[RESOLVED] tis-with-secure-agent-desktop and MSI settings

Questions about WAPT Packaging / Requests and help regarding Wapt packages.
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Answer
pierre.briec
Messages: 7
Registration: June 2, 2025 - 10:42

June 11, 2025 - 11:34

Hello,

I'd like some information regarding the tis-withsecure-agent-desktop package.
I'm having trouble with the MSI parameters and how to integrate them into the package.
In setup.py, I modified it as follows:

properties={
"VOUCHER": "xxxx-xxxx-xxxx-xxxx-xxxx"
#"UNIQUE_SIGNUP_ID": "smbios"
}

Unfortunately, if I try to add another parameter, the installation fails after regenerating the package.
Can anyone help me with this? Thanks in advance,
Pierre
Last edited by pierre.briec on July 11, 2025 - 4:24 PM, edited 1 time.
High
User avatar
blemoigne
Messages: 178
Registration: July 17, 2020 - 11:29

June 11, 2025 - 1:27 PM

Good morning,
Did you separate the "properties" with commas?

Code: Select all

properties={
"VOUCHER": "xxxx-xxxx-xxxx-xxxx-xxxx",
"UNIQUE_SIGNUP_ID": "smbios"
}
High
User avatar
blemoigne
Messages: 178
Registration: July 17, 2020 - 11:29

June 16, 2025 - 10:14

Hello,
is the problem solved?
High
User avatar
t.heroult
Messages: 307
Registration: December 8, 2020 - 10:13 AM

June 17, 2025 - 09:34

For WithSecure, I use a powershell script provided by WithSecure.
My package therefore only contains the InstallWithSecure_S1.ps1 file, and the installation from setup.py only contains the line:

Code: Select all

run('Powershell -WindowStyle Hidden -ExecutionPolicy ByPass -File "InstallWithSecure_S1.ps1"')
Here is the content of the script (you just need to change the serial number).

Code: Select all

Clear-Host
# =======================================================
#  ********** Variables
# =======================================================

$dossierinstall = "c:\windows\temp\"
$CP = "installer"

$serie = "XXXX-XXXX-XXXX-XXXX-XXXX"
$valeur = (Get-ItemProperty -Path "HKLM:\SOFTWARE\MIcrosoft\Windows NT\CurrentVersion"  -Name ProductName).ProductName

if ($valeur -like "*Server*") {
    $serie = "XXXX-XXXX-XXXX-XXXX-XXXX"
}

$fsecurecp = $dossierinstall + $CP + ".exe"

# =======================================================
# ********** Verification deja installe
# =======================================================

$WantFile1 = "C:\Program Files (x86)\F-Secure\PSB\fshoster32.exe"
$WantFile2 = "C:\Program Files\F-Secure\PSB\fshoster32.exe"
$FileExists1 = Test-Path $WantFile1
$FileExists2 = Test-Path $WantFile2

if ( $FileExists1 -eq $True ) { Exit }
if ( $FileExists2 -eq $True ) { Exit }

# =======================================================
# ********** Telechargement
# =======================================================

$FileExists = Test-Path $dossierinstall
If ($FileExists -eq $False) { New-Item -path $dossierinstall -ItemType directory }

$ChkFile = $fsecurecp
$FileExists = Test-Path $ChkFile

If ($FileExists -eq $False) {
    Invoke-WebRequest -Uri http://download.withsecure.com/PSB/latest/ElementsAgentInstaller.exe -OutFile "$fsecurecp"
}

# =======================================================
# ********** D�sinstallation S1
# =======================================================

$ProcessSA = Get-Process SentinelAgent -ErrorAction SilentlyContinue
if ($ProcessSA) {
	#Check Administrator Privilege
	$user = [Security.Principal.WindowsIdentity]::GetCurrent();
	$admin=(New-Object Security.Principal.WindowsPrincipal $user).IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)  

	if ($admin -eq $false) {
		"Please run the script as Administrator"
		Start-Sleep -s 10
	}

	#Define the API Token
	#To automate the script, get the API Token from management, enter it here, and save the script.
	$token = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
	$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
	$headers.Add("Authorization", "APIToken $token")
	#where $token is your API token. For example, "APIToken abcdefg...."

	#Gets Management URL
	$config = & 'C:\Program Files\SentinelOne\Sentinel*\SentinelCtl.exe' config | select-string -Pattern "server.mgmtServer"
	$mgmt = $config -split ' ' | select -last 1

	#Gets passphrase for Endpoint
	$uuid = & 'C:\Program Files\SentinelOne\Sentinel*\SentinelCtl.exe' agent_id
	$passphrase_url = $mgmt + "/web/api/v2.1/agents/passphrases?uuids="+"$uuid"
	$passphrase = (Invoke-RestMethod ("$passphrase_url") -Method 'GET' -Headers $headers).data.passphrase

	#Start the Uninstallation
	Write-Host "Starting Uninstallation Process..." 
	Write-Host "This Process may take a while. Please do not close the Window."
	& 'C:\Program Files\SentinelOne\Sentinel*\uninstall.exe' /uninstall /norestart /q /k "$passphrase"
}

# =======================================================
# ********** Install
# =======================================================

$Command_line='"' + $fsecurecp + '"'
Start-Process -FilePath $Command_line -Wait -ArgumentList "--silent", "--voucher $serie", '--skip-sidegrade "*"'
Last edited by t.heroult on 10 Sep 2025 - 09:41, edited 1 time.
Server: WAPT Enterprise 2.6.1.17786 on Debian
Consoles: Windows 10 & 11
Infrastructure: Windows

Did you know? When parrotfish undergo smoltification, their osmoregulation mechanism is reversed!
High
User avatar
dcardon
WAPT Expert
Messages: 1929
Registration: June 18, 2014 - 09:58
Location: Saint Sébastien sur Loire
Contact :
Contact dcardon

July 10, 2025 - 3:09 PM

Hi Thomas,

that's funny, the script you published automatically uninstalls SentinelOne by retrieving the uninstallation password from the SentinelOne management server...

and it also downloads WithSecure if needed.

So basically, the provided WAPT package should do the trick if the VOUCHER value is correctly entered

. Regards,

Denis
Denis Cardon - Tranquil IT
Share your experiences on WAPT! Send us your blog and article URLs in the "Your Opinion of the forum, and we'll feature them on the WAPT
High
Answer

Return to “WAPT Packages”


  • To go further with WAPT