Hello,
We previously encountered performance issues in our VDI environment when one a
vendor kicked off a "deep scan" of all agents, causing our hypervisors to peg
CPU and bring VDI to a crawl. We ended up powering down VMs and our team (under
the gun) just used whatever methods were familiar to kill the processes
(PSExec, Taskkill, PowerCLI, etc.).
While we surely hope this doesn't happen again, we want to be prepared with a
way to hopefully kill the processes without having to kill entire VMs and
potentially causing loss of work. I am attempting to have a script ready to
kill the relevant RedCloak processes and disable the service otherwise they
will restart (as we discovered this last go round). I have the following
script, but I've never worked with jobs or runspaces. I'm thinking with our
~2500 endpoints, it would be best to look into leveraging that, but I'm not
sure which is most appropriate for this type of job. Based on the below
process, should I focus my efforts on jobs or runspaces? Any helpful
examples/tips? I've read a few articles but having trouble understanding how to
deal with each. Anyway, if the multi-thread doesn't seem appropriate and I can
just turn this loose on a long list of hostnames, I can do that. Just looking
for opinions/options. Thank you!
Function Stop-RedCloak{
[CmdletBinding()]
param
(
[Parameter(Mandatory=$false,ValueFromPipeline=$true)]
[string[]]$Servers = $env:COMPUTERNAME,
[string]$Query = "Name LIKE 'procwall%.exe'`
OR Name LIKE 'inspector%.exe'`
OR Name LIKE 'redcloak%.exe'"
)
Foreach($Server in $Servers)
{
$Process = Get-Process -ComputerName $Server -Name
"Inspector*","Procwall*","RedCloak*"
If($Process -ne $null)
{
(Get-WMIObject Win32_Process -ComputerName $Server -Filter
$Query).terminate()
Set-Service Redcloak -StartupType Disabled -ComputerName $Server
}
}
}
Confidentiality Notice: This is a transmission from Community Hospital of the
Monterey Peninsula. This message and any attached documents may be confidential
and contain information protected by state and federal medical privacy
statutes. They are intended only for the use of the addressee. If you are not
the intended recipient, any disclosure, copying, or distribution of this
information is strictly prohibited. If you received this transmission in error,
please accept our apologies and notify the sender. Thank you.
