I've modified a script I found on the technet script center to find known cryptowall files in a server's shares.
We utilize GFI Max and I'd like to implement this on all of the client servers that we can (we've had 2 cryptowall infections at two different companies this week) as a early warning system. To avoid setting the script as an automated task to run along side an event log check that searches for EventID 2319 from source CryptScan, I'd like the script to exit with code 2319 if one of the runspaces reports cryptowall files, but I can't wrap my head around how. I'd also like it to output all of the shares, owners, and date modified like it does with the event log if that's possible, but I don't know if it is since the $MessageBody variable is only in the runspaces. Any help would be appreciated
Using runspaces is just about the trickiest PowerShell code you're likely to encounter, because it introduces multithreading and synchronization concepts to a language that is otherwise just about completely single-threaded (from the script author's point of view, anyway.)
I don't see any calls to PowerShell.EndInvoke() in your code, but when you call that method, you'll receive the output stream from that particular PowerShell object. Then you can just output objects like you would in any other script, and gather them up for your log files / etc out in the main thread (where you no longer have to worry about synchronization, since the background runspaces aren't all trying to write to the same object or file or whatever.)