Tranquil IT Forum

Contact us
at https://forum.tranquil.it/

[SOLVED] Waptagent deployment issue

https://forum.tranquil.it/viewtopic.php?t=4567

Page 2 of 3

Re: Waptagent deployment problem

Published: March 19, 2026 - 10:13
by Renaud Villet
And FYI, disabling the antivirus doesn't fix the problem
These two processes are still blocked:
Screenshot 2026-03-19 100913.jpg
Screenshot 2026-03-19 100913.jpg (51.8 KB) Viewed 6176 times

Re: Waptagent deployment problem

Published: March 19, 2026 - 1:58 PM
by Renaud Villet
Actually, my colleague created a support ticket for this issue (https://espaceclient.tranquil.it/support/2601197)! ;)
For the time being, we've worked around the problem by reverting to the old agent (version 2.6.1.17472), and it's working.

Re: Waptagent deployment problem

Published: March 31, 2026 - 09:46
by lfkl
Hello everyone,

I'm having the same problem here; deploying the new agent via GPO isn't working.
We've tried using the --force option and removing the minimum version check from the script, but nothing helps.
It's not the antivirus; the exceptions are correctly added.

When we launch the agent manually on the desktop, it works.

Version 2.6.17765, and my colleagues tell me there was already a problem with the previous version.

We're waiting for a fix; I'm receiving 50 machines this week :|

. Best regards.

Re: Waptagent deployment problem

Published: March 31, 2026 - 2:36 PM
by Hakim
Hello,

I have the same problem: I used the waptdeploy tool from the previous version without success.
I also reinstalled the server from that version, still without success.
I am currently deploying the agent manually via a USB drive.

Re: Waptagent deployment problem

Published: March 31, 2026 - 6:04 PM
by htouvet
I am unable to reproduce the problem at the moment.

There have been quite a few changes, related to security, since version 2.6.1.17472.
As a workaround, it is possible to use waptdeploy.exe version 2.6.1.17472 with the latest version of waptagent.exe
if the problem lies in waptdeploy.

Ideally, we should have a log of whether or not the GPO that launches waptdeploy was executed, along with the contents of the standard output

Would it be possible to modify the GPO like this:
- Add a redirection of the standard output of waptdeploy to a log
-> GPO script: cmd.exe
-> GPO argument: /C "..." >> c:\windows\temp\waptdeploy.log"
- Add log for agent installation with the argument --setupargs="/LOG=c:\windows\temp\waptagent.log"

it must look like

Code: Select all

Script: c:\windows\system32\cmd.exe
Arg : /C ""\\mondomaine.lan\SysVol\asfrance.lan\Policies\{DE7ED1A0-C08D-4B2E-943E-610900D31082}\Machine\Scripts\Startup\waptdeploy.exe" --hash=2158caca675e986041ebf924d2ac09b1b5731dc3bba6c78be990097717596465 --minversion=2.7.0.18651 --wait=15 --waptsetupurl=http://wapt.mondomaine.lan/api/v3/get_waptagent_exe/{{ip}}/waptagent.exe --setupargs="/LOG=c:\windows\temp\waptagent.log"" >> c:\windows\temp\waptdeploy.log
After forcing the GPO (gpupdate /force) and restarting the machine, what is the content of the two files?
c:\windows\temp\waptdeploy.log
And
c:\windows\temp\waptagent.log


FYI: changes to waptdeploy

* Explicit paths in the manifest for DLLs potentially used by waptdeploy (to avoid DLL Hikacking)

Code: Select all

<file name="version.dll" loadFrom="%SystemRoot%\system32\version.dll" />
 <file name="secur32.dll" loadFrom="%SystemRoot%\system32\secur32.dll" />
 <file name="cryptsp.dll" loadFrom="%SystemRoot%\system32\cryptsp.dll" />
 <file name="credssp.dll" loadFrom="%SystemRoot%\system32\credssp.dll" />
 <file name="ncrypt.dll" loadFrom="%SystemRoot%\system32\ncrypt.dll" />
 <file name="dnsapi.dll" loadFrom="%SystemRoot%\system32\dnsapi.dll" />
 <file name="iphlpapi.dll" loadFrom="%SystemRoot%\system32\iphlpapi.dll" />
 <file name="winnsi.dll" loadFrom="%SystemRoot%\system32\winnsi.dll" />
 <file name="rasadhlp.dll" loadFrom="%SystemRoot%\system32\rasadhlp.dll" />
 <file name="swdrm.dll" loadFrom="%SystemRoot%\system32\swdrm.dll" />
 <file name="advapi32.dll" loadFrom="%SystemRoot%\system32\advapi32.dll" />
 <file name="crypt32.dll" loadFrom="%SystemRoot%\system32\crypt32.dll" />
 <file name="kernel32.dll" loadFrom="%SystemRoot%\system32\kernel32.dll" />
 <file name="wldap32.dll" loadFrom="%SystemRoot%\system32\wldap32.dll" />
 <file name="ws2_32.dll" loadFrom="%SystemRoot%\system32\ws2_32.dll" />
* use of the directory<wapt> \private\tmp if it exists for downloading "waptagent.exe"
* Wait for a maximum of "--wait minutes" for the processes 'waptagent.exe', 'waptsetup.exe', 'waptagent.tmp', and 'waptsetup.tmp' to stop before launching the installation of waptagent.exe. If they have not stopped after this time, they are forcibly stopped.
* We wait for the ongoing tasks of the wapt service to finish for a maximum of 10 minutes before stopping it

Re: Waptagent deployment problem

Published: April 3, 2026 - 3:41 PM
by jmeyer
Hello,

you can install the agent with the parameters "/VERYSILENT /MERGETASKS=useWaptServer" via a GPO script in the meantime.

Normally, the message should only appear once on the first boot if the "Install the waptupgrade package as soon as the agent sees it" option is checked, or at worst, it should only install when the machine is shut down.

The only computers that give me trouble are those without the waptupgrade package, missing from my console, or with a non-functional agent.
Despite this bug, 100% of the clients in the console have the agent up to date.

Re: Waptagent deployment problem

Published: April 3, 2026 - 4:30 PM
by htouvet
The initial deployment via GPO works in launching waptdeploy via "cmd.exe /C " ..."
The reason for the decline in behavior in some parks is not yet known...

Code: Select all

Script :  c:\windows\system32\cmd.exe
Arguments :  /C ""<chemin>\waptdeploy.exe" --hash=0731eee77445637c17c97f88cd5a53f0d39fac54549b9c3276b91b9195f57c16 --minversion=2.6.1.17765 --wait=15 --waptsetupurl=https://wapt.testdeploy.lan//api/v3/get_waptagent_exe/{{ip}}/waptagent.exe "

Exemple de l'argument (à adapter) :
/C ""\\testdeploy.lan\sysvol\testdeploy.lan\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\MACHINE\Scripts\Startup\waptdeploy.exe" --hash=0731eee77445637c17c97f88cd5a53f0d39fac54549b9c3276b91b9195f57c16 --minversion=2.6.1.17765 --wait=15 --waptsetupurl=https://wapt.testdeploy.lan//api/v3/get_waptagent_exe/{{ip}}/waptagent.exe "

Re: Waptagent deployment problem

Published: April 3, 2026 - 4:38 PM
by htouvet
The latest version of waptagent.exe (2.6.1.17765) is incorrectly flagged as a Trojan by an antivirus program: WithSecure (
Trojan.TR/Crypt.XPACK.Gen3). However, this is a separate issue from waptdeploy, but not from waptsetup.exe (https://www.virustotal.com/gui/file/592 ... 37e083b088).

Re: Waptagent deployment problem

Published: May 21, 2026 - 09:53
by steamera
Hello,

I'm following up on the incorrect flagging of waptagent.exe.
I assume it's normal that waptexit.exe, which originates from waptagent.exe 2.6.1.17787 , also has its signature tagged as a threat, and that it can be safely whitelisted?

VirusTotal checks for

waptexit.exe:

Avast
FileRepMalware [Misc]

AVG
FileRepMalware [Misc]

Avira (no cloud)
TR/Crypt.XPACK.Gen3

DeepInstinct
MALICIOUS

Google
Detected

Ikarus
Trojan.Crypt

Sophos
Mal/Generic-S

Symantec
Trojan.Gen.MBT

Trellix ENS
Artemis!691222F8E96B

WithSecure
Trojan.TR/Crypt.XPACK.Gen3

Thank you

Re: Waptagent deployment problem

Published: May 22, 2026 - 10:54
by dcardon
Hi Kevin,

unfortunately, antivirus programs aren't always very intelligent... We're currently making some small modifications to avoid triggering false positives. For example, the latest change we tested is not compressing the Unicode character set. Indeed, when there's code with high entropy (which is the case with compressed code), some antivirus programs interpret it as encrypted/obfuscated code that could be hiding malicious code...

The strange thing is that the same 64-bit waptexit binary [1] is detected by VirusTotal [2]... Even though it's exactly the same code, just the compilation target is different... (historically, the wapt Windows agent is 32-bit, but we plan to switch it to 64-bit by default soon, so we compile everything on both targets by default, even though waptsetup.exe is still 32-bit only for now).

Life is tough...

Just so you know: our binaries are signed in the build chain using a hardware HSM (with a private key generated locally on the hardware HSM and not exportable), so if it's properly signed, it comes out of our build chain.

As a side note, a few years ago we had to change the default icon of the FPC/Lazarus application (a little cat paw) because it was flagged as suspicious, since someone once wrote a virus using that language...

The best thing to do is to submit a new version to your antivirus vendor to request a re-evaluation.

Denis

[1] https://wapt.tranquil.it/releases/wapt- ... ptexit.exe
[2] https://www.virustotal.com/gui/file/7eb ... d02d421503
Time zone set to UTC+02:00
Page 2 of 3

Developed by phpBB® Forum Software © phpBB Limited

Official French translation © Qiaeru