Python Script isn't being executed completely in Cortex XDR

Hi,

I'm trying to use a Python script in Cortex XDR to execute a certificate installation on Windows machines.

The main goal is to import a certificate.p12 with a password to be installed in all the Windows. However, the script is not behaviour as expected since Cortex XDR allows you to personalize the script you want in Python to be executed in the endpoints.

In local tests, all the scripts being executed in Python so far have had a success in its results. But, as soon as you try to execute the same codes in Cortex Console, only partial commands are executed or nothing happen in endpoint Windows machines.

Here is the script that I'm trying to use in Cortex XDR but isn't working as the local tests are:

import subprocess
import os
import requests

# Path to save the downloaded certificate and the CMD script
cert_file_path = 'C:\\client.p12'
cmd_script_path = 'C:\\install_certificate.cmd'

# URL of the certificate to download
cert_url = 'https://drive.google.com/xxxx'

# Password for the certificate
cert_password = 'test'

# Download the certificate from the URL
response = requests.get(cert_url)
if response.status_code == 200:
with open(cert_file_path, 'wb') as cert_file:
cert_file.write(response.content)
else:
print("Failed to download the certificate.")
exit()

# Content of the new CMD script
cmd_script_content = f"""
@echo off
setlocal

:: Import the certificate using PowerShell
powershell -Command "Import-PfxCertificate -FilePath \"{cert_file_path}\" -Password (ConvertTo-SecureString -String \"{cert_password}\" -AsPlainText -Force) -CertStoreLocation Cert:\\CurrentUser\\My"
echo Certificate installed successfully.

exit /b 0
"""

# Create the new CMD script file
with open(cmd_script_path, 'w') as cmd_script_file:
cmd_script_file.write(cmd_script_content)

# Run the new CMD script
subprocess.run([cmd_script_path], shell=True)

In resume, the client.p12 is hosted on Google driver in a direct link and then the script writes down a Powershell script and save as "install_certificate.cmd". Finally, the script should execute the file saved as "install_certificate.cmd" to import the certificate automatically.

However, in Cortex XDR, the process of downloading the client.p12 from Google Driver and creating a new file in Powershell with the name "install_certificate.cmd" are doing ok. The only step isn't being executed is to start the file "install_certificate.cmd".

Again, if you take this script and execute in a local test installed Python, the script will work quite well. The only problem is with Cortex right now.

I've already changed some process in the script, like, instead of creating a new file as I'm doing right now, working as an alternative B, the right script bellow does the task only needing the certificated client.p12 downloaded with the password (which is more simple than previous script) but nothing works in Cortex XDR again, only the certficate is download to the endpoint:

import requests
import os
import subprocess

# URL of the certificate to download
cert_url = 'https://onedrive.live.com/xxx'
# Path to save the downloaded certificate
cert_file_path = 'client.p12'
# Password for the certificate
cert_password = 'test'

# Download the certificate from the URL
response = requests.get(cert_url)
if response.status_code == 200:
    with open(cert_file_path, 'wb') as cert_file:
        cert_file.write(response.content)
else:
    print("Failed to download the certificate.")
    exit()

# Run PowerShell command to import the certificate
command = f'powershell -Command "certutil -p "test" -importpfx -user client.p12"'
subprocess.run(command, shell=True)

print("Certificate installed successfully.")

Either way, somehow, Cortex isn't getting right to execute the script or something in the script isn't being good to Cortex. I even did one script apart that tries to execute only the file "install_certificate.cmd" after Cortex created the file to import the certificate and download the client.p12 as a first script but it's not working either divinding the script in two parts...

I don't know what to do anymore 😞

Again, I just want to import a certificate p12 with password to the all the Windows machine in mass deployment and not doing it manually like a crazy. It's too many machines for that.

Here the last code I mentioned to execute only the file "install_certificate.cmd" that has been created by Cortex after through the first script but it didn't work 😕 

import subprocess

# Path to the install_certificate.cmd file
cmd_file_path = r'C:\install_certificate.cmd'

# Function to execute the CMD file
def execute_cmd_file(cmd_file_path):
    try:
        # Run CMD file
        process = subprocess.Popen(cmd_file_path, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
        output, error = process.communicate()
        
        # Check for errors
        if process.returncode == 0:
            return output.decode('utf-8')
        else:
            return f"Error: {error.decode('utf-8')}"
    except Exception as e:
        return f"An error occurred: {str(e)}"

# Example usage
if __name__ == "__main__":
    # Execute the CMD file
    result = execute_cmd_file(cmd_file_path)
    print(result)

Remember, all the scripts mentioned have worked in local tests. But, at this point, I accept any tips, suggestion or solution for that, pls