[PR #309] [MERGED] Bump Agent troubleshooter, adding remote access scripts #309

New issue

Closed

opened 2026-03-02 02:11:27 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 02:11:27 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/amidaware/community-scripts/pull/309
Author: @silversword411
Created: 2/14/2026
Status: ✅ Merged
Merged: 2/14/2026
Merged by: @silversword411

Base: main ← Head: main

📝 Commits (2)

4c5d55e Agent Troubleshooting 1.7
bfb7e05 WIP: Add Remote Access detector and screenconnect detector 1.10

📊 Changes

4 files changed (+1599 additions, -84 deletions)

View changed files

📝 scripts/Win_TRMM_Troubleshooting_Agent.ps1 (+77 -0)
➕ scripts_wip/Win_Remote_Access_Detect_Monitor_and_killer_v1.8.py (+1362 -0)
➖ scripts_wip/Win_Screenconnect_Detectothers.ps1 (+0 -84)
➕ scripts_wip/Win_Screenconnect_Detectothers_v1.10.ps1 (+160 -0)

📄 Description

Win_TRMM_Troubleshooting_Agent.ps1 (Modified)
v1.7 update (dated 1/8/2026)
Added two new functions:
Get-DefenderExclusions - Retrieves Windows Defender exclusions (paths, processes, extensions)
Get-ProgramFilesList - Lists contents of Program Files directories with timestamps
These functions are called at the end of the troubleshooting script to include defender exclusions and installed programs in the output
Win_Remote_Access_Detect_Monitor_and_killer_v1.8.py (New file)
Brand new comprehensive Python script (1362 lines) for detecting remote access tools
Detects 20+ remote access and RMM tools (TeamViewer, AnyDesk, ScreenConnect, NinjaOne, etc.)
Features:
Process, service, and file signature detection
Network connection mapping
Kill and cleanup capabilities (--kill, --clean flags)
Flexible exclusion system via environment variables
Server URL extraction from config files
Supports both remote access tools and RMM platforms
Version history through v1.8 with multiple enhancements including JWrapper/SimpleHelp detection and GoToAssist improvements
Win_Screenconnect_Detectothers.ps1 (Deleted)
Original ScreenConnect detection script removed
Win_Screenconnect_Detectothers_v1.10.ps1 (New file)
Replacement for deleted file with significant improvements
v1.10 changes:
Fixed WMI compatibility issue (replaced Get-WmiObject with Get-CimInstance)
Added registry fallback for service path lookup
New Get-ServiceDetail function with fault tolerance
Added Remove-InvalidSCService function to delete unauthorized ScreenConnect services
New -deleteInvalid switch parameter
Enhanced debug output showing service names

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/amidaware/community-scripts/pull/309 **Author:** [@silversword411](https://github.com/silversword411) **Created:** 2/14/2026 **Status:** ✅ Merged **Merged:** 2/14/2026 **Merged by:** [@silversword411](https://github.com/silversword411) **Base:** `main` ← **Head:** `main` --- ### 📝 Commits (2) - [`4c5d55e`](https://github.com/amidaware/community-scripts/commit/4c5d55e6963b1dc337f4fde3cbe219c71c0136e3) Agent Troubleshooting 1.7 - [`bfb7e05`](https://github.com/amidaware/community-scripts/commit/bfb7e05ee60ba93442923d7dba9059bcc7290ac9) WIP: Add Remote Access detector and screenconnect detector 1.10 ### 📊 Changes **4 files changed** (+1599 additions, -84 deletions) <details> <summary>View changed files</summary> 📝 `scripts/Win_TRMM_Troubleshooting_Agent.ps1` (+77 -0) ➕ `scripts_wip/Win_Remote_Access_Detect_Monitor_and_killer_v1.8.py` (+1362 -0) ➖ `scripts_wip/Win_Screenconnect_Detectothers.ps1` (+0 -84) ➕ `scripts_wip/Win_Screenconnect_Detectothers_v1.10.ps1` (+160 -0) </details> ### 📄 Description 1. Win_TRMM_Troubleshooting_Agent.ps1 (Modified) v1.7 update (dated 1/8/2026) Added two new functions: Get-DefenderExclusions - Retrieves Windows Defender exclusions (paths, processes, extensions) Get-ProgramFilesList - Lists contents of Program Files directories with timestamps These functions are called at the end of the troubleshooting script to include defender exclusions and installed programs in the output 2. Win_Remote_Access_Detect_Monitor_and_killer_v1.8.py (New file) Brand new comprehensive Python script (1362 lines) for detecting remote access tools Detects 20+ remote access and RMM tools (TeamViewer, AnyDesk, ScreenConnect, NinjaOne, etc.) Features: Process, service, and file signature detection Network connection mapping Kill and cleanup capabilities (--kill, --clean flags) Flexible exclusion system via environment variables Server URL extraction from config files Supports both remote access tools and RMM platforms Version history through v1.8 with multiple enhancements including JWrapper/SimpleHelp detection and GoToAssist improvements 3. Win_Screenconnect_Detectothers.ps1 (Deleted) Original ScreenConnect detection script removed 4. Win_Screenconnect_Detectothers_v1.10.ps1 (New file) Replacement for deleted file with significant improvements v1.10 changes: Fixed WMI compatibility issue (replaced Get-WmiObject with Get-CimInstance) Added registry fallback for service path lookup New Get-ServiceDetail function with fault tolerance Added Remove-InvalidSCService function to delete unauthorized ScreenConnect services New -deleteInvalid switch parameter Enhanced debug output showing service names --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>