# Run Program Notification Profile

You can configure OpManager to automatically run a program whenever a fault is detected in the device. For instance, you can configure OpManager to execute a program that corrects the fault or simply produces a sound or that whenever a specific type of an alarm is raised for a device.

## Configure a Run Program Profile

To create a profile that executes the specified program, follow the steps given below:

1. Go to **Settings** > **Notification Profiles**.
2. Click **Add**.
3. Select the Notification type as **Run Program**.
4. In the **Command Name** field, specify the name of the program to be executed with the absolute path. Example C:profilestestprogram.bat.
5. **Argument** variables are dynamic additional information that you can include in your alert message. You can select the dynamic argument variable you want to include in the message based on the type of notification. [Click here to learn more about variables.](https://www.manageengine.com/network-monitoring/help/workflow-variables.html)
6. Select the fault criteria for which you need to be notified. For instance, if you want to be notified of threshold violation, select "Threshold rule is violated". Additionally notify only when any or all the severity: Critical, Trouble, Attention, Service Down. Click **Next**.
7. Select the devices either **By Category** or **By Business View** or **By Devices** and click **Next**.
8. Select the required **[Time Window](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#trigger)**, **[Delayed Trigger](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#trigger)** and **[Recurring Trigger](https://www.manageengine.com/network-monitoring/help/configuring-notifications.html#trigger)** and click **Next**.
9. Give a profile name and click **Test Action** to test the program or **Save** to save the profile.

The profile is associated to the selected devices. The program is executed with the specified arguments whenever a fault matching the selected criteria occurs.

## Security Advisory

**Security Advisory:** When the Run System Command Profile is triggered by testaction or by an alarm, the configured command will be executed. The command given will be executed as such from the `OpManager/bin` directory and is equivalent to executing a command from the command prompt (CMD).

1. As a security constraint, during notification profile execution, shell meta characters in variable values are sanitized. Special characters `(&|<>^!'$(){};#*?[]` and `cmd.exe` references are stripped, while `%` and `-` are padded with spaces to prevent exploitation.
2. Avoid using `cmd.exe /c` or `/bin/bash -c` while configuring profiles, as this may enable potential command injection through `$variables`.

Consequently, it is the user's responsibility to validate and sanitize all command inputs during profile configuration to mitigate potential security threats and vulnerability exposure.