Windows - Tray Notification - Customize Trusted Message

What the Automox Agent tray branding Worklet does

This Automox Worklet™ writes a custom branding string into the footer of every Automox Agent tray notification on Windows endpoints. The Worklet invokes amagent.exe with the notifications set_branding_message command, passing the BrandingText parameter as the --message value. The agent then renders that text at the bottom of every toast and tray popup it shows the user.

The Worklet is state-aware. It reads C:\Program Files (x86)\Automox\tray_branding_text_state.csv to find a row where Key equals brandingText, then compares the recorded Value against the BrandingText parameter you configured. If the state file is missing, the row is absent, or the recorded value does not match, the Worklet re-applies the branding and rewrites the state file. The CSV is shared with sibling tray Worklets, so existing entries for other keys are preserved.

Both phases gate on Automox Agent version 2.5.0 or higher, read from the HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall registry tree using the Automox Agent DisplayName entry. Endpoints running an older agent log the detected version and skip the change, so legacy installs do not loop or fail noisily inside the policy.

Why brand the agent tray notification footer

An unlabeled tray notification is a help desk ticket waiting to happen. When the Automox Agent prompts a user to reboot for a patch window or surfaces a pending policy, the end user sees a generic system toast and has no idea whether it is sanctioned IT software or a phishing pop-up. The footer branding string is the lowest-friction place to put your IT team name, internal support URL, or compliance disclosure so the user recognizes the prompt and acts on it instead of dismissing or reporting it.

Set the BrandingText value once in the policy, and the Worklet rebrands every Automox Agent in scope on its next evaluation, then keeps the value pinned through agent restarts, upgrades, and reimages. A direct string comparison against the recorded Value in the state CSV means endpoints already showing the correct text finish in milliseconds, while only divergent hosts incur a fresh amagent.exe call. The result is a consistent label on every Windows endpoint in the policy without per-host login work.

How tray branding enforcement works

1. Evaluation phase: The Worklet reads the Automox Agent DisplayVersion from the Windows uninstall registry and exits 0 if it falls below 2.5.0. On supported agents, it tests for C:\Program Files (x86)\Automox\tray_branding_text_state.csv. A missing file, a missing brandingText row, or a Value that does not match the configured BrandingText returns exit code 2 and flags the endpoint for remediation. A match returns exit code 0 and the endpoint is reported compliant.

2. Remediation phase: The Worklet locates amagent.exe under ${env:ProgramFiles(x86)}\Automox or falls back to $env:ProgramFiles\Automox, then runs amagent.exe notifications set_branding_message --message "<BrandingText>". On a zero exit code from amagent.exe, the Worklet calls Write-TextBrandingState to upsert the brandingText row in tray_branding_text_state.csv while preserving other tray Worklet keys. A non-zero amagent exit code or a missing executable exits 2 and surfaces the failure in the Automox activity log.

Automox Agent tray branding requirements

• Windows 10, Windows 11, or Windows Server 2016 and later

• Automox Agent version 2.5.0 or higher installed on the endpoint; older agents log a version gap and exit without changes

• PowerShell 5.1 or higher (default on supported Windows builds)

• amagent.exe present in C:\Program Files (x86)\Automox or C:\Program Files\Automox; the Worklet checks both paths automatically

• Set the same BrandingText value in both evaluation.ps1 and remediation.ps1 (the default is "Managed by your IT Administrators"); the agent enforces a 75-character limit on the rendered footer

• SYSTEM-level execution, which is the Automox Agent's default context, so no additional credentials are required

Expected state after the branding is applied

After a successful remediation, every Automox Agent tray notification on the endpoint renders the configured BrandingText in the footer. The state file at C:\Program Files (x86)\Automox\tray_branding_text_state.csv contains a row with Key=brandingText and Value set to the exact string you configured. The next evaluation finds a match, logs "Branding text matches configured value. No changes needed.", and exits 0, so the endpoint reports compliant without re-running amagent.exe.

To validate manually, run Import-Csv "C:\Program Files (x86)\Automox\tray_branding_text_state.csv" in an elevated PowerShell session and confirm the brandingText row shows your value. You can also trigger a tray toast from the Automox console (any pending Worklet or patch policy with notifications enabled) and visually confirm the footer text. The branding persists across agent restarts, Windows reboots, and Automox Agent upgrades; it is replaced only when you change BrandingText in the policy and re-run, or when the state file is deleted and the next evaluation re-applies the configured value.

If a remediation fails, the activity log entry surfaces the amagent.exe exit code and stderr. The two most common failures are amagent.exe missing from both Program Files paths (typically a partial agent install or a non-standard deployment) and the agent being older than 2.5.0, in which case the Worklet exits without applying changes and the log records the detected version.