09-04-2020 10:14 AM
let say I want to run protect disable on 100 computers.... I tried the following but didn't work:
C:\PSTools>psexec -i -d -s \\pc100 cmd /c echo 5Nstall22#| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable
5Nstalll22# is the pass....
thank you!
09-04-2020 10:15 AM
btw:
echo 5Nstall22#| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable
this works locally...
09-04-2020 06:48 PM
Try this:
wmic /node:"COMPUTERNAME" process call create "cmd /c echo 5Nstall22# | 'c:\program files\Palo Alto Networks\Traps\cytool.exe' protect disable"
If that doesn't work, you can try the following bat:
@echo off
echo echo 5Nstall22# ^| "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect disable > c:\tmp\cytool.bat
wmic /node:"COMPUTERNAME" process call create "cmd /c c:\tmp\cytool.bat"
You also have other possibilities by running, one time, remote scheduled tasks. You have options.
09-07-2020 07:41 AM
thank you! the results I got was:
Executing (Win32_Process)->Create()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
ProcessId = 5032;
ReturnValue = 0;
};
--------------------------------------------------
yet the query shows its still Enabled...
--------------------------------------------------
c:\PSTools>psexec -i -d -s \\9020m-77 cmd /c "c:\program files\Palo Alto Networks\Traps\cytool.exe" protect query
Connecting to 9020m-77...Protection Mode State
Process Enabled Enabled
Registry Enabled Enabled
File Enabled Enabled
Service Enabled Enabled
Starting cmd on 9020m-77...ice on 9020m-77...
cmd started on 9020m-77 with process ID 5044.
-----------------------------------------------
Thank you though, you are right, I have other options... I decided to just use the web console to update the agents... it was more of a challenge and if it did work, I would use it in the future in other cases where its needed.
09-12-2021 09:46 PM
You have to make sure there is no space between the end of the password and the | otherwise the space is included as part of the password.
03-26-2024 09:27 AM
You can also use a PowerShell script for that, e.g. for a list of servers, like:
param(
[Parameter(Mandatory = $true)]
[string[]]$servers
)
Set-Location -Path $PSScriptRoot
# Assuming $Secret:cortexpass is how you're securely storing and accessing the password
# Ensure you have a secure method to access this password in the context of the remote session
$password = $Secret:cortexpass
$cytoolPath = 'C:\Program Files\Palo Alto Networks\Traps\cytool.exe'
$scriptBlock = {
param($password, $cytoolPath)
$processStartInfo = New-Object System.Diagnostics.ProcessStartInfo
$processStartInfo.FileName = $cytoolPath
$processStartInfo.Arguments = "protect disable"
$processStartInfo.RedirectStandardInput = $true
$processStartInfo.UseShellExecute = $false
$process = [System.Diagnostics.Process]::Start($processStartInfo)
$process.StandardInput.WriteLine($password)
$process.StandardInput.Close()
$process.WaitForExit()
}
foreach ($server in $servers) {
try {
Invoke-Command -ComputerName $server -ScriptBlock $scriptBlock -ArgumentList $password, $cytoolPath
Write-Output "Successfully disabled tamper protection on $server."
} catch {
Write-Output "Failed to disable tamper protection on $server. Error: $_"
}
}
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
