sunhux
asked on
Windows batch / powershell / VB scripts to constantly comb a folder for new files & make copies of the new files
I have this requiremt:
a) each time an AV quarantine an infected file, it will encrypt the file & move it to a quarantine folder
b) I'll need a method that, say every 5 seconds or more frequently, detect such new quarantined
encrypted file to be copied out to another location/folder (without changing the original file in
the quarantined folder) for decryption where I can do further processing (like investigation &
possibly restore it if it's a false malware)
http://www.ghacks.net/2015/03/17/whats-the-best-free-file-synchronization-software-for-windows/
Probably tools equivalent to Linux's "rsync" & folders sync freewares above may fulfill this requirement
but there's one requirement that I'm not sure if any of them could:
when a copied/sync'ed encrypted file in the target folder has been decrypted, the quarantined & the
target folders will be 'out-of-sync' & the sync'ing to copy back the file from the quarantined folder
will take place again : I don't want this to happen.
Thus, if anyone can write a .bat or PowerShell or VB script to achieve this or provide a method for
this, it's much appreciated
a) each time an AV quarantine an infected file, it will encrypt the file & move it to a quarantine folder
b) I'll need a method that, say every 5 seconds or more frequently, detect such new quarantined
encrypted file to be copied out to another location/folder (without changing the original file in
the quarantined folder) for decryption where I can do further processing (like investigation &
possibly restore it if it's a false malware)
http://www.ghacks.net/2015/03/17/whats-the-best-free-file-synchronization-software-for-windows/
Probably tools equivalent to Linux's "rsync" & folders sync freewares above may fulfill this requirement
but there's one requirement that I'm not sure if any of them could:
when a copied/sync'ed encrypted file in the target folder has been decrypted, the quarantined & the
target folders will be 'out-of-sync' & the sync'ing to copy back the file from the quarantined folder
will take place again : I don't want this to happen.
Thus, if anyone can write a .bat or PowerShell or VB script to achieve this or provide a method for
this, it's much appreciated
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So the scripts will be based on timings new files are being created, say if the
script runs every 10secs, then newly-created files the last 10secs will be
copied out?
script runs every 10secs, then newly-created files the last 10secs will be
copied out?
No, the script runs permanently, and is triggered immediately on file creation.
ASKER
Thanks Qlemo.
> caught by writing a timestamp in each go, and on starting the script check for files newer than that stamp
So is your script above already doing the above? Or can it be changed such that it write a time
stamp each time the script goes down & will start checking from the date/time of the last
date/time it went down?
Bill,
>would let a free or low cost utility do the work for me. Most of these allow some triggering when a
> folder that is being monitored changes, and that can include copying the file someplace.
Yes, but there's a situation which I'm afraid these freewares can't do ie:
when a copied/sync'ed encrypted file in the target folder has been decrypted, the quarantined & the
target folders will be 'out-of-sync' & the sync'ing to copy back the file from the quarantined folder
will take place again : I don't want this to happen.
> caught by writing a timestamp in each go, and on starting the script check for files newer than that stamp
So is your script above already doing the above? Or can it be changed such that it write a time
stamp each time the script goes down & will start checking from the date/time of the last
date/time it went down?
Bill,
>would let a free or low cost utility do the work for me. Most of these allow some triggering when a
> folder that is being monitored changes, and that can include copying the file someplace.
Yes, but there's a situation which I'm afraid these freewares can't do ie:
when a copied/sync'ed encrypted file in the target folder has been decrypted, the quarantined & the
target folders will be 'out-of-sync' & the sync'ing to copy back the file from the quarantined folder
will take place again : I don't want this to happen.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
These tools don't typically work by syncing folders. Rather they monitor a folder waiting for an action you define. Typical things like file creation, file deletion, file modification, etc. When that occurs they trigger a configured option, like sending an email alert, copying the file, logging the event, etc. In some utilities they will have a "scripting" capability, or allow execution of a BAT or VBS script that can then perform any action required, and pass along the file name that triggered the event. Once that file has been processed (it sounds like your process would be decrypting the file into a different folder) the monitoring program will not trigger for that quarantined file again.
~bp
~bp
ASKER
Tks v much Qlemo.
So this latest script writes a timestamp each time the script goes down & will start checking
from the date/time of the last date/time it went down?
So this latest script writes a timestamp each time the script goes down & will start checking
from the date/time of the last date/time it went down?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window
Only issue with that code is it only works as long as the PowerShell script runs. If, for whatever reason, the script is paused or terminated, nothing will happen. Restartiing will not perform a resync. That could be caught by writing a timestamp in each go, and on starting the script check for files newer than that stamp.