/build/static/layout/Breadcrumb_cap_w.png

Scripting Question


Deleting a file in System32 folder

01/17/2020 289 views

Hello,

I am trying to remove a file from the System32 directory (C:\Windows\System32\MpSigStub.exe) , however no matter what I try it doesn't seem to want to delete the file.  I have Tried running an online shell script with the following:

del "C:\Windows\System32\MpSigStub.exe" which works when I run it in my elevated cmd window perfectly fine. In my none elevated cmd window I get an access is denied error. 

I am running this as local system but still the file doesn't delete. 

I have tried an Online KScript with the following: 

Verify

  1. Verify that the file “$(KACE_SYS_DIR)\MpSigStub.exe” exists

    On Success

    1. Launch “$(KACE_SYS_DIR)\cmd.exe” with params “del ”C:\Windows\System32\MpSigStub.exe“”.

And still the file remains. 

Please could someone let me know where I am going wrong? Is there a way of using an elevated CMD prompt with KACE? 

Thanks

James

0 Comments   [ + ] Show comments

Comments


All Answers

1

Try replacing $(KACE_SYS_DIR) and C:\Windows\System32 with C:\Windows\Sysnative

Answered 01/20/2020 by: flip1001
Fifth Degree Brown Belt

  • Hello,

    Thank you for your response unfortunately this has not worked either.
1

I got it to work with the following


Hz5i1aAzMgPR80MGtPsdAwAAdFSnD0UAAAAAcC54pggAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANgaoQgAAACArRGKAAAAANiY9P8DFKTZBUgTCR4AAAAASUVORK5CYII=

Answered 01/21/2020 by: RandomITdude24
Senior Purple Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ