So, an upd ate. When zipping with 7-Zip it has the option of Encrypting with a password. If I do that, then none of the antivirus's on virustotal.com can see thru it. It's reported as safe. Presumably, then, it would be allowed to download.
I certainly hear your point about making it as easy for the end-user as possible. However, if the download fails, then that's not easy. I have tried this, and with default windows installation, you can just:
download the .zip file
double click on the downloaded file (or click 'Run') (which actually opens window's zip browser)
then double click on agent.exe that is displayed (which is actually "in" the .zip file)
type in the password
windows does the work of extracting to temp file and running
So, it is really just two more steps, just one more double-click, and typing a password, which is still pretty easy. You're probably on the phone with them walking them thru it.
Then, once you're in, you can extract agent.exe to desktop, or remote install host, or file transfer another agent.exe from your machine to remote.
And you can use the task scheduler to re-start agent outside of the .zip file extracted to the temp dir. Here's some .bat file code i use:
:: this editor is putting a space in all my 'set' commands making them 'se t' se t future_time=19:05
:: rutserv or agent : se t path_to_rutsrv=C:\some\path\to\rutserv.exe se t path_to_rutsrv=C:\some\path\to\agent.exe
:: the /rl is priviledge level :: the /f means overwrite task :: the quotes are necessary :: 1. to handle the space in eg program files :: 2. to allow the /start to not be processed by schtasks itself but parsed and passed on :: as part of the /tr :: 3. so that the first space does not delimited programs and parametrs in task scheduler :: and you dont need /start at all for agent.exe
schtasks /create /sc once /tn rut_restart /tr "'%path_to_rutsrv%' /start" /st %future_time% /rl highest schtasks /query /tn rut_restart /v /fo list
I also just tried in Chrome Browser "Version 43.0.2357.130 m" and it resulted in "agent.exe may harm your browsing experience, so Chrome has blocked it." There used to be a drop-down menu choice "Keep" but that's gone now. But you can go into "Show all downloads" and click "Recover malicious file" then you get another popup and have to click "Keep anyway" altho these exact details of what to click and what the exact text says will probably change over time.
Of course this is just to download it in the browser. Then you have to get thru your antivirus perhaps once when downloading and perhaps again when invoking.
It's interesting because Alt + Tab currently moves you forward in the list of windows, and Shift + Alt + Tab currently moves you backwards in the list of windows. I personally do already currently use Shift + Alt + Tab to move backwards in windows. So this new feature will mask that old feature, but only on the remote PC. I wonder, is the hotkey selection settable?
But, anyway, i can also use Windows + Tab and Shift + Windows + Tab to go forward and backward thru the windows (in a different order, most recently used) and i use that a lot, and that's still there.
Ah, so as explained above, i can use the configurator to create an agent with an UN-checked IpV6, however, then the resulting file will have a unique md5/sha1 hash. That means new anti-virus programs will flag it as uncommon/suspicious. It can't be whitelisted at google like your standard agent.exe. I mean, i can ask, but they may never get to my request.
Will the agent.exe resulting from the configurator be digitally signed by Usoris under your certificate?
AH HA! I did not know the MSI configurator could be used to create a new agent. I thot it only wrote an .msi installer. i see now on that page it can create .msi, .exe, or agent.exe. OK great i will check that out.
As for why connection actually failed....
How long does it take from an agent.exe invocation to the Internet-ID being available on your gateway? Another time i tried to connect in this same location it took about 1-2 min. I did not know to wait that long. Perhaps un-checking IPv6 just bought me the time for the agent to register.
And does a brand new host take longer to register than a 2nd invocation of agent.exe on the same host?