I’ve whipped up something. It would be great, if the output could be funneled into a dashboard, though – like the devices page where you see a list of devices, and a checkmark or something like that, so you can easily see who isn’t patched (or who doesn’t have AV, or who doesn’t have a particular third-party-whatever, who has an SNMP x.x.x.x.x result greater than YYY, etc.).
Enjoy:
this is a comodo1/c1 script to check WannaCry patch status
#mschechter.20170516
#Computer Experts Group, Ltd.
import subprocess;
import os
import re
sHotFixes = [‘KB4012212’, ‘KB4012217’, ‘KB4015551’, ‘KB4019216’, ‘KB4012216’, ‘KB4015550’, ‘KB4019215’, ‘KB4013429’, ‘KB4019472’, ‘KB4015217’, ‘KB4015438’, ‘KB4016635’]
iFoundOne = 0
sName = ‘WannaCry’
tempFileName = os.getenv(‘TEMP’)+’\CheckWannaCry.txt’
process=subprocess.Popen(('wmic qfe get hotfixid > ’ + tempFileName),shell=True,stdout=subprocess.PIPE);
stdout=process.communicate()[0]
print stdout
for i in sHotFixes:
#print i
process=subprocess.Popen(('find /i ’ + i + " " + tempFileName + " > nul"),shell=True,stdout=subprocess.PIPE);
stdout=process.communicate()[0]
#print stdout
if os.getenv(‘ERRORLEVEL’) != 0:
iFoundOne += 1
if iFoundOne == 0:
print “BAD! " + os.environ[‘COMPUTERNAME’] + " has NO " + sName + " PATCHES FOUND!!”
else:
print “GOOD! " + os.environ[‘COMPUTERNAME’] + " has " + sName + " PATCHES FOUND.”
get rid of file
process=subprocess.Popen(('erase /F /Q ’ + tempFileName),shell=True,stdout=subprocess.PIPE);
stdout=process.communicate()[0]
print stdout