Adding a new remediation script
Use the
page to define a new endpoint, incident management, or policy script.- To access this page, click New on the page, then select the type of script.
- For a description of each type of script, refer to Remediation scripts section.
To add a remediation script:
- Enter a Name for this remediation script.
- Enter a Description for this script.
- The page includes a tab for each operating system supported for the selected script type. There may be up to 3 tabs: Windows, Linux, and Mac.
Define a script for each available operating system. When a breach is discovered on an endpoint, the system knows which version to run.
Complete the fields on each tab as follows:
Field Description Executable file Browse to the executable file you want to run when certain incidents are detected. To change your selection, right-click Browse and select a new file.
Note: If you are using a remediation script that copies files to a \quarantine folder, be sure to exclude this folder from discovery scans.Endpoint scripts must be smaller than 5 MB.
Arguments (optional) Optionally, enter any arguments you want to include with the command. If the arguments are enclosed in quotation marks, separate arguments by a space. For example:
“-e” “-o”
Additional Files If the script requires additional files, such as a resource file or other scripts that it calls, click Additional Files then browse to a zip file containing the additional file(s) to run.
Note: Additional files are placed in the same folder as the script, and they are automatically downloaded by the endpoints. - Click OK. A progress bar shows the progress of each file as it uploads. You can cancel the process at any time. When the upload is complete, the new external command appears in the details pane.
When editing an existing script, you’ll see Update buttons instead of Browse buttons.
To edit a script:
- Click the script name to edit.
- By Current executable file, click Update. You are alerted that the executable file will be removed from the management server.
- Click OK to continue.
- Browse to the new executable file.
- If necessary, update the additional files in the same way.
- Click OK.
For more information about writing a remediation script, see Creating Remediation Scripts on the Forcepoint support site. This document describes:
- What interpreted languages you can use for the script
- The XML structure of discovery and DLP incidents
- How to supply remediation scripts with credentials in various operating systems
- Code samples