Run Remote Custom Script Task

Directly access an endpoint and execute a previously uploaded PowerShell or Bash script file during an investigation.

Only users with the Master Administrator or Security Analyst roles can access the Run Remote Custom Script response.

  1. After identifying the endpoint to investigate, access the context or response menu and click Run Remote Custom Script.

    The Run Remote Custom Script Task screen appears and Trend Micro Vision One attempts to connect to the endpoint.


    Trend Micro Vision One only permits you to execute 1 custom script file per session. The target endpoint must be online in order to connect successfully.

  2. Confirm the targets of the response.
  3. Select the previously uploaded custom script file from the drop-down list.

    If you are unable to locate the desired script file in the list, click the Go to Custom Scripts management link to open the Response Management app in a new tab and upload the script before continuing.

  4. (Optional) Specify a Description for the response or event.
  5. Click Create.

    Trend Micro Vision One creates the task and displays the current command status on the Response Management app.

  6. Monitor the task status.
    1. Open the Response Management app.
    2. (Optional) Locate the task using the Search field or by selecting Run Remote Custom Script from the Action drop-down list.
    3. View the task status.
      • In progress... (): Trend Micro Vision One sent the command to the managing server and is waiting for a response

      • Successful (): The managing server successfully received the command

      • Unsuccessful (): An error or time-out occurred when attempting to send the command to the managing server, the Security Agent is offline for more than 12 hours, or the command execution timed out

    4. Click the Task ID to open the Details panel and Download the session history as a TXT file.