Exit code fix: add $proc.Handle caching after Start-Process -PassThru to prevent
the handle from being released before ExitCode is readable (known PS5.1 bug).
GuruRMM reporting: launcher now finds results.json after each scan and emits
GURUSCAN_RESULT_JSON:<compressed> to stdout. Agent CommandResult captures it;
server stores it in commands.stdout for retrieval via GET /api/commands/:id.
Pre-scan hardening:
- Pre-flight EXE check: warns about missing scanner binaries before run starts
- Windows Defender exclusions added for scanner/log paths before scan, removed after
AdwCleaner: add /path {LOG_ROOT} arg so logs write directly to scan log root;
update log_src to {LOG_ROOT}\Logs to match.
HitmanPro: add /quiet to scan and clean args to suppress GUI in headless runs.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Adds a complete PowerShell-based malware scanning toolkit:
- Invoke-GuruScan.ps1: main orchestrator running RKill, AdwCleaner,
Emsisoft, HitmanPro, and ESET in sequence with pre/post cleanup,
whitelist support, ForceRemove blacklist, and -Headless switch
- Invoke-PostRebootCleanup.ps1: post-reboot temp-user session that
shows a fullscreen splash, verifies boot-time cleanup completed,
removes scanner files, and restores the original user login name
- Download-Scanners.ps1: downloads/refreshes scanner EXEs
- Get-ScanSummary.ps1: parses results.json with optional Ollama AI analysis
- Invoke-Remediation.ps1: re-runs scanners in clean mode
Key features: exit-code-based reboot detection, whoami-based user
capture (SYSTEM-safe via quser fallback), domain\user and local
MACHINE\user restore on login screen after cleanup reboot.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
