4 ‐ Frequently Asked Questions

This section provides answers to the Frequently Asked Questions regarding Persistence Sniper.

1. Can this tool be used without admin rights?
   No, as most of the checks performed by it require admin rights.

2. Doesn't that force you to leave privileged credentials on the remote machines it's run on?
   No, only on the machine the admin is working from (which should be a privileged, controlled workstation anyway), thanks to how PowerShell Remoting works.

3. Can PersistenceSniper be run on disk images and not live systems?
   No, as of now PersistenceSniper only works on powered up hosts. Building a version that performs checks on forensic images is something I'm thinking about, but it will probably require a new tool. I'm looking into it though.

4. Can I run PersistenceSniper in more restrictive PowerShell environments?
   Yes! Being digitally signed you can run PersistenceSniper in those environments that require script signing.

5. I noticed that persistence X is not detected, how can I make sure it is?
   Just open an issue here on the repo or, even better, write down the detection yourself and create a Pull Request!

6. Does PersistenceSniper work on OS X/Y/Z?
   No, PersistenceSniper only works on Windows.