diff --git a/agent/agent.go b/agent/agent.go
index 2e465e0..84f1889 100644
--- a/agent/agent.go
+++ b/agent/agent.go
@@ -78,6 +78,8 @@ const (
 	meshSvcName   = "mesh agent"
 )
 
+var winTempDir = filepath.Join(os.Getenv("PROGRAMDATA"), "TacticalRMM")
+var winMeshDir = filepath.Join(os.Getenv("PROGRAMFILES"), "Mesh Agent")
 var natsCheckin = []string{"agent-hello", "agent-agentinfo", "agent-disks", "agent-winsvc", "agent-publicip", "agent-wmi"}
 
 func New(logger *logrus.Logger, version string) *Agent {
@@ -402,54 +404,47 @@ func (a *Agent) GetUninstallExe() string {
 }
 
 func (a *Agent) CleanupAgentUpdates() {
-	cderr := os.Chdir(a.ProgramDir)
-	if cderr != nil {
-		a.Logger.Errorln(cderr)
-		return
-	}
+	// TODO remove a.ProgramDir, updates are now in winTempDir
+	dirs := [2]string{winTempDir, a.ProgramDir}
+	for _, dir := range dirs {
+		err := os.Chdir(dir)
+		if err != nil {
+			a.Logger.Debugln("CleanupAgentUpdates()", dir, err)
+			continue
+		}
 
-	// winagent-v* is deprecated
-	files, err := filepath.Glob("winagent-v*.exe")
-	if err == nil {
-		for _, f := range files {
-			os.Remove(f)
+		// TODO winagent-v* is deprecated
+		globs := [2]string{"tacticalagent-v*", "winagent-v*"}
+		for _, glob := range globs {
+			files, err := filepath.Glob(glob)
+			if err == nil {
+				for _, f := range files {
+					a.Logger.Debugln("CleanupAgentUpdates() Removing file:", f)
+					os.Remove(f)
+				}
+			}
 		}
 	}
 
-	agents, err := filepath.Glob("tacticalagent-v*.exe")
+	err := os.Chdir(os.Getenv("TMP"))
 	if err == nil {
-		for _, f := range agents {
-			os.Remove(f)
-		}
-	}
-
-	cderr = os.Chdir(os.Getenv("TMP"))
-	if cderr != nil {
-		a.Logger.Errorln(cderr)
-		return
-	}
-	folders, err := filepath.Glob("tacticalrmm*")
-	if err == nil {
-		for _, f := range folders {
-			os.RemoveAll(f)
+		dirs, err := filepath.Glob("tacticalrmm*")
+		if err == nil {
+			for _, f := range dirs {
+				os.RemoveAll(f)
+			}
 		}
 	}
 }
 
 func (a *Agent) RunPythonCode(code string, timeout int, args []string) (string, error) {
 	content := []byte(code)
-	dir, err := ioutil.TempDir("", "tacticalpy")
-	if err != nil {
-		a.Logger.Debugln(err)
-		return "", err
-	}
-	defer os.RemoveAll(dir)
-
-	tmpfn, _ := ioutil.TempFile(dir, "*.py")
+	tmpfn, _ := ioutil.TempFile(winTempDir, "*.py")
 	if _, err := tmpfn.Write(content); err != nil {
 		a.Logger.Debugln(err)
 		return "", err
 	}
+	defer os.Remove(tmpfn.Name())
 	if err := tmpfn.Close(); err != nil {
 		a.Logger.Debugln(err)
 		return "", err
@@ -489,13 +484,12 @@ func (a *Agent) RunPythonCode(code string, timeout int, args []string) (string,
 
 }
 
-func (a *Agent) CreateTRMMTempDir() {
-	// create the temp dir for running scripts
-	dir := filepath.Join(os.TempDir(), "trmm")
-	if !trmm.FileExists(dir) {
-		err := os.Mkdir(dir, 0775)
+func createWinTempDir() error {
+	if !trmm.FileExists(winTempDir) {
+		err := os.Mkdir(winTempDir, 0775)
 		if err != nil {
-			a.Logger.Errorln(err)
+			return err
 		}
 	}
+	return nil
 }
diff --git a/agent/agent_unix.go b/agent/agent_unix.go
index 993b446..9d23590 100644
--- a/agent/agent_unix.go
+++ b/agent/agent_unix.go
@@ -209,6 +209,13 @@ func SetDetached() *syscall.SysProcAttr {
 	return &syscall.SysProcAttr{Setpgid: true}
 }
 
+func (a *Agent) seEnforcing() bool {
+	opts := a.NewCMDOpts()
+	opts.Command = "getenforce"
+	out := a.CmdV2(opts)
+	return out.Status.Exit == 0 && strings.Contains(out.Stdout, "Enforcing")
+}
+
 func (a *Agent) AgentUpdate(url, inno, version string) {
 
 	self, err := os.Executable()
@@ -276,6 +283,13 @@ func (a *Agent) AgentUpdate(url, inno, version string) {
 		}
 	}
 
+	if a.seEnforcing() {
+		se := a.NewCMDOpts()
+		se.Command = fmt.Sprintf("restorecon -rv %s", self)
+		out := a.CmdV2(se)
+		a.Logger.Debugln("%+v\n", out)
+	}
+
 	opts := a.NewCMDOpts()
 	opts.Detached = true
 	opts.Command = "systemctl restart tacticalagent.service"
diff --git a/agent/agent_windows.go b/agent/agent_windows.go
index a3dd2f5..00e489c 100644
--- a/agent/agent_windows.go
+++ b/agent/agent_windows.go
@@ -86,9 +86,10 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
 
 	content := []byte(code)
 
-	dir := filepath.Join(os.TempDir(), "trmm")
-	if !trmm.FileExists(dir) {
-		a.CreateTRMMTempDir()
+	err := createWinTempDir()
+	if err != nil {
+		a.Logger.Errorln(err)
+		return "", err.Error(), 85, err
 	}
 
 	const defaultExitCode = 1
@@ -110,7 +111,7 @@ func (a *Agent) RunScript(code string, shell string, args []string, timeout int,
 		ext = "*.bat"
 	}
 
-	tmpfn, err := ioutil.TempFile(dir, ext)
+	tmpfn, err := ioutil.TempFile(winTempDir, ext)
 	if err != nil {
 		a.Logger.Errorln(err)
 		return "", err.Error(), 85, err
@@ -576,13 +577,15 @@ func (a *Agent) UninstallCleanup() {
 	a.PatchMgmnt(false)
 	a.CleanupAgentUpdates()
 	CleanupSchedTasks()
+	os.RemoveAll(winTempDir)
 }
 
 func (a *Agent) AgentUpdate(url, inno, version string) {
 	time.Sleep(time.Duration(randRange(1, 15)) * time.Second)
 	a.KillHungUpdates()
+	time.Sleep(1 * time.Second)
 	a.CleanupAgentUpdates()
-	updater := filepath.Join(a.ProgramDir, inno)
+	updater := filepath.Join(winTempDir, inno)
 	a.Logger.Infof("Agent updating from %s to %s", a.Version, version)
 	a.Logger.Debugln("Downloading agent update from", url)
 
@@ -605,14 +608,7 @@ func (a *Agent) AgentUpdate(url, inno, version string) {
 		return
 	}
 
-	dir, err := ioutil.TempDir("", "tacticalrmm")
-	if err != nil {
-		a.Logger.Errorln("Agentupdate create tempdir:", err)
-		CMD("net", []string{"start", winSvcName}, 10, false)
-		return
-	}
-
-	innoLogFile := filepath.Join(dir, "tacticalrmm.txt")
+	innoLogFile := filepath.Join(winTempDir, fmt.Sprintf("tacticalagent_update_v%s.txt", version))
 
 	args := []string{"/C", updater, "/VERYSILENT", fmt.Sprintf("/LOG=%s", innoLogFile)}
 	cmd := exec.Command("cmd.exe", args...)
@@ -658,12 +654,11 @@ func (a *Agent) AgentUninstall(code string) {
 }
 
 func (a *Agent) addDefenderExlusions() {
-	code := `
-Add-MpPreference -ExclusionPath 'C:\Program Files\TacticalAgent\*'
-Add-MpPreference -ExclusionPath 'C:\Windows\Temp\tacticalagent-v*.exe'
-Add-MpPreference -ExclusionPath 'C:\Windows\Temp\trmm\*'
-Add-MpPreference -ExclusionPath 'C:\Program Files\Mesh Agent\*'
-`
+	code := fmt.Sprintf(`
+Add-MpPreference -ExclusionPath '%s\*'
+Add-MpPreference -ExclusionPath '%s\*'
+Add-MpPreference -ExclusionPath '%s\*'
+`, winTempDir, a.ProgramDir, winMeshDir)
 	_, _, _, err := a.RunScript(code, "powershell", []string{}, 20, false)
 	if err != nil {
 		a.Logger.Debugln(err)
diff --git a/agent/install.go b/agent/install.go
index a975581..b03518c 100644
--- a/agent/install.go
+++ b/agent/install.go
@@ -224,13 +224,16 @@ func (a *Agent) Install(i *Installer) {
 		a.SendSoftware()
 
 		a.Logger.Debugln("Creating temp dir")
-		a.CreateTRMMTempDir()
+		err := createWinTempDir()
+		if err != nil {
+			a.Logger.Errorln("Install() createWinTempDir():", err)
+		}
 
 		a.Logger.Debugln("Disabling automatic windows updates")
 		a.PatchMgmnt(true)
 
 		a.Logger.Infoln("Installing service...")
-		err := a.InstallService()
+		err = a.InstallService()
 		if err != nil {
 			a.installerMsg(err.Error(), "error", i.Silent)
 		}
diff --git a/agent/svc.go b/agent/svc.go
index e360ebf..4ca85c2 100644
--- a/agent/svc.go
+++ b/agent/svc.go
@@ -29,7 +29,10 @@ func (a *Agent) RunAsService() {
 func (a *Agent) AgentSvc() {
 	go a.GetPython(false)
 
-	a.CreateTRMMTempDir()
+	err := createWinTempDir()
+	if err != nil {
+		a.Logger.Errorln("AgentSvc() createWinTempDir():", err)
+	}
 	a.RunMigrations()
 
 	sleepDelay := randRange(14, 22)
diff --git a/build/rmm.exe.manifest b/build/rmm.exe.manifest
index 3ce8a05..df6fc51 100644
--- a/build/rmm.exe.manifest
+++ b/build/rmm.exe.manifest
@@ -3,7 +3,7 @@
   <assemblyIdentity
     type="win32"
     name="TacticalRMM"
-    version="2.2.1.0"
+    version="2.3.0.0"
     processorArchitecture="*"/>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
diff --git a/build/setup.iss b/build/setup.iss
index 9f236b9..cae5a3e 100644
--- a/build/setup.iss
+++ b/build/setup.iss
@@ -1,5 +1,5 @@
 #define MyAppName "Tactical RMM Agent"
-#define MyAppVersion "2.2.1"
+#define MyAppVersion "2.3.0"
 #define MyAppPublisher "AmidaWare LLC"
 #define MyAppURL "https://github.com/amidaware"
 #define MyAppExeName "tacticalrmm.exe"
diff --git a/main.go b/main.go
index eb2e193..21f4d6e 100644
--- a/main.go
+++ b/main.go
@@ -25,7 +25,7 @@ import (
 )
 
 var (
-	version = "2.2.1"
+	version = "2.3.0"
 	log     = logrus.New()
 	logFile *os.File
 )
@@ -85,6 +85,8 @@ func main() {
 	a.Logger.Debugf("%+v\n", a)
 
 	switch *mode {
+	case "getenv":
+		fmt.Println(os.Getenv(flag.Arg(0)))
 	case "nixmeshnodeid":
 		fmt.Print(a.NixMeshNodeID())
 	case "installsvc":
diff --git a/versioninfo.json b/versioninfo.json
index d993149..b7064a2 100644
--- a/versioninfo.json
+++ b/versioninfo.json
@@ -2,14 +2,14 @@
     "FixedFileInfo": {
         "FileVersion": {
             "Major": 2,
-            "Minor": 2,
-            "Patch": 1,
+            "Minor": 3,
+            "Patch": 0,
             "Build": 0
         },
         "ProductVersion": {
             "Major": 2,
-            "Minor": 2,
-            "Patch": 1,
+            "Minor": 3,
+            "Patch": 0,
             "Build": 0
         },
         "FileFlagsMask": "3f",
@@ -22,14 +22,14 @@
         "Comments": "",
         "CompanyName": "AmidaWare LLC",
         "FileDescription": "Tactical RMM Agent",
-        "FileVersion": "v2.2.1.0",
+        "FileVersion": "v2.3.0.0",
         "InternalName": "tacticalrmm.exe",
         "LegalCopyright": "Copyright (c) 2022 AmidaWare LLC",
         "LegalTrademarks": "",
         "OriginalFilename": "tacticalrmm.exe",
         "PrivateBuild": "",
         "ProductName": "Tactical RMM Agent",
-        "ProductVersion": "v2.2.1.0",
+        "ProductVersion": "v2.3.0.0",
         "SpecialBuild": ""
     },
     "VarFileInfo": {