Is there a way to see more than the latest 5 attempts on a certain script?

Trying to uninstall a program on our assets using a batch script, could do with seeing more than the latest 5 attempts on a specific script without having to go into each seperate customer, is this possible?



Not sure but for testing I usually:

  • Run the script locally (not in Syncro) to make sure I’ve got it working
  • Have it log to a local file so you can keep more than 5 runs of logs

Also, just guessing, but if you are trying to download a file via script try something like this in PowerShell using Invoke-WebRequest instead of curl:

$ProgressPreference="SilentlyContinue" # Hides download progress
Invoke-WebRequest -Uri "$url" -OutFile "$file"

not globally, I think you can look at an asset audit and see more history per asset, but the options are different in the long history view than just the script run view so its really rough. In the context of, I just kicked off this job on 100 assets and want to know if it worked… all you can really do is open the assets and look at script history :frowning:.

Thanks doc, we’re trying to uninstall threatlocker on all our assets on all customers at once but it’s proving to be a nightmare to get rid of! We could have done with being able to see more than the latest 5 results for the script (we’ve already ran the uninstaller on all machines) but looks like we may have to individually check each asset, will keep in mind when running scripts what you said in the future, thanks!

Yeah I’ve come to terms with having to go individually through each customer to make sure :frowning: thanks for confirming though

Uninstalling ThreatLocker, I’ve been really interested in Application Allow Listing, curious why you’re moving away.

Moving on to the problem at hand. I’d probably either write a script to monitor to see if it is installed or set up a process monitor. Then use an Automated Remediation to run your uninstall script.

Did you write your own script to uninstall TL or use theirs? Theirs looks solid but it does require their stub installer so there is a chance for a download to trip you up. You could also distribute the stub installer via a script attachment if its failing because of the download.

I work around this by outputting a specific message indicating success to the activity log. You can actually search the activity log in a report, so that way to can search for your specific text and easily get a list of machines that were successful for that script.

What about scripting RMM alert on script failure, or running a separate script to alert if Threatlocker is still installed?