/
Deploying Remedio Sensor via CrowdStrike Fusion and Real Time Response (RTR)

Deploying Remedio Sensor via CrowdStrike Fusion and Real Time Response (RTR)

Overview

This article provides step-by-step instructions for deploying the Remedio Client sensor using CrowdStrike Fusion workflows and Real Time Response (RTR) scripts. This method enables automated deployment of the Remedio Client across Windows endpoints managed in CrowdStrike.

Prerequisites

  • Administrative access to the CrowdStrike Falcon Console

  • A valid Remedio tenant with:

    • Base API URL (your tenant’s domain)

    • API Key (available from your assigned Remedio TAM)

  • Target devices organized into Host Groups for workflow scoping

  • Endpoints must have network access to the tenant’s base API URL (for example: https://your-domain.us.cloud.gytpol.com).

  • Installation runs silently with /qn to avoid user interruption.

  • If the folder already exists, installation will be skipped.

Step 1: Create a Real Time Response (RTR) Script

  1. Navigate to Host Setup and Management in the Falcon Console.

image-20250904-070643.png

  1. Select Create Script.

image-20250904-070730.png

  1. In the Create Script dialog box:

    • Enter a Name (this will be referenced later in the workflow).

    • Shell type should be PowerShell

    • Enable Script Access.

      • Select Users with the role or RTR Administrator or RTR Active Responder

    • Check Share Script With Workflows

image-20250904-071651.png

  1. Paste the script below.

    • $DownloadPath → Set this to the folder where the MSI should be downloaded.

    • $Remedio_URI → Replace with your tenant’s API endpoint. For example:
      https://your-tenant.us.cloud.gytpol.com/customer_api/v1/get_client_links

    • $Remedio_API_Key → Replace with the API key provided by your Remedio TAM.

<# .SYNOPSIS Downloads and installs the latest Remedio Client for Windows. .DESCRIPTION This script: 1. Calls the Remedio API using your tenant’s API key. 2. Detects the OS architecture (x64 or x86). 3. Downloads the correct MSI installer into $DownloadPath. 4. Installs it silently using msiexec (/qn /norestart). Notes: - The script runs completely silent (no prompts or console output). - Ensure the API key and URL are correct for your tenant. - Requires Administrator rights to install software. #> #[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $DownloadPath = "C:\path\to\Remedio_Clients" $Remedio_URI = "https://your-tenant.us.cloud.gytpol.com/customer_api/v1/get_client_links" $Remedio_API_Key = "q1w2e3r4t5y6" # Ensure download path exists if (-not (Test-Path $DownloadPath)) { New-Item -Path $DownloadPath -ItemType Directory | Out-Null } # Call Remedio API $response = Invoke-RestMethod -Uri $Remedio_URI -Headers @{ "x-api-key" = $Remedio_API_Key } # Detect OS architecture $OSArchitecture = (Get-CimInstance Win32_OperatingSystem).OSArchitecture if ($OSArchitecture -match "64-bit") { $download = $response.data | Where-Object { $_.clientType -eq "win-x64" } $msiPath = Join-Path $DownloadPath "gytpolClient_x64.msi" } else { $download = $response.data | Where-Object { $_.clientType -eq "win-x86" } $msiPath = Join-Path $DownloadPath "gytpolClient_x86.msi" } # Download MSI Invoke-WebRequest -Uri $download.URL -OutFile $msiPath -UseBasicParsing # Install MSI silently Start-Process -FilePath "msiexec.exe" -ArgumentList "/i `"$msiPath`" /qn /norestart" -Wait

Step 2: Create a Fusion Workflow

  1. Navigate to Fusion Workflows and select Create Workflow from Scratch.

image-20250904-072214.png

  1. Set the Trigger Type to Schedule.

    • Recommendation: Daily schedule (use hourly for testing)

    • Select Start time and Time zone

    • Check Skip if a previous execution is still in progress

image-20250904-072311.png
image-20250904-072359.png

  1. Add an Action → Endpoint → Device Query.

    • Configure criteria, e.g., apply to a specific Host Group.

image-20250904-072430.png
image-20250904-072502.png
image-20250904-072616.png
image-20250904-072737.png

Step 3: Configure Workflow Logic

  1. Add a For Each loop to iterate through the device IDs.

  2. Insert a Condition and set Platform = Windows.

  3. Add an Action → Real Time Response.

  4. Select the Remedio Installation RTR Script created earlier.

  5. Apply the RTR script to the Sensor ID (AID).

  6. Click Next, review configuration, and Save the workflow.

image-20250904-072851.png
image-20250904-072938.png
image-20250904-073108.png
image-20250904-073145.png
image-20250904-073222.png
image-20250904-073307.png

Step 4: Verification

Run the workflow against your Host Group.

Confirm that the Remedio Client is installed on the endpoints, including the presence of the client tasks.

Manual Checks

Programs and Features

  1. Look for GytpolClient x64 or GytpolClient x86 under
    Control Panel > All Control Panel Items > Programs and Features.

Task Scheduler

For V2:

  1. Open Task Scheduler and navigate to Task Scheduler Library > gytpol

    • Verify the following scheduled tasks exist:

      • GytpolClient

      • gytpolTask

      • gytpolTask hourly

image-20250904-093421.png

  1. Confirm that the device appears in the Remedio Console and begins reporting, typically within 15 minutes after the first full scan cycle is completed.

For V3:

  1. Open Task Scheduler and navigate to Task Scheduler Library

    • Verify the following scheduled task exists: GYTPOL Hourly

image-20251203-154753.png

  1. Confirm that the device appears in the Remedio Console and begins reporting, typically within 15 minutes after the first full scan cycle is completed.