Returning exit codes from multiple runspaces

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Dave Wyatt Dave Wyatt 2 years, 1 month ago.

  • Author
    Posts
  • #20092
    Profile photo of Aaron Hulse
    Aaron Hulse
    Participant

    I've modified a script I found on the technet script center to find known cryptowall files in a server's shares.

    We utilize GFI Max and I'd like to implement this on all of the client servers that we can (we've had 2 cryptowall infections at two different companies this week) as a early warning system. To avoid setting the script as an automated task to run along side an event log check that searches for EventID 2319 from source CryptScan, I'd like the script to exit with code 2319 if one of the runspaces reports cryptowall files, but I can't wrap my head around how. I'd also like it to output all of the shares, owners, and date modified like it does with the event log if that's possible, but I don't know if it is since the $MessageBody variable is only in the runspaces. Any help would be appreciated

  • #20096
    Profile photo of Dave Wyatt
    Dave Wyatt
    Moderator

    Using runspaces is just about the trickiest PowerShell code you're likely to encounter, because it introduces multithreading and synchronization concepts to a language that is otherwise just about completely single-threaded (from the script author's point of view, anyway.)

    I don't see any calls to PowerShell.EndInvoke() in your code, but when you call that method, you'll receive the output stream from that particular PowerShell object. Then you can just output objects like you would in any other script, and gather them up for your log files / etc out in the main thread (where you no longer have to worry about synchronization, since the background runspaces aren't all trying to write to the same object or file or whatever.)

You must be logged in to reply to this topic.