Custom Inventory Rule Misbehaving; Possibly Due to May Microsoft Patches?
Did anyone else notice after patching Windows last month any strange errors with Custom Inventory rules? I had a very simple rule:
ShellCommandTextReturn(c:\printers_18Oct_2012.txt)
For all intents and purposes, it was inactive. However, within the last week there were complaints that a notepad window was opened on a client computer. The notepad session was opened, looking at the file referenced by the above CIR rule.
I looked through the May patches and there was one that seems possibly related: MS14-027 (Vulnerability in Windows Shell Handler Could Allow Elevation of Privelage).
Answers (1)
Hard to say if that would have been caused by MS Patches, or if you just recently updated your KBOX, as I know they changed how some of those functions work with the 5.5 update.
That being said, though, you could just change it to something like:
ShellCommandTextReturn(cmd /c type c:\printers_18Oct_2012.txt)
I have some similar CIRs for returning contents of a file, and that's what I've had to use.
Comments:
-
From the date, you can tell this was an old rule. My solution was to delete it as I do not know what it was used for. However, thanks for the alternate syntax, i'll try that next time I need something like this! - alexsh 9 years ago
