"Wanna" ransomware outbreak. Please see this Sophos article sophos.com/kb/126733 for advice on how to protect your organization. Immediate action recommended.
A new Active Directory synchronization task has been configured using the default ActiveDirectorySynchronization.vbs script via the SafeGuard Enterprise Task Scheduler. An additional manual Active Directory synchronization - selecting different objects during the import - was performed after the task has been created.
What is the exact Active Directory structure now being maintained/ synchronized by the Safeguard Enterprise Task Scheduler's Active Directory synchronization?
First seen in SafeGuard Management Center / Local Policy Editor 5.60.0
The default Active Directory synchronization script that comes with the SafeGuard Enterprise Task Scheduler uses an API function called ‘SynchronizeImportedContainers’. This function specifies the follow:
This means that a container (i.e. an Active Directory Organizational Unit) that has been added to the SafeGuard Enterprise Database once will always be maintained by the default Active Directory synchronization script, as long as it stays imported – regardless if it is being ticked during another manual import process or not. If the Security Officer is required to split up the synchronization into multiple tasks, using the Task Scheduler script "ActiveDirectorySynchronization.vbs" (or the API call SynchronizeImportedContainers) is not a good choice, it would be better to create dedicated synchronization scripts* that import a fixed object tree from Active Directory.
*Please note that there is an example script located in the SafeGuard Enterprise install sources folder under 'API sample scripts\Synchronize.vbs'.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.