How to Use Automox Custom Policies (Worklets)

The Worklet (previously known as Custom Policies) section within the Automox console is designed to be extremely flexible. This section allows users to evaluate and enforce anything you can script. It also allows you to upload files that can be used on targeted devices.

Script Languages

The Evaluation and Remediation code languages are specific to the OS, and run in the version currently installed on the target machine.

Windows: PowerShell

Linux & OS X: Bash

  • It is possible to launch and run a script file in a different language in the remediation code by invoking the file from the native language script. This assumes that your target device is capable of running the uploaded script file.

Note: On 64-bit Windows, this runs in a 32-bit PowerShell session. You may need to plan around this for accessing 64-bit registry locations and filesystems. This is caused by 32-bit processes being redirected to 'Wow6432Node' or 'SysWoW64' in place of the native locations.

Evaluation Code

The evaluation code is intended to test a condition, and return an exit code based on that condition.

The evaluation runs each time a device runs a scan and flags the device for remediation according to the exit code. If the exit code is 0, the evaluation is seen as successful and no remediation will take place. Any non-zero exit code flags the device for remediation when the policy’s scheduled time arrives.

It’s important to note that manually executing the policy triggers the Remediation code regardless of the flagged exit code.

Remediation Code

The remediation code section is open ended and can be used to do almost anything you can script. Whether that’s enforcing a configuration setting or installing an application or certificate, if you can script it, you can implement it

Any files you uploaded to the policy are downloaded when the remediation code runs, and can then be called/invoked by your script.

Uploading Files

Any files you may need to reference in your remediation script can be uploaded as part of the policy.

These files will download when the remediation runs and will be available in the current working directory of the script.

Executing Worklets

Scheduled Execution

As with all of the other policy types, Worklets can be scheduled to run by Month, Day-of-Week, and Week-of-Month. Use this to customize the schedule on which the remediation script will run non-compliant devices.

Manual Execution

Manual Execution can be handled in two different ways, per device and per policy.

On the Device Details page, for every device in a Group that is associated with the policy there is an Associated Policies section where you will see the policy name and a ‘Run Policy’ button. This button will trigger the policy to run immediately on the selected device or devices.

On the System Management page, when clicking on a policy the page will display lines to its associated groups and a button labeled ‘Execute Policy Now’. This button will trigger the policy to run immediately on all devices in the associated groups.

Note: These methods trigger the remediation script regardless of the compliance status of the device. Use these methods with caution.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

Dive deeper into this topic