Adding a new remediation script

Warning: To avoid degrading system performance, it is highly recommended you consult with Forcepoint Technical Support before adding a remediation script.

Use the Policy Management > Resources > Remediation Scripts > Remediation Script Details page to define a new endpoint, incident management, or policy script.

To access this page, click New on the Resources > Remediation Scripts page, then select the type of script.
For a description of each type of script, refer to Remediation scripts section.

To add a remediation script:

Enter a Name for this remediation script.
Enter a Description for this script.

The page includes a tab for each operating system supported for the selected script type. There may be up to 3 tabs: Windows, Linux, and Mac.

Define a script for each available operating system. When a breach is discovered on an endpoint, the system knows which version to run.

Complete the fields on each tab as follows:

Field	Description
Executable file	Browse to the executable file you want to run when certain incidents are detected. To change your selection, right-click Browse and select a new file. Note: If you are using a remediation script that copies files to a \quarantine folder, be sure to exclude this folder from discovery scans. Endpoint scripts must be smaller than 5 MB.
Arguments (optional)	Optionally, enter any arguments you want to include with the command. If the arguments are enclosed in quotation marks, separate arguments by a space. For example: “-e” “-o”
Additional Files	If the script requires additional files, such as a resource file or other scripts that it calls, click Additional Files then browse to a zip file containing the additional file(s) to run. Note: Additional files are placed in the same folder as the script, and they are automatically downloaded by the endpoints.

Field

Description

Executable file

Browse to the executable file you want to run when certain incidents are detected. To change your selection, right-click Browse and select a new file.

Note: If you are using a remediation script that copies files to a \quarantine folder, be sure to exclude this folder from discovery scans.

Endpoint scripts must be smaller than 5 MB.

Arguments (optional)

Optionally, enter any arguments you want to include with the command. If the arguments are enclosed in quotation marks, separate arguments by a space. For example:

“-e” “-o”

Additional Files

If the script requires additional files, such as a resource file or other scripts that it calls, click Additional Files then browse to a zip file containing the additional file(s) to run.

Note: Additional files are placed in the same folder as the script, and they are automatically downloaded by the endpoints.

Click OK. A progress bar shows the progress of each file as it uploads. You can cancel the process at any time. When the upload is complete, the new external command appears in the details pane.

When editing an existing script, you’ll see Update buttons instead of Browse buttons.

To edit a script:

Click the script name to edit.
By Current executable file, click Update. You are alerted that the executable file will be removed from the management server.
Click OK to continue.
Browse to the new executable file.
If necessary, update the additional files in the same way.
Click OK.

For more information about writing a remediation script, see Creating Remediation Scripts on the Forcepoint support site. This document describes:

What interpreted languages you can use for the script
The XML structure of discovery and DLP incidents
How to supply remediation scripts with credentials in various operating systems
Code samples