So, when we create a task to run a script on a resource, Is the script itself is saved locally on the target resource? If it's saved there, is it encrypted on the drive?
ITMS 8.5, 8.6
The script is saved as part of the task in SMA secure storage, so it is encrypted on the disk.
The task associated to the script is encrypted during transmission from the server to the client.
The only time the script can be intercepted is during the task execution:
the local batch file is created, executed and then removed. That local batch file contains the original script.
The temporary script file is created in folder configured in Folder for executable files (under SMP Console>Settings menu>All Settings>Agents/Plug-ins>Symantec Management Agent>Settings>Targeted Agent Settings>select desired client policy>Advanced tab)
The file is given proper permission so only our agent service and the user account which identity is used to run the script get access to the file.