search and remove JNDI Lookup Class from log4j.jar files on the system with Powershell (Windows)
make sure you use the latest script release!
Killmode for Java processes implemented. ($killMode)
defaults to $false if not changed manually! Be careful using this feature!
by default the script searches on C:\ if not changed
-can be changed to search on all local drives with $searchAllDrives = $true in the script
-can be changed to search a specific path with $searchPath = "C:\your\folder\to\search\
by default the script creates a backup of the file(s) in the same folder were the jar files was found, before removing the class
-can be disabled with $enableBackup set to $false in the script
by default the script validates if the jndilookup.class has been removed from the jar file
by default if the class is still detected and the jar file was not modified, the backup file will be cleaned up.
-can be disabled with $removeBkOnFailure set to $false
by default the script searches for running java processes and write a warning in the log and console.
-KillMode for java prcesses can be enabled by $killMode set to $true - be careful with that!
Generate a log file in the scripts root directory
Generate readable console output
execute the script with elevated Powershell.exe or with deploment tools like SCCM.
"powershell.exe -file "C:\Path\To\Script\Fix-log4j_jndi_7zip.ps1" -executionpolicy Bypass"
Tested on Windows 10, Server 2012R2, 2016 and 2019.
7-Zip is used to delete the class in the jar file and verify the removal.
Source: https://www.7-zip.org/
7-Zip Copyright (C) 1999-2021 Igor Pavlov.
THE SCRIPT IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND.