nullzilla

Security - DNS Filter

Nov 12th, 2019 (edited)
179
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Import-Module $env:SyncroModule -WarningAction SilentlyContinue
  2.  
  3. if (!$sitekey) {
  4.     $sitekey = 'c2d325d46af6828f48cbb2aa'
  5. }
  6. $arguments = "NKEY=$sitekey TRAYICON=disabled ARPSYSTEMCOMPONENT=1"
  7. $agenturl = 'https://download.dnsfilter.com/User_Agent/Windows/DNS_Agent_Setup.msi'
  8. $certurl = 'https://app.dnsfilter.com/certs/NetAlerts.cer'
  9. $homepath = 'c:\yourhomepathhere'
  10. if (-not (Test-Path "$homepath")) { mkdir "$homepath" }
  11. Set-Location $homepath
  12.  
  13. # Check for service and install if missing
  14. if (Get-Service 'DNS Agent' -ErrorAction SilentlyContinue) {
  15.     Write-Output 'DNSFilter installed'
  16. }
  17. else {
  18.     Write-Output 'DNSFilter not found, installing'
  19.     # Remove registry keys from any previous installs
  20.     if (Test-Path 'HKLM:\SOFTWARE\DNSFilter') { Remove-Item 'HKLM:\SOFTWARE\DNSFilter' -Recurse }
  21.     if (Test-Path 'HKLM:\SOFTWARE\DNSAgent') { Remove-Item 'HKLM:\SOFTWARE\DNSAgent' -Recurse }
  22.     # Download Agent
  23.     (New-Object Net.WebClient).DownloadFile("$agenturl", "$homepath\dnsfilter.msi")
  24.     if (Test-Path 'dnsfilter.msi') {
  25.         Write-Output 'Agent downloaded'
  26.     }
  27.     else {
  28.         Write-Output 'Agent download failed'
  29.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Agent download failed'
  30.         exit 1
  31.     }
  32.     # Install Agent
  33.     $arguments = "/qn /i $homepath\dnsfilter.msi $arguments"
  34.     Write-Output "Installing with arguments: $arguments"
  35.     Start-Process -File msiexec -Arg $arguments -Wait
  36.     ipconfig /flushdns | Out-Null
  37.     Start-Sleep -s 20
  38.     # Set service to automatically restart
  39.     New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\DNS Agent' -Name 'FailureActions' -Value ([byte[]](0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x14, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x60, 0xea, 0x00, 0x00)) -PropertyType Binary -Force | Out-Null
  40.     if (Get-Service 'DNS Agent' -ErrorAction SilentlyContinue) {
  41.         Write-Output 'Agent installed'
  42.         exit 0
  43.     }
  44.     else {
  45.         Write-Output 'Agent install failed'
  46.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Agent install failed'
  47.         exit 1
  48.     }
  49. }
  50.  
  51. # Check if certificate installed
  52. if (Test-Path cert:\LocalMachine\root\C1FC30A63636A84E8EF3A79039E3EE9EBA60D33F) {
  53.     Write-Output 'Certficate installed'
  54. }
  55. else {
  56.     Write-Output 'Certificate not installed, installing'
  57.     # Download Certificate
  58.     [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
  59.     (New-Object Net.WebClient).DownloadFile("$certurl", "$homepath\NetAlerts.cer")
  60.     if (Test-Path 'NetAlerts.cer') {
  61.         Write-Output 'Certificate downloaded'
  62.     }
  63.     else {
  64.         Write-Output 'Certificate download failed'
  65.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Certificate download failed'
  66.         exit 1
  67.     }
  68.     # Install Certificate
  69.     $arguments = "-addstore -enterprise -f Root NetAlerts.cer"
  70.     Start-Process -File certutil -Arg $arguments -Wait
  71.     if (Test-Path cert:\LocalMachine\root\C1FC30A63636A84E8EF3A79039E3EE9EBA60D33F) {
  72.         Write-Output 'Certificate installed'
  73.     }
  74.     else {
  75.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Certificate not installed'
  76.         exit 1
  77.     }
  78. }
  79.  
  80. # Check if filtering is working
  81.  
  82. # Check for a recent kernel power event and if found, wait a bit to avoid false positives
  83. $lastkp = Get-EventLog -LogName system -Source Microsoft-Windows-Kernel-Power -Newest 1 | Select -ExpandProperty TimeGenerated
  84. $recent = (New-Timespan -Start $lastkp -End (Get-Date)).TotalMinutes -le 2
  85. if ($recent) {
  86.     Start-Sleep -Seconds 120
  87. }
  88.  
  89. if((Get-DNSClientServerAddress).ServerAddresses -contains '127.0.0.2') {
  90.     Write-Output "DNS Server set to 127.0.0.2"
  91. }
  92. else {
  93.     Write-Output "DNS Server setting incorrect:"
  94.     (Get-DNSClientServerAddress)
  95.     Rmm-Alert -Category 'Security - DNS Filter' -Body 'DNS Server setting incorrect'
  96.     Exit 1
  97. }
  98. $dnsresponse = [System.Net.Dns]::GetHostAddresses("proxyandfilteravoidance.filterdns.net") | Select-Object -ExpandProperty IPAddressToString
  99. if (-not ($dnsresponse -match "198.251")) {
  100.     Write-Output 'Warning: Filtering failed'
  101.     # Try restarting the service
  102.     Restart-Service 'DNS Agent'
  103.     ipconfig /flushdns | Out-Null
  104.     Start-Sleep -s 120
  105.     $dnsresponse = [System.Net.Dns]::GetHostAddresses("proxyandfilteravoidance.filterdns.net") | Select-Object -ExpandProperty IPAddressToString
  106.     if (-not ($dnsresponse -match "198.251")) {
  107.         Write-Output 'Restarting service did not resolve filtering failure'
  108.         Rmm-Alert -Category 'Security - DNS Filter' -Body 'Restarting service did not resolve filtering failure'
  109.         exit 1
  110.     }
  111.     else {
  112.         Write-Output 'Restarting service resolved filtering failure'
  113.         exit 0
  114.     }
  115. }
  116. else {
  117.     Write-Output 'Filtering verified'
  118.     Close-Rmm-Alert -Category "Security - DNS Filter"
  119.     exit 0
  120. }
  121.  
RAW Paste Data

Adblocker detected! Please consider disabling it...

We've detected AdBlock Plus or some other adblocking software preventing Pastebin.com from fully loading.

We don't have any obnoxious sound, or popup ads, we actively block these annoying types of ads!

Please add Pastebin.com to your ad blocker whitelist or disable your adblocking software.

×