Executing yara with powershell on domain computers

Question

I'm having issues with running executing Yara with Powershell on domain computers.

Transfer Yara to computer:

PS> copy yara.exe \\PC1-PC.mydomain.com\C$\TEMP\yara.exe

Transfer rules:

PS> copy rules.yara \\PC1-PC\C$\TEMP\rules.yara

Execute scan using Invoke-Command:

PS> Invoke-Command -ComputerName PC1-PC -ScriptBlock { c:\TEMP\yara.exe c:\TEMP\rules.yara c:\TEMP\ } -credential USER

Now it transfer the Yara exe and rules to the remote computer. When executing with the invoke command, nothing returns, it just returns back to the original prompt in Powershell (ver 2.0)

The Yara rule works completely fine on standalone and does return an alert on a standalone computer. However, nothing returns when I'm using this on a remote computer that is on the domain.

It looks like you aren't getting the credentials correctly, the credential parameter needs to be a credentials object not a username. Try this instead: `$cred = Get-Credential ; Invoke-Command -ComputerName PC1-PC -ScriptBlock { c:\TEMP\yara.exe c:\TEMP\rules.yara c:\TEMP\ } -credential $cred` it will pop-up a box asking for credentials and then use them to connect to the remote computer. — henrycarteruk, Feb 10 '17 at 13:50
Is $cred the domain administrator ie. Mydomain\administrators? Or is just $cred? — Ray, Feb 10 '17 at 14:32
There's two parts to the command separated by a semi-colon. Firstly `$cred = Get-Credential` this will pop-up a box asking for credentials that will be saved (encrypted) to the `$cred` variable. Which is then used for the credential param for `Invoke-Command`. The credentials your put in must have access to the remote computer, generally local admin access is enough so Domain Admin would work. — henrycarteruk, Feb 10 '17 at 14:44
Okay this is what popped up: cmdlet Get-Credential at command pipeline position 1 Supply values for the following paraemeters: Credential — Ray, Feb 10 '17 at 17:56

Executing yara with powershell on domain computers

0 Answers0