DefensX Filtering Agent

It would be handy to have an install and removal script for the DefensX content filtering agent added to ImmyBot.

It’s installed via MSI and has several configuration options. I’ve written an install, version check, and removal script that’s at NinjaOne-Scripts/DefensX at main · dszp/NinjaOne-Scripts · GitHub and it includes a version-independent download URL that’s evergreen (https://cloud.defensx.com/defensx-installer/latest.msi), with a redirect to the versioned installer where the version can be extracted from the file name. A handful of installation flags are available as arguments to the MSI and are set in my script via script parameters and converted. The agent is self-updating, but the URL https://cloud.defensx.com/defensx-installer/latest.msi?v=$SpecificVersion where $SpecificVersion is a full version number that exists, will download an older installer.

The /quiet parameter installs silently as system, and the following are the possible flags for installation:

EDGE_DISABLE_PRIVATE_WINDOW=0 CHROME_DISABLE_PRIVATE_WINDOW=0 FIREFOX_DISABLE_PRIVATE_WINDOW=0 DISABLE_UNINSTALL=1 SYSTEM_COMPONENT=1

The above flags are set to those values when the UI switches are all set to ON here (skip Use Short Deployment Key which I believe should be used as the regular one is very long, either should work and both are available from the UI and interchangeable), which is OPPOSITE of the default (the default for all of the above options is the opposite of the above values, if left off of the install command):

Uninstallation would be executing the MSI removal of the software matching “DefensX Agent” in the registry’s uninstall inventory.

Not super urgent and I haven’t had time to try, but I think with Immy’s easy MSI functions, someone working with it regularly would likely be able to produce a script with parameters quickly. If I get the time at some point I may also try, if no one else beats me.

I’ve gotten this working with dynamic versions and license keys and all the possible MSI options that might be useful as parameters. The script is in our internal library named “DefensX Agent” and if ImmyBot wants to review it and make it into a global software item, I’m game. It’s an MSI so it’s not overly complicated and should be easy to review! Have tested installing and uninstalling. No reboots needed.

There’s an option to prevent uninstall, and an option to hide in Add/Remove Programs. If those are enabled, I have NOT tested removal from the script afterwards, but with the defualt normal install, default uninstall works fine also.

Hi @dszp,

Would you be open to share the scripts you made for this deployement with me. I’m also starting to get working on this software.

Thank you!

Hi @Etienne, I’ve published my scripts with a how-to for adding it to your Software Library here: MSP-Scripts/immy.bot Scripts/DefensX Agent at main · dszp/MSP-Scripts · GitHub

The scripts themselves are quite minor in terms of length, as it’s a simple process and the framework immy.bot provides does most of the work, but I’ve documented the Configuration Task parameters I’m using as well (I haven’t figured out where to put these to provide them as a parameter block and make it work automatically, but it appears to be possible and would make things a little faster to configure).

@dszp Thank you very much ! :grinning:

Is there an API that might make this easier via a dynamic integration?

There is an API, with the ability to create an API key and a downloadable API YAML definition. However, I don’t see a deployment token in the YAML definition, but it’s long and I may not have their terminology handy, so I’ve asked my contact there to confirm one way or the other and will let you know. And if it’s not supported, I will be requesting that deployment tokens be added to the API!

Thanks - we have set up a basic deployment for this during our testing, but having a multi-tenant option would be ideal. Once we get additional tenants set up in our portal I’ll be able to test this more.

I got a reply from DefensX, they said they do have deployment tokens are returned from the /customers/{customerId}/deployments endpoint. There is also a /customers endpoint that can retrieve the customer IDs. They do have an API YAML file that can be reviewed with Swagger and the portal has API key generation.

I don’t see anything particularly confidential about the API YAML file, but I don’t know if I’m alllowed to post it publicly. I have a ticket open about it, 2823367835, that I could reply to with the API YAML file if that would be useful?