The issue is probably because the installer is running as System, so it might be popping up confirmation windows for the install, which nobody will ever see. Is there a silent flag you can add to the execution instruction? What’s the exe you’re trying to run?

The exe is for ForeScout Secure Connect, the exe silently drops the files off in the Program Files directory without any flags needed.

The other thing to check is what you have in the Package Name and Version fields. When you run a scan on the device to check if the software is installed, does the required software policy trigger that it needs to run the installer?

Because the .exe seemingly unpackages the files into their folder, the program does not appear to install like most programs. There is no entry for this software under ‘Apps & features’ in the windows UI so I don’t think that required software policy will work. I don’t believe that this software is found when scanning the system for required software.

I was trying to run the .exe through worklet, when using required software I used the version and name that were displayed when right clicking the output file and selecting properties > details > ‘Product Name’ and ‘Product Version’.

What you could do in that case is unpack the files and use Automox to put them in the right places. I did that for example in this worklet, to make a shortcut to run bginfo.exe at startup:

Bginfo doesn’t install regularly either, you just have to put the file somewhere and run it whenever you want to update the background with the device info.

So what you could do is make a worklet to run the exe and move the files around, or upload multiple files from the exe and put them in the correct places. Let me know if you want any help getting that setup as we’re always happy to help create and troubleshoot worklets.

Thanks Nic, I will give this a try and report back.

I tested your recommendation but did not have success. How can I bypass the evaluation code? I use ‘exit 1’ and I just receive the following in my log file:

2020/07/15 10:46:46 cmd.go:158: Received execCmd command


2020/07/15 10:46:46 cmd.go:108: Executing command: n"exit 1" ""]


2020/07/15 10:46:47 cmd_windows.go:135: runScript: Error in Wait exit status 1


status: 1


stdOut: Omitted


stdErr: 

It seems that the file I upload is not placed unless the remediation code is run, but I can’t get to the remediation code step. Does the evaluation code need something else besides ‘exit 1’ ?

It shouldn’t, but remember when testing worklets that the group scan is what triggers the evaluation code, and the policy execution is what triggers the remediation code.

also is your evaluation code just:

Exit 1

I’ve used that in worklets to just always run the remediation code and that works. What’s the exact code you have in the evaluation section?

My remediation code is


Start-Process “filename.exe”

Evaluation code is


Exit 1

Yeah that should work. Can you send me a copy of the file so I can test it out on my test systems to see what I get? You can email to nic.tolstoshev@automox.com or send me a dropbox link.

Email sent, the .exe was removed from the email. Let me zip it and resend.


Now your end thinks the file is a virus and declined it

Lol, sending attachments is a pain these days. Can you upload it to Dropbox or some other service and email me the link to download it?

Let me figure out how to share it, one moment.

File should have been sent through WeTransfer to your email

Got it - will do some testing and report back.

When the exe is run, a path similar to the following should be created with four files inside. C:\Program Files\ForeScout SecureConnector

Ok I made some progress. This installer is doing some weird stuff under the hood.

I can run the file as a user from the folder and it installs, but if I open a command prompt using runas administrator, and run the file in the command window, it doesn’t work. For some reason it won’t run itself that way, which is essentially what is happening when a worklet is running code.

The next thing I’m going to try is the scheduled task trick to run files as the currently logged in user. If that works I’ll post back with the code.

I believe that it needs to be run as admin for the install to complete, that may be a problem with your scheduled task trick

I will check back in tomorrow morning

Yeah if your users aren’t admins, then I’m not sure whether the installer will run at all. And Forescout doesn’t let you run the task as an admin. They really don’t make this easy. It looks like they recommend you preinstall it on images and then manually on any devices already in the field:


https://www.forescout.com/company/resources/counteract-deploying-secure-connector-service-part-machine-image-guide/

I’m still working on the scheduled task trick and I’ll let you know what happens. Right now I’m having problems even getting the file to copy from the default location to another folder so that the scheduled task can find it, so somehow Forescout is flagging the file as special for copy operations.