Hello guys and girls,
Using any of the script methods in Extension Attributes (EA), we need to collect data on our Windows (I know, I know...) systems that are SafeGuard encrypted. I've tried a Batch file and a PowerShell script, however, when I Recon a PC, the EA does not return any info - see the scripts below - appreciate any help/direction you can offer.
Batch file:
@echo off
Setlocal
::Change to correct directory and define variables
cd
c:
cd
cd "Program Files (x86)SophosSafeGuard EnterpriseClient"
SET HASSGN=""
SET LOGPATH="%temp%Log.txt"
SET RESULT=""
::Validate SGNState is Installed
IF NOT EXIST "SGNSTATE.EXE" GOTO :NOSGN
::Clear logfile from previous executions of SGNState
IF EXIST %LOGPATH% DEL %LOGPATH%
::Iterate through SGNState Results to determine status
FOR /F "tokens=* delims==" %%i in ('sgnstate.exe /LD') do echo %%i >> %LOGPATH%
FOR /F "tokens=*" %%i in ('findstr /X /B /M /C:"Sophos SafeGuard - Return code = 1 " %LOGPATH%') do SET HASSGN="%%i"
IF NOT %LOGPATH%==%HASSGN% SET RESULT=NOTENCRYPTED
IF %LOGPATH%==%HASSGN% SET RESULT=ENCRYPTED
echo %RESULT%
GOTO :EOF
:NOSGN
echo NOTENCRYPTED
:EOF
Endlocal
PowerShell:
if (!(test-path "C:Program Files (x86)SophosSafeGuard EnterpriseClientSGNState.exe")){"NOT_INSTALLED";exit}
if (&"C:Program Files (x86)SophosSafeGuard EnterpriseClientSGNState.exe" /LD | select-string "Sophos SafeGuard - Return code = 1"){
"ENCRYPTED"} else {"NOT_ENCRYPTED"}
