cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post

Piriform Key Check (CCleaner, Avast, AVG) Report

Import this report under Reporting → Configuration Management Reports → Computer (Registry Information).

The correct functioning of this report is predicated on having an Inventory task running that looks for the Piriform key, based on these articles:

http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html

Piriform - Security Notification for CCleaner v5.33.6162 and CCleaner Cloud v1.07.3191 for 32-bit Wi...

To setup that Inventory, you'll need to start creating an Inventory task, then:

  1. Pick "Inventory - Include Specific Datasources"
  2. Pick "Create a custom inventory template"
  3. Deselect all the check-boxes under the "Datasource Configuration" tab (I find the quickest way is to check and then uncheck the top "Categories" box)
  4. Check the "Registry" box under "Computer (Registry Information)"
  5. Click on the "File, Directory and Registry Datasource Configuration" tab
  6. Optional: Click "Remove All" to remove the stock registry keys from the scan
  7. Click "Manually Add/Modify"
  8. Make sure that "HKEY LOCAL MACHINE" is selected
  9. Registry Key Path: Software\Piriform

2017-09-28 09_39_13-Inventory Configuration Editor.png

Save that as a template and run that inventory against your systems.  That will have Patch Manager go out and ask all systems if the Piriform key exists or not, and then the attached Report can show that information.  I don't have any systems with CCleaner in my lab (and I'm not planning to install it to see what happens) but for my machines the results look like this:

2017-09-28 09_41_51-SolarWinds - [Patch Manager (se-lhi-cing-sus)_Administration and Reporting_Repor.png

Many thanks to jrouviere​ for turning me on to making this work.

Labels (1)
Attachments
Comments

will this help with the uninstalling of CCleaner?

It can, in that it'll identify where CCleaner and other possibly affected tools are/were installed.  Based on my reading, even running an uninstall won't necessarily remove the infected code or controlling registry keys, so this can help you look beyond the Programs and Features dialogue.

Now for the million dollar question will PatchManager be able to run a uninstall of CCleaner?

Version history
Revision #:
1 of 1
Last update:
‎09-28-2017 10:42 AM
Updated by: