, `COOKIES` varchar(8) DEFAULT NULL, `PUP` varchar(8) DEFAULT NULL, `ZIP` varchar(8) DEFAULT NULL, `NTFS` varchar(8) DEFAULT NULL, `AC` varchar(8) DEFAULT NULL, `FileAction` varchar(45) DEFAULT NULL, `NurseCheck` int(11) DEFAULT NULL, PRIMARY KEY (`ComputerID`)) ENGINE=InnoDB DEFAULT CHARSET=utf8
Thank you for your great work !!
I would like to write about 2 points:
– There is no option like (Clean Quarantine), so i created a simple script for that.
– If for any reason the .ZIP file is corrupted, the script (If exist) will not download it again, and will try to unzip it with no success, then the script will fail.. I’m thinking that we can change it to force download , or add few lines to check the size if correct
– I noted also that there is no notification when it finish scanning, I dont like waiting in usual 🙂 continue looking in script tab, or log, waiting the end of scan is not likable for me, for that reason I’ve created a monitor to notify me by email that the scan done IF it found threats,
after that i added in additional condition, IF Found=Removed . send faild after success
just want to share this idea.
thanks again
Hi! I am having trouble getting the logs to produce properly after scanning a machine. I looked at the recommendation you gave above but it doesn’t seem to have helped, and I wasn’t able to find any log files. Any suggestions?
Thanks!
@Melanie
If the machine is Server it won’t work without a license, because FluShot installs FREE AV tool from http://www.emsisoft.com/en/software/cmd/
I’ve been explloring for a bbit for any high quality articles or blog posts on this sort of
space . Exploring in Yahoo I ultimately stumblled upon this website.
Readiong this information So i am safisfied to convey that I have an incredibly just right uncanny feeling I
came upon exasctly what I needed. I so much for sure
will make sure to do not overlook this webxite and provides it a glance
regularly.
Will this work with LT 10.5?
Has anyone noticed that google chrome is crashing due to a scan on this. How can I exclude from being scanned.
C:Program FilesGoogleChromeApplication56.0.2924.87chrome_elf.dll detected: Gen:Variant.Symmi.17791 (B)
C:Program FilesGoogleUpdateDownload{8A69D345-D564-463C-AFF1-A69D9E530F96}56.0.2924.8756.0.2924.87_chrome_installer.exe detected: Gen:Variant.Symmi.31976 (B)
Hello,
We just installed the plugin for Labtech and are getting 2 errors in the command history for the script below:
http://dl.emsisoft.com/a2cmd.zip|c:\windows\ltsvc\FluShot\a2cmd.zip-ERR Could not Download file http://dl.emsisoft.com/a2cmd.zip
Software\7za.exe|c:\windows\ltsvc\FluShot\7za.exe-ERR Could not Download file /Transfer/Software\7za.exe
I have tried to go to that link for the download and it shows that it is an invalid link which may be the issue?
Thank,
Tim!
That could be, that was an older plugin and so the location of software may no longer be present.
Hi,
As Jason mentioned a few months ago, chrome_elf.dll is detected as some sort of malware. Even after a clean install of Chrome.
Is there a know issue, of way to exclude files?
Thanks!
Hi,
I keep getting Flushot license plugin error. Also, does not seem to be saving the config after click the checkboxes and selecting the drop downs.
Hello,
flu-shot script is removing my office16 Excel.exe .
it is detecting it as ransomeware.
Emsisoft Commandline Scanner – Version 9.0
Last update: N/A
Scan settings:
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:Windows, C:Program Files
Detect Potentially Unwanted Programs: On
Scan archives: Off
ADS Scan: On
File extensions: Off
Advanced caching: Off
Direct disk access: Off
Scan start: 10/23/2017 12:35:10 PM
C:Program Files (x86)Microsoft OfficeRootOffice16EXCEL.EXE detected: Gen:Variant.Ransom.20 (B)
Scanned 303692
Found 1
Removed 0
Scan end: 10/23/2017 1:10:31 PM
Scan time: 0:35:20
Where is the configuration for the Scheduled script set? I can see the settings for individual devices in the FluShot tab but no where else can I find settings. Is the Plugin supposed to show in tools?
Also it seems that http://dl.emsisoft.com/a2cmd.zip is no longer a valid download. are there any plans to update this in the plugin and or script?