MATS

I searched BRK3163 but I couldn't find it. 

https://www.yammer.com/microsoftignite/#/threads/inGroup?type=in_group&feedId=5730943

It was good tool but due to file scanned by antivirus it loosely credibility. Not sure how the Microsoft has released in the public form and channel9 msdn ....Any tentative date when will be working .. 

Please understand, that this is not a MSFT product.  However, we have just released v2 which doesn't have the problem.  We went through every line of the code to find out where it was being flagged as malware.

Just an update...This file is considered as malware infected by McCafee Product and it result to compliance issue. We have removed the file from using it...Request to re-validate the same..:(

On my side, running System Center Endpoint Protection, I have a virus warning as well.
Trojan: Win32/Skeeyah.C!plock

Few days ago I requested for my internal IT helpdesk unblocking this file in McAfee antivirus. Today I received answer "File is no longer being detected by McAfee as malicious.".

I verified it on corporate Workstation (McAfee VirusScan Enterprise) + DAT file v. 7826 - mats.exe is not recognized as malicius.

I coppied a tool to customer production environment also with McAffee VirusScan Enterprise installed - also works.

Hi,
I tried running MATS within my demo environment. There is one Exchange 2013 (CU8) installed. The tool (PowerShell in the background) tells me no Exchange 2013 found. If I run Get-ExchangeServer I'll get my result back with EX01 (my Exchange Server)
How can I fix this?

In case you have not seen it we have added the Guide for troubleshooting Managed Availability with the MATS tool.  Please let us know if you have any questions.

Kaspersky Internet Security says that found UDS:DangerousObject.Multi.Generic

This is a known problem unfortunately.  The exe file is a ps1 converted to an exe to force STA mode when ran in a non-exchange management shell.  Some anti-virus companies do not search for this conversion in their scans.  What they are seeing is scripted code to run and they flag it.  We are working on resolving this issue ASAP.

F-secure on exchange 2013 servers blocks this file.

This is a known problem.  All the exe file is a ps1 file converted to an exe to force STA mode when ran in a non exchange management shell.  Some virus companies do not search in that manner.  What they are seeing is scripted code to run and they flag it.  We are working on resolving this issue ASAP.  So please stay tuned.

The file is getting deleted after download for me as well because McAfee AV Engine is stating the file is infected: Artemis!B5F955E9F9A2 (Trojan)

What kind of files are you trying to give us here? :-)

It is an exe that wraps up a ps1 file and nothing more. Your AV is overzealous (or maybe they should just release the script version)

Zachary is correct!  We did this as an EXE mainly due to the fact that you have to run EMS in STA mode.  So by putting it in an exe, would could force that.  However, seeing what the tool is doing to the exe, as what you and others are seeing James, we are actively testing it again to make sure that there are no Trojans, malware, etc.. in this code.  Please stay tuned

I forgot where I got this little snippet of code but it does at least help catch when not running in STA mode:

if ([System.Threading.Thread]::CurrentThread.ApartmentState -ne 'STA') {               
    Write-Warning 'Run PowerShell.exe with -Sta switch, then run this script.'
    Write-Warning 'Example:'
    Write-Warning '    PowerShell.exe -noprofile -Sta'
    exit
}

Doesn't help make things easier or anything but if you do ever release just the script then you at least have a way of capturing things and exiting gracefully.

We understand that Zachary.  We were wanting a tool that could be run from any workstation on the domain since we use remote PowerShell for everything now....

And yes, Jay and I are discussions of just releasing the code due to everyone's anti-virus saying it is bad.  But we are looking at something else to try and fix that issue right now and have an update soon.

Give Sapien Powershell Studio a shot, Its exe generation is more capable in my experiences.

It opens and runs on my Windows Server 2012 R2 but it doesnt get a connect with the given Powershell URL

Bernd, as this leverages Exchange 2013 EMS are you specifying the URL as http://fqdnOfServer/powershell ?

Hi Jay,

of course, I use the FQDN of the Exchange 2013 Server

These are the errors:
WARNING: The names of some imported commands from the module 'tmp_k0tbt4es.z4z'
 include unapproved verbs that might make them less discoverable. To find the
commands with unapproved verbs, run the Import-Module command again with the
Verbose parameter. For a list of approved verbs, type Get-Verb.
Found  Exchange 2013 Servers.......
No Exchange 2013 Servers Found!!

Look forward to using this tool. Unfortunately, it errs out for me with the following error:

Could not load file or assembly 'file:///C:\scripts\mats.exe' or one of its dependencies. Operation is not supported. (Exception from HRESULT: 0x80131515)

Hey Zachary,

Where exactly is this error happening?  Just when you launch it or during a specific task?

Thanks

Launched via an admin powershell console or simply double-clicked. Run on Windows 2012 (non-R2).

Do you happen to have .Net4 on your machine?  

Zac,
Please look at the above posts for Tim and let us know if that applies.
Thanks

Jay

Well unblocking the file was a great start! It actually loads up but then errors out and crashes when connecting to a powershell URI. I took the liberty of modifying the code the exe wrapper temporarily dumps to disk (side effect of using powerGui to create your exe). I made a slight modification to the connectExchange function so I don't have to enter any URL if I'm running from a local exchange powershell session:

function ConnectExchange {
    param([string]$URL)
    $CurrSession = @(Get-PSSession | where {($_.ConfigurationName -eq 'Microsoft.Exchange') -and ($_.Availability -eq 'Available')})
    if ($CurrSession.Count -eq 0) {
        $credential = get-credential
        $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $URL -Credential $credential
        Import-PSSession $session -AllowClobber -WarningAction SilentlyContinue
    }
    
    $test = Get-PSSession
    if($test.ConfigurationName -notlike "*exchange*")
    {
        Write-Host "ERROR! It Appears that we could not load the exchange powershell module. Please make sure that the $($URL) is correct.  Cannot continue, exiting script." -ForegroundColor Red
        exit
    }
    else
    {
        $ddlServers.isEnabled = $true
        $servers = Get-ExchangeServer | where {$_.IsE15orLater -eq "True"} | Sort Name
        Write-Host "Found $($servers.length) Exchange 2013 Servers......." -ForegroundColor Cyan
        If($servers.length -gt 0)
        {
            $ddlServers.Items.Add("LocalHost")
            ForEach($server in $servers)
            {
                $ddlServers.Items.Add($server.name)
            }
            $btnConnect.isEnabled = $false
        }
        Else
        {
            Write-host "No Exchange 2013 Servers Found!!"  -ForegroundColor Red
        }
    }
}

Using this and the ps1 file works like a treat now! 

Get add in there Zachary....  Show's that we didn't think of everything...  :)

We will add this to the next go around if you are ok with it...

If I'm OK with it? I'm glad you aren't smacking me around for digging into the code :) Thanks much for the excellent tool btw. Much needed and appreciated!