V3 Windows Sensor – Modernized Implementation
Overview
The Windows sensor has been upgraded to a modern, streamlined design.
This update makes the sensor faster, more reliable, and easier to manage, while keeping the same functionality and behavior you are already familiar with.
Key Benefits
Simpler management – fewer scheduled tasks, easier configuration
Faster scans – improved script execution without external delays
Better troubleshooting – structured logs and unified state data
Improved reliability – reduced dependencies, more resilient design
Key Improvements at a Glance
Area | Previous Design | New Design |
|---|---|---|
Task Scheduling | Multiple interdependent tasks in Windows Task Scheduler | One single task (“GYTPOL Hourly”), all operations handled internally |
Script Execution | Depended on external validation, sometimes causing delays or failures | Scripts validated locally for faster and more reliable execution |
Logs | Plain text files, unstructured and harder to filter | Structured JSON logs in a local database, easy to query and export |
State Data | Scattered across several files | Consolidated into a single database for a clear, consistent view |
Dependencies | Required extra supporting components | Self-contained, simpler to deploy and maintain |
Task Scheduling
Before:
Several scheduled tasks were created under the gytpol folder in Task Scheduler.
Each operation (scans, reporting, upgrades) had its own task, creating complexity.
Now:
A single scheduled task named GYTPOL Hourly handles all operations.
Simpler structure, easier management, fewer points of failure.
Script Execution
Before
Scripts depended on external validation.
This sometimes caused delays or failures during scans in certain environments.
Now
Scripts are validated locally by the sensor before running.
This ensures faster and more reliable execution, while maintaining code integrity.
Logging
Before
Logs stored as plain text in the Logs folder.
Easy to open, but unstructured and difficult to filter.
Now
Logs are stored in JSON format in a lightweight local logs database.
Structured, searchable, exportable.
Faster troubleshooting and easier integration with external tools.
Examples
Run the below commands from C:\Program Files\WindowsPowerShell\Modules\gytpol using CMD launched as Administrator:
Stream last hour of logs:
client.exe -tail logsOutput logs from the last hour:
client.exe logsLast 2 hours (7200 seconds):
client.exe -since 7200 logs > logs.jsonAll logs:
client.exe -since 0 logs
When downloading logs from the UI, the system generates a zip archive containing:
JSON logs
Alerts overview (CSV)
Version history (CSV)
Task assignments (CSV)
Scan history (CSV)
Configuration details (CSV)
Sensor State
Before
State information (scan times, tasks, licenses, settings) was spread across multiple files.
Now
All data is stored in a single local sensor database.
This provides a clear and consistent view of the Agent’s configuration and activity.
Check with:
client.exe statusExample output:
Version : 3.1.1.0
Type : win-x64
Hostname : DC
Endpoint UUID : b26212d7-some-UUID-here-c99506b67b18
Agent UUID : 52174389-some-UUID-here-9dd3ca6f0b27
Installation ID : 332449917
Labels : [none]
Custom proxy : [none]
First scan start : 2025-08-28T12:40:26
Last scan start : 2025-08-31T11:17:12
Task request : [default]
Last tasks request : 2025-08-31T13:47:01Other Useful Commands
Test connectivity (respects proxy configuration):
client.exe connectSchedule re-scan on next run:
client.exe rescan
Summary
The updated sensor design delivers the same functionality as before, but with a much more efficient and reliable foundation:
One task instead of many in Task Scheduler
Faster scans with local script validation
Structured logs for better diagnostics
Unified state data for clear visibility
Self-contained design with fewer dependencies
This results in simpler management, greater reliability, and faster troubleshooting for your team.