Overview of Run Script Actions
Run scripts are the pre or post actions that can be configured as part of the patch deployment job execution. This action executes on the assets for the Windows, Linux, and Mac deployment job types. Run acripts are custom scripts that allows you to execute actions before or after the patch deployment job executes.
For more details on the different pre and post actions, see About Pre-Actions and Post-Actions.
The following are the exit codes for run script actions:
Exit Code 0 and 1
Exit Code 0: Indicates that the script has passed successfully and the patch job appears with a Completed status.
Exit Code 1: Indicates that the script has failed and the patch job appears with a Completed with Failure status. If the patch is applicable on the target machine, it is installed.
The following example demonstrates the use of both exit code 0 and 1. This sample script checks if the software is installed or not. A return code of 0 indicates that the software can be installed, while a return code of 1 indicates that installation is not required.
Example: To detect if Notepad++ version 8.1.2 can be installedExample: To detect if Notepad++ version 8.1.2 can be installed
Exit Code 0 and 1
# Sample pre-detection script for Qualys Patch Manager * # This sample script demonstrates detection of installed * # software. It returns 0 if software can be installed * # and returns 1 if installation is not required * # * # Return Code * # 0 - success * # 1 - failure * #************************************************************* # required parameter [string]$SoftwareName = "notepad++*" [string]$SoftwareVersion = "8.1.2" # Print OS info for asset information and troubleshooting Write-Host "Gathering OS Information..." $osInfo = Get-CimInstance Win32_OperatingSystem | Select-Object Caption, Version, ServicePackMajorVersion, OSArchitecture, CSName $properties = @{ Caption = $osInfo.Caption Version = $osInfo.Version ServicePackMajorVersion = $osInfo.ServicePackMajorVersion OSArchitecture = $osInfo.OSArchitecture HostName = $osInfo.CSNAme } $obj = New-Object -TypeName PSObject -Property $properties Write-Output $obj Write-Host "Looking for package installation...`n" # Check install key in both wow64 and normal path. Application can be either 32-bit or 64-bit. $32bit = Get-ItemProperty HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\* $64bit = Get-ItemProperty HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\* $programs = $32bit + $64bit $packageFound = $false foreach ($program in $programs) { $program = Write-Output $program | Where-Object Displayname -like $SoftwareName if ($null -ne $program.DisplayName) { $LastModified = (Get-Item $program.uninstallstring).lastwritetime $properties = @{ ProgramName = $program.DisplayName Publisher = $program.Publisher Version = $program.DisplayVersion UninstallString = $program.UninstallString LastModified = $LastModified } $package = New-Object -TypeName PSObject -Property $properties Write-Output $package $packageFound = $true break; } } if ($packageFound -eq $false) { Write-Host "No installed package found" # Package needs to be isntalled exit 0 } Write-Host "Checking installed software version..." [System.Version] $installedVersion = $package.Version [System.Version] $ExpectedVersion = $SoftwareVersion if ($installedVersion -lt $ExpectedVersion) { Write-Host "Installed software is older than required version. Patch upgrade needed." exit 0 } else { Write-Host "Installed software is up to date." exit 1 }>
Exit Code 10 and 11
Exit Code 10: Indicates that the script executed successfully. After execution, the agent restarts to apply the final changes.
Exit Code 11: Indicates that the script failed to execute. After execution, the agent restarts to apply the final changes.
The following script is an example that returns both exit codes 10 and 11. This sample script demonstrates the installation of software. If the code returned is 0, the software is installed successfully, and if the code returned is 1, the installation fails.
Example: To install Notepad++ version 8.1.2Example: To install Notepad++ version 8.1.2
Exit Code 10 and 11
#*************************************************************
# Sample install script for Qualys Patch Manager *
# This sample script demonstrate installation of *
# software. It returns 0 if software is installed *
# successfully and returns 1 if installation fails. *
# Return Code *
# 0 - success *
# 1 - failure *
#*************************************************************
[string]$PackageName = "npp.8.1.2.Installer.x64.exe"
[string]$InstallerLocation = $Env:ProgramData + "\Qualys\QualysAgent\PatchManagement\PatchDownloads\"
[string]$Arguments = "/S"
#set this 1 if reboot is required after package installation
[int]$RebootFlag = 1
function Get-QualysScriptReturn {
param (
[ValidateRange(0, 1)]
[Int]
$Success_Code,
[ValidateRange(0, 1)]
[Int]
$RebootFlag
)
return $Success_Code + ($RebootFlag * 10)
}
function Start-Program {
param (
[ValidateNotNullOrEmpty()]
[string]
$ProgramFullPath,
[Parameter(Mandatory = $false)]
[string]
$Arguments
)
try {
$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = $ProgramFullPath
$pinfo.RedirectStandardError = $true
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
if ($null -ne $Arguments) {
$pinfo.Arguments = $Arguments
}
$pinfo.WorkingDirectory = Get-Location
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()
$stderr = $p.StandardError.ReadToEnd()
Write-Host "Process Stdout:`n $stdout"
Write-Host "Process Stderr:`n $stderr"
Write-Host "exit code: "$p.ExitCode
return $p.ExitCode
}
catch {
Write-Host -ForegroundColor DarkRed "Failed to execute program" $_.Exception.Message
return 1
}
}
Write-Host "Running install script to install -"$PackageName
Write-Host "Looking package installer..."
$InstallerFullPath = $InstallerLocation + $PackageName
if (Test-Path $InstallerFullPath) {
Write-Host "Found installer at "$InstallerFullPath
}
else {
Write-Host "Installer does not exist at "$InstallerFullPath
exit 1;
}
Write-Host "Launching installer..."
$ReturnCode = Start-Program $InstallerFullPath $Arguments
if ($ReturnCode -eq 0) {
Write-Host -ForegroundColor Green "Installation successfull..."
exit Get-QualysScriptReturn 0 $RebootFlag;
}
else {
Write-Host -ForegroundColor DarkRed "Installation failed. See output for more details."
exit 1
}
Exit Code 12
This code implies that the script execution failed. If a job has five pre-actions configured and the second pre-action fails with exit code 12, the remaining three pre-actions are not executed and are marked Skipped with exit code 101. As a result, the patches in the job are skipped and not installed. The patch job status appears as Completed with Failure.
The following script is an example that returns exit code 12. The Healthcare providers often use Electronic Medical Record (EMR) systems that run regular backups. If patching starts during these backup windows, it can interfere with data integrity and system performance.
Example: EMR Servers during Backup WindowsExample: EMR Servers during Backup Windows
The scheduled tasks update the following status file to indicate backup activity.
# Before backup
Set-Content -Path "C:\AppStatus\backup.status" -Value "BackupMode=ON"
# After backup
Set-Content -Path "C:\AppStatus\backup.status" -Value "BackupMode=OFF"
The pre-action PowerShell script checks this status:
# pre_patch_check.ps1
$StatusFile = "C:\AppStatus\backup.status"
if (-Not (Test-Path $StatusFile)) {
Write-Output "Status file not found – assuming unsafe to patch."
exit 12
}
$StatusLine = Get-Content $StatusFile | Where-Object { $_ -match "BackupMode" }
if ($StatusLine -match "BackupMode\s*=\s*ON") {
Write-Output "Server is in Backup Mode – canceling patch job."
exit 12
} else {
Write-Output "No backup in progress – safe to patch."
exit 0
}Exit Code 101
Indicates that the script execution is skipped. This exit code is used between Patch and the Cloud Agent to indicate that an earlier pre-action returned exit code 12. As a result, the subsequent pre-actions are marked as Skipped with exit code 101.
If a job has five pre-actions configured and the second pre-action is skipped with exit code 101, the remaining three pre-actions continue to execute. The patch job status is Completed with Failure, since exit code 101 is generated only after a pre-action fails with exit code 12.