WiFi Profiles
Purpose
The purpose of this solution is to identify and remove malicious or suspicious Wi-Fi profiles from end machines.
Update Notes - 2 Oct, 2023
- The script, formerly named
Get/Remove Wifi Profiles, has been rebranded toGet/Remove/Add Wifi Profiles. - In this updated version, a new feature has been incorporated to enable the addition of Wi-Fi profiles in addition to removal. Two new user parameters, namely
Profiles_To_AddandPrimary_Computerid, have been introduced to facilitate this functionality. - To accommodate the storage of encrypted passwords, a new column has been added to the pvl_wifi_profiles table.
- Notably, the updated script will not function as intended unless executed with the
Set_Environmentuser parameter set to1post-update. - Moreover, this update necessitates the removal of existing data within the pvl_wifi_profiles table and the Wi-Fi Profile - Audit [Script] dataview. The currently available data will be purged after updating the solution.
- Client-Level and Location-Level EDFs
Primary ComputerIDandWifi Profiles To Addhave been introduced. Setting both EDFs at either level will activate the CWM - Automate - Internal Monitor - Add - Wifi Profiles monitor set for the client or location, respectively. - Client-Level EDF
Safe Wifi Networkshas been moved to the EDF sectionWifi ProfilesfromSecurity.
Associated Content
| Content | Type | Function |
|---|---|---|
| CWM - Automate - Script - Get/Remove/Add Wifi Profiles | Script | Gathers the relevant data from the end machine and can be used to remove malicious profiles as well. |
| CWM - Automate - Custom Table - pvl_wifi_profiles | Custom Table | Stores the data collected by the script. |
| CWM - Automate - Dataview - Wi-Fi Profiles | Dataview | Displays the data collected by the script for all computers in one place. |
| CWM - Automate - Internal Monitor - Execute Script - Get - Wifi Profiles | Internal Monitor | Executes the script once per month against physical Windows workstations to keep the dataview up-to-date. |
| CWM - Automate - Internal Monitor - Add - Wifi Profiles | Internal Monitor | Detects machines where approved Wi-Fi profiles are not available. |
| △ CUSTOM - Execute Script - Get - Wifi Profiles | Alert Template | Used by the internal monitors defined in this document to execute the script. |
Implementation
- Read all related documents carefully.
- Import the CWM - Automate - Script - Get/Remove/Add Wifi Profiles script.
- Execute the script against an online Windows computer with
1as the value for theSet-Environmentparameter. - Import the CWM - Automate - Dataview - Wi-Fi Profiles dataview.
- Execute the script against a few online physical Windows workstations and ensure that the dataview displays the desired data.
- Import the CWM - Automate - Internal Monitor - Execute Script - Get - Wifi Profiles internal monitor.
- Import/Create the
△ CUSTOM - Execute Script - Get - Wifi Profilesalert template to execute the CWM - Automate - Script - Get/Remove/Add Wifi Profiles script. - Assign the alert template to the monitor set.
OPTIONAL:
- Import the CWM - Automate - Internal Monitor - Add - Wifi Profiles monitor set.
- Run the CWM - Automate - Script - Get/Remove/Add Wifi Profiles script against the primary computer of each client/location.
- Check the data fetched from these primary computers in the CWM - Automate - Dataview - Wi-Fi Profiles dataview.
- Set the EDFs defined in the script's document according to the data available in the dataview.
- Apply the
△ CUSTOM - Execute Script - Get - Wifi Profilesalert template to the monitor set.