Try   HackMD

如何進行趨勢ATTK全機掃毒

本文章教學如何透過ATTK進行全機掃毒,詳細請參考公務入口網公告。

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
重要提醒:

  1. ATTK工具在進行清潔的時候會處理異常檔案,若導致資料遺失概不負責。
  2. 重要資料請記得備份。

壹、下載並解壓縮到桌面

一、下載位置

  1. 請到公務入口網,找到並進入這篇置頂公告,或直接點 公告連結

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

  2. 找到公告內的第4點 趨勢(ATTK)特別掃毒及採樣使用,複製下方連結並進入,或直接點 雲端連結
    密碼也可以順便抄下來,解壓縮的時候會用到

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

    進入Google雲端硬碟
    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

  3. 下載所有檔案
    建議使用Chrome/Edge,
    下載方式是(1)全選 (2)反白處右鍵 (3)下載,如下圖所示

    Image Not Showing Possible Reasons
    • The image file may be corrupted
    • The server hosting the image is unavailable
    • The image path is incorrect
    • The image format is not supported
    Learn More →

二、解壓縮至桌面

進入到下載的地方,
將檔案接壓縮至桌面,
ATTK解壓縮密碼為 123456 (以公務入口網的公告為主)

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

貳、執行ATTK

一、以系統管理員身分執行

attk有兩個執行檔,分別是32位元與64位元專用的版本
不知道用什麼版本就先用64位元,
如果出錯在改成32位元即可

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

選定版本,右鍵 > 以系統管理員身分執行

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

會先跳出一個黑色框框,
稍待一會會出現圖形視窗,

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
如果發現兩個版本皆無法執行,有可能是憑證問題

  1. 下載根憑證匯入工具如下:
    https://ftp.trendeso.com.tw/TRC/EasyFix_for_System_Certificates.zip
    解壓縮密碼:trend
  2. 解壓縮後,請對 EasyFixSysCerts.exe 按滑鼠右鍵,選擇以系統管理員身分執行。
  3. 工具會在背景執行,請等待五分鐘後,檢查在同一個目錄裡面的 Log 資料夾,檢查是否有產生 SCPeasyFix.log 或 EasyFixSysCerts.log 確認根憑證匯入是否成功即可
     
    如果成功,最後紀錄會顯示 Fixing result is True 或 No missing system certificate。
    如果最後紀錄顯示 Fixing result is False,請再多執行幾次 EasyFixSysCerts.exe 即可。
  4. 完成以上步驟後,請務必安排時間重新開機一次,新的憑證才能生效。
  5. 重新執行 ATTK 工具

二、全機掃毒

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
背後的黑色框框不要關掉,不然會執行失敗。

從紅框Setting進入

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

選擇第二個 Full system scan,接著ok確認

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

三、開始掃描

點選大大的紅色按鈕開始掃描,全程後方的黑色視窗(命令提示字元)不可關閉,不然導致蒐集異常

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

四、掃描結束

若發現異常,就直接Fix Selected進行修正

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

最後結果是綠色勾勾就可以截第一張圖並關閉,

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

等待黑色框框跑完後會跑出一個網頁,
可直接關閉該網頁

參、執行VBUSTER-TNCG-Collector

本程式會將ATTK跑完的結果上傳到防毒廠商那邊
看到上傳成功後就可以截第二張圖並關閉了

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →

Image Not Showing Possible Reasons
  • The image file may be corrupted
  • The server hosting the image is unavailable
  • The image path is incorrect
  • The image format is not supported
Learn More →
若執行失敗

  1. 請確認attk_ScanCleanOffline_gui_x64.exe 是否有先移動到桌面才執行,
    或將產生的資料夾TrendMicro AntiThreat Toolkit移到桌面後再執行VBUSTER-TNCG-Collector
  2. 執行attk_ScanCleanOffline_gui_x64.exe的時候 背景的黑色視窗不能關閉

肆、回報

接著包含兩張截圖一起回報資安人員已完成ATTK掃描

參考資料

本府永華及民治中心同仁務必配合安裝本府統一建置之Apex One Security防毒軟體
https://portal.tainan.gov.tw/announcement/detail/9481a57f-60d4-4060-a8c2-48a0ac08801c

ATTK工具操作教學
https://drive.google.com/file/d/1A_Xt_rL6N1rUdSgzofh0ZvxyidnjDM39/view?usp=sharing

Last changed by 
舜仔
測試
2
3
3331

Read more

[Linux]如何關閉SSH後持續背景執行

如何ssh登出不中斷,如何背景執行

Feb 20, 2025
常見軟體更新方法

陸續增加中,請善用搜尋

Dec 11, 2024
批次檔常用片段

方法一:

Oct 6, 2024
省錢購物技巧

有時換個名字購物,

Jun 2, 2024
Read more from 舜仔
Published on HackMD