Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

Extract unique risk name from different directories

Created: 28 May 2013 • Updated: 11 Jun 2013
RSASKA's picture
+2 2 Votes
Login to vote

This powershell script will read in a text file of full file paths, and output the unique risk name.

Symantec looks at the following risks to be unique because they are in different directories even though it is the same risk,
1051[1].js

C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J7OGN5T\1051[1].js
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J7OGN5T\1051[1].js
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YHPP0ZT5\1051[1].js
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G11ELC4W\1051[1].js
C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7FJ8ALY5\1051[1].js
C:\1051[1].js
D:\TEMP\1051[1].js
\\SHARED DIRECTORY\abracadabra\1051[1].js

The script will take this list and extract the filename, which will be output as

1051[1].js
1051[1].js
1051[1].js
1051[1].js
1051[1].js
1051[1].js
1051[1].js
1051[1].js

I found this extremely helpful for data-manipulation in EXCEL, i.e. to Remove Duplicate rows because I am creating reports for management on
(1) number of unique risk that SEP detected
(2) how did SEP remediate the risk, i.e. did it Clean, Delete, or Leave it alone

See previous thread
https://www-secure.symantec.com/connect/forums/reports-baseline-normal-behavior-sep-clients-your-environment as reference

 

Name of script: extract_filename_from_full_path.ps1

Name of document with screenshots: How_to_run_script

 

Each attachment is in .zip file