→ 🚀What's New? Explore Lansweeper's Fall 2024 Updates! Fall Launch Blog !
‎11-13-2023 06:18 PM - last edited on ‎03-31-2024 03:22 PM by Mercedes_O
Is anyone else having issues with OneLanuch hitting your computers?
From what I can tell Lansweeper doesn't detect it been installed. Does anyone have any suggestions on a strategy of utilizing LS to alert us when someone has installed said adware? Why doesn't LS see it? OneLaunch appears in the add/remove programs of the computers in question. LS says it's not there.
‎11-14-2023 02:06 PM
We've seen a huge uptick from our EDR about detections of OneLaunch this last week. We thought it was gone, but thankfully our EDR catches it every time someone's browser tries to download the installer.
I went through a bunch of old forum posts and it doesn't look like LanSweeper allows for wildcards to find the file where it would be installed (for instance all users' %LOCALAPPDATA%\OneLaunch\*\OneLaunch.exe)
If your LanSweeper scanner is not set to do so, you may want to enable "SOFTWAREMSSTOREAPPS" in your Scanned Item Interval as well to see if it shows up in the Installed Programs, as it can be added via APPX/Microsoft Store. I know that this is against their best practices for performance, but it may be helpful in this scenario.
You could also run a deploy job with a custom Powershell script to look for the file and write it a file to a static location, then use the File Scan to report on that value.
Change the "$OutFile" variable to reference a place on the PC (something outside the normal file stack, so you don't have to worry about it getting deleted by anything else.)
Enable File Scan in the Scanned Item Interval (if it's not there already) and add the File Path to the scanned items. After the deploy job has run and all has been scanned, click the "Report" button next to the file scan, and it will bring up the report.
Example code below - I have not tested this on OneLaunch, but in theory it should still work:
$OutFile = "C:\Some\Literal\CanaryPath\On\ThePC\filename.txt"
$parent = Get-Childitem "c:\users" -Directory
$found = $false
foreach($user in $parent){
try {
$item = Get-ChildItem -Path "$($user.FullName)\AppData\Local" -Recurse -filter "OneLaunch.exe" -File
if ($item.Exists) {
$found = $true;
}
}
catch {
$error[0].exception.message | Out-Null
}
}
if ($found -eq $true) {
"Found" | Out-File -FilePath $OutFile -Force
} else {
Remove-Item $OutFile
}
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now