Workflow Actions

This action automatically removes MSI-based software from a device using the iSoftwareQuery interface. The software to be removed can be specified using the following properties:

• SoftwareName: Specifies the name of the software to remove.
• PartialMatch: If set to true, allows partial name matching when locating the software.

OutputResult:

• Success – Software was successfully removed.
• Failed – Software removal was unsuccessful.

This step is used to find software on a device. It queries the installed software and checks if the specified software is found or not.

 Useful if you need to uninstall software only where it exists.

Monitors the CPU usage of a device over a specified sample and evaluation period. CPU usage is categorized as: Critical, High, Medium, Low, or Idle based on the measured values.

Detect the status of the Windows Firewall (enabled or disabled).

This step is used to log the user out of the current session on the device. It uses the Windows Terminal Services API to open the server, get the active console session ID, and log off the session.

If the log off is successful, the output result is set to 'success', otherwise it is set to 'failed'.

This includes both mounting and unmounting actions.

Mount an ISO image to make its contents accessible as if they were part of the local file system. This allows browsing, reading, and modifying the files within the ISO image just like any other directory on your system.

Unmounting is the process of disconnecting a mounted file system from its mount point. When you're done working with an ISO image, unmounting it ensures that the file system is safely detached from the mount point. This action frees up system resources and prevents data corruption.

ISO files are normally used to back up optical disks or data in a more functional way.

Detect the type of operating system.

 This is useful if you have different actions based on Windows, Mac OS or Linux operating systems.

This step writes an entry to the Windows Event Log.

Required/Optional Settings:

• Source Name – The source application or component.
• Entry Type – Type of log entry (e.g., Information, Warning, Error).
• Severity – The severity level of the event.
• Message – Optional message text to include.
• Log Name – The log to write to; the source is created in this log if it doesn’t already exist.
• Event ID – A numeric identifier for the event.

OutputResult:

• Success – Log entry was written successfully.
• Failed – Writing to the log failed.
• Unsupported – Operation is not supported on non-Windows operating systems.

Sends email for approval before processing the next step in the task.

Example: Confirm approval before deployment of patches.

 If emailing to multiple email addresses, set the "number of approvers" appropriately.  If you need all users to approve, the number must match the number of emails addresses.

Requires end-user approval before processing the next step in the task. Snooze and cancellation options can be used if required.

Example: The end-user is asked to close all Outlook applications before application upgrade.

This action allows to create informative message which be displayed to users on the notification dialog.

Notification can be customized with the company logo.

Maximum text size is 200 symbols.

Notification timers allow to specify time during which the popup message will be displayed on a device.

After this time the message disappears automatically if not skipped by the user.

Wait for a defined period of time before processing the next task. It's useful for ensuring that preceding tasks have completed or for synchronizing with external events.

Example: Wait 15 minutes for services to come online.

This class is used to execute a batch script. It creates a temporary batch file, writes a script content to the file, and executes it. The class also allows specifying arguments, success return codes, and a timeout for execution. After execution, the class sets the result based on the exit code of the batch script.

 You can copy and paste a pre-existing script

Execute a Windows Powershell script.

Example: Shut down the virtual machine to patch the host.

This class is used to execute VB scripts as a part of a workflow step. It allows you to specify the script to be executed, the success return code, and the timeout period. The script can be entered using the file browser and the success return codes determine whether the execution was successful or not. The timeout period specifies how long the script can run before it is considered to have timeout.

 VB is extremely useful for multiple-step actions.

Process (hash) is stopped if running.

 Hash is either MD5 or Sha1.

Create and set global variables.

Global variables store script output results for every device. Global variables are useful when you need to reference a variable from outside the current workflow, making them particularly handy for workflows sequences. These variables allow for consistent referencing of workflows across devices' lifecycles.

Disable a specified account if it exists.

Example: If you have a user account that you want to make unavailable without deleting it.

This step is used to enable a user account on a device. It calls the UserAccountManager.EnableAccount method to enable the account. The username is retrieved from the SpecificSettings. UserName property. If the account is successfully enabled, the output result is set to JobResult.SuccessResult. If an exception occurs or the account cannot be enabled, the output result is set to JobResult.FailedResult.

Example: Enable a local account that is only used for local device backups.

Search for a local account.

Example: Search for 'Administrator' user accounts as these breach a security policy.

This step is used to check the health of disk space on a device. It calculates the total free space on a specific device drive and compares it to predefined thresholds to determine the health status. The possible results of this step include healthy, medium, warning, low, critical, and no disk.

Example: Check disk space prior to deployment of software or patches.

Search a specified drive for a specific file (file name).

Example: Search the drive for a Tor browser or BitTorrent binary.

Action which checks if the time is good for the workflow chain to continue.

The time is taken according to device(s) time zone for which workflow action is being executed.

Action designed to check incoming variable value from another action.

And depending on received value 'If variable' decides which way the workflow will go further. It allows to read any of the 3 values of a variable: Output, ErrorCode or ReturnCode.

Checks if the time on the device is synchronized with a particular server. The admissible time difference can be specified in minutes.

Detect if Process (hash) is running.

 Hash is either MD5 or Sha1.

Check if the reboot is needed.

 This is really useful if you are performing a complex software upgrade that requires a device to be in a non-reboot state.

Shows if there is a logged in user on a device.

This action is applicable only for Windows devices.

Ping an IP Address or URL to detect on which network the device is connected.

Example: Ping a local server to make sure the device is inside the company network.

Check if a device has been up and running for a specified time period.

Example: Has the server been running for 10 minutes since being rebooted.

Perform an inventory scan on the device.

Example: Perform an inventory scan to ensure it is up to date before trying to install the software.

This step is used to update the value of a custom inventory field for a device. This is useful for: tagging devices with environment labels (e.g., "Production", "QA"); recording deployment status, asset ownership, or location metadata; supporting dynamic reporting and filtering in inventory views.

This class is used to perform a patch scan on a device. It scans for patches and detects if any patches are found or not.

This step is used to stage patches on a device so that when a patch deploy happens at a later time it can use that local cache.

Action made to apply/run the remediation workflows which were previously accepted/saved by the customer before using Security Resolve action.

This action allow to select the approved remediations by:

• Custom Query: User defined queries for security vulnerabilities matching certain criteria. Updated when the task runs.
• Group: Fixed groups of specific security vulnerabilities
• Specific: Select any combination of security vulnérabilités, security groups and security queries
• All security vulnerabilities

his class is used to perform a reboot on a device. It is a subclass of the RebootStepBase class and inherits its functionality. The RebootStep class is specifically designed to perform a reboot immediately without any delay or user interaction. It is categorized under 'Reboot' category and has associated image key of Reboot. The class has the ability to ignore detection, meaning that it will not be detected or executed by the detection engine.

The class is marked as a long-running job step, indicating that it may take a significant amount of time to complete. The PossibleResult attribute specifies that the class can return either a success or cancelled result. The GetUIOptions object that configures the user interface options for the RebootStep, including initiating the reboot immediately and enabling the workflow.

This class is used to perform a reboot with a custom UI prompt. It is a subclass of the RebootStepBase class and uses the RebootSettings custom class for specific settings. It overrides the GetUIOptions method to customize the UI options for the reboot.

This will reboot immediately if there are users not logged on.

Quick Reboot UI

Uninstall the software.

This action is used for software deployment without launching install command. The file is loaded to DownloadFolder and DownloadCacheFolder, but not executed.

 Checking the 'Using Peer File' checkbox in Properties allows implementing of a peer-to-peer technology which is useful for traffic reduction.

Creates or updates Wi-Fi network profiles on the target device.

Installs a specified version of a Windows Feature Update on the target device.

Monitors the CPU usage of a device over a specified sample and evaluation period. CPU usage is categorized as: Critical, High, Medium, Low, or Idle based on the measured values.

Detect the type of operating system.

 This is useful if you have different actions based on Windows, Mac OS or Linux operating systems.

Sends email for approval before processing the next step in the task.

Example: Confirm approval before deployment of patches.

 If emailing to multiple email addresses, set the "number of approvers" appropriately.  If you need all users to approve, the number must match the number of emails addresses.

Wait for a defined period of time before processing the next task. It's useful for ensuring that preceding tasks have completed or for synchronizing with external events.

Example: Wait 15 minutes for services to come online.

Execute a Windows Powershell script.

Example: Shut down the virtual machine to patch the host.

Process (hash) is stopped if running.

 Hash is either MD5 or Sha1.

Create and set global variables.

Global variables store script output results for every device. Global variables are useful when you need to reference a variable from outside the current workflow, making them particularly handy for workflow sequences. These variables allow for consistent referencing of workflows across devices' lifecycles.

This step is used to check the health of disk space on a device. It calculates the total free space on a specific device drive and compares it to predefined thresholds to determine the health status. The possible results of this step include healthy, medium, warning, low, critical, and no disk.

Example: Check disk space prior to deployment of software or patches

Action designed to check incoming variable value from another action.

And depending on received value 'If variable' decides which way the workflow will go further. It allows to read any of the 3 values of a variable: Output, ErrorCode or ReturnCode.

Detect if Process (hash) is running.

 Hash is either MD5 or Sha1.

Check if the reboot is needed.

 This is really useful if you are performing a complex software upgrade that requires a device to be in a non-reboot state.

Ping an IP Address or URL to detect on which network the device is connected.

Example: Ping a local server to make sure the device is inside the company network.

Check if a device has been up and running for a specified time period.

Example: Has the server been running for 10 minutes since being rebooted.

Perform an inventory scan on the device.

Example: Perform an inventory scan to ensure it is up to date before trying to install the software.

This step is used to update the value of a custom inventory field for a device. This is useful for: tagging devices with environment labels (e.g., "Production", "QA"); recording deployment status, asset ownership, or location metadata; supporting dynamic reporting and filtering in inventory views.

This class is used to perform a patch scan on a device. It scans for patches and detects if any patches are found or not.

his class is used to perform a reboot on a device. It is a subclass of the RebootStepBase class and inherits its functionality. The RebootStep class is specifically designed to perform a reboot immediately without any delay or user interaction. It is categorized under 'Reboot' category and has associated image key of Reboot. The class has the ability to ignore detection, meaning that it will not be detected or executed by the detection engine.

The class is marked as a long-running job step, indicating that it may take a significant amount of time to complete. The PossibleResult attribute specifies that the class can return either a success or cancelled result. The GetUIOptions object that configures the user interface options for the RebootStep, including initiating the reboot immediately and enabling the workflow.

This class is used to perform a reboot with a custom UI prompt. It is a subclass of the RebootStepBase class and uses the RebootSettings custom class for specific settings. It overrides the GetUIOptions method to customize the UI options for the reboot.

This will reboot immediately if there are users not logged on.

Quick Reboot UI

Uninstall the software

This action is used for software deployment without launching install command. The file is loaded to DownloadFolder and DownloadCacheFolder, but not executed.

 Checking the 'Using Peer File' checkbox in Properties allows implementing of a peer-to-peer technology which is useful for traffic reduction.

Detect the type of operating system.

 This is useful if you have different actions based on Windows, Mac OS or Linux operating systems.

Sends email for approval before processing the next step in the task.

Example: Confirm approval before deployment of patches.

 If emailing to multiple email addresses, set the "number of approvers" appropriately.  If you need all users to approve, the number must match the number of emails addresses.

Wait for a defined period of time before processing the next task. It's useful for ensuring that preceding tasks have completed or for synchronizing with external events.

Example: Wait 15 minutes for services to come online.

Execute a Windows Powershell script.

Example: Shut down the virtual machine to patch the host.

Process (hash) is stopped if running.

 Hash is either MD5 or Sha1.

Create and set global variables.

Global variables store script output results for every device. Global variables are useful when you need to reference a variable from outside the current workflow, making them particularly handy for workflow sequences. These variables allow for consistent referencing of workflows across devices' lifecycles.

This step is used to check the health of disk space on a device. It calculates the total free space on a specific device drive and compares it to predefined thresholds to determine the health status. The possible results of this step include healthy, medium, warning, low, critical, and no disk.

Example: Check disk space prior to deployment of software or patches

Action designed to check incoming variable value from another action.

And depending on received value 'If variable' decides which way the workflow will go further. It allows to read any of the 3 values of a variable: Output, ErrorCode or ReturnCode.

Detect if Process (hash) is running.

 Hash is either MD5 or Sha1.

Check if the reboot is needed.

 This is really useful if you are performing a complex software upgrade that requires a device to be in a non-reboot state.

Ping an IP Address or URL to detect on which network the device is connected.

Example: Ping a local server to make sure the device is inside the company network.

Check if a device has been up and running for a specified time period.

Example: Has the server been running for 10 minutes since being rebooted.

Perform an inventory scan on the device.

Example: Perform an inventory scan to ensure it is up to date before trying to install the software.

This step is used to update the value of a custom inventory field for a device. This is useful for: tagging devices with environment labels (e.g., "Production", "QA"); recording deployment status, asset ownership, or location metadata; supporting dynamic reporting and filtering in inventory views.

This class is used to perform a patch scan on a device. It scans for patches and detects if any patches are found or not.

his class is used to perform a reboot on a device. It is a subclass of the RebootStepBase class and inherits its functionality. The RebootStep class is specifically designed to perform a reboot immediately without any delay or user interaction. It is categorized under 'Reboot' category and has associated image key of Reboot. The class has the ability to ignore detection, meaning that it will not be detected or executed by the detection engine.

The class is marked as a long-running job step, indicating that it may take a significant amount of time to complete. The PossibleResult attribute specifies that the class can return either a success or cancelled result. The GetUIOptions object that configures the user interface options for the RebootStep, including initiating the reboot immediately and enabling the workflow.

This class is used to perform a reboot with a custom UI prompt. It is a subclass of the RebootStepBase class and uses the RebootSettings custom class for specific settings. It overrides the GetUIOptions method to customize the UI options for the reboot.

This will reboot immediately if there are users not logged on.

Quick Reboot UI

Uninstall the software

This action is used for software deployment without launching install command. The file is loaded to DownloadFolder and DownloadCacheFolder, but not executed.

 Checking the 'Using Peer File' checkbox in Properties allows implementing of a peer-to-peer technology which is useful for traffic reduction.