Tranquil IT Forum

Good morning,

I'm having trouble deploying the agent. When I install the agent manually, everything goes smoothly.
However, as soon as I want to deploy the agent on the workstations, waptagent installs, vc2008 installs but the service installation fails.
I tried several methods:

• using wapdeploy: waptdeploy.exe --hash=0c050e4a6d2caf3bf569d8c3564396881b4336656a7bc602d74f83398048c1e1 --minversion=1.3.13.0 --wait=15 --tasks=autorunTray,installService,installredist2008,autoUpgradePolicy --waptsetupurl=http://wapt/wapt/waptagent.exe

• by directly deploying waptagent:
  waptagent /VERYSILENT

• by deploying waptagent with a response file:
  waptagent /VERYSILENT /LOG="c:\waptagent_install.log" /LOADINF="wapt.inf"

Do you have any idea?

Person ?

Hello,

What variables are missing to diagnose

the OS of the workstations?
Antivirus installed?
AppLocker?
SRP?

Nssm.exe had issues with Windows10 Creators Update, but beyond that, we haven't received any reports of problems in this regard.

OS: Windows 7 Pro;
Antivirus: Symantec SEP 12.1.6
; AppLocker: Disabled
; SRP: No

Try to see if Symantec might be silently blocking the creation of the service.

We had a similar problem at a client with AVG where the network path was not trusted by the local agent; add this path in the central administration console of your antivirus.

Good evening,
For your information, the latest version of Kaspersky 10.2.5.3201 (mr3) blocks waptdeploy.exe and even removes it from Netlogon.

Hello Cyril, ndamelincourt, Alexandre,

Today we see antivirus software more as a complement to the basic SRP security offered in Windows.

SRPs are "Software Restriction Policies," and they work on the same principle as Linux: only software marked "OK" by the administrator can be run by the user, even if it's located in their home directory. So goodbye to cryptolockers, ransomware, and similar threats.

WAPT is an excellent tool for implementing SRPs, and some users even go so far as to completely remove antivirus software from their 600-machine network once they've gained confidence in SRPs.

On your network, there's a high risk that your antivirus software will continue to mark "your WAPT" as "unknown" because your WAPT is customized for your network and generated from your personalization data. Therefore, antivirus programs that rely on signature recognition won't recognize your customized agent. There are methods outside the scope of WAPT to resolve this issue.

Vincent

I resolved the issues related to Windows SmartScreen acceptance, etc., by adding the product certificate during agent creation.

I added it to a GPO as an Authorities Certificate and Trusted Publisher.

Since then, there have been no more "Warning: This software may not be a trusted source" errors.

Regards,

For Waptagent, that's indeed the correct method.

However, Waptdeploy is signed with our commercial key...

The script didn't cause me any problems; doing it via GPO already avoids a lot of hassle.
Having set up certificates for PS, VBScript, etc., it's a very useful workaround (a small addition to the wiki would be welcome )!!!