Creating a Launch Daemon to Open an Application

The thing you are checking - is it running as the user? or root? Pick a computer things are working on and open Activity Monitor. Find the process name and see the User. If it's the logged in user, then you need a LaunchAgent. If it is root, then you need a launchDaemon. And I wouldn't create a new LaunchD - there's likely already one so you just need to restart it.

Look in /Library/LaunchDaemons for one with the Forticlient name in it. Then issue this command from Jamf using 'File's and Processes' task.

launchctl unload /Library/LaunchDaemons/com.forticlient.plist; launchctl load /Library/LaunchDaemons/com.forticlient.plist

If it's running as the user, then things get a little more complicated. It's possible that the scanner part runs as root and a menu item (optional) runs as the user.

A launchagent runs as the user, a launchdaemon runs as root. Most apps with a user interface that would run would be a launchagent. Processes may need to run as either.

Here are some tools that might help you.

http://launched.zerowidth.com/

http://www.soma-zone.com/LaunchControl/

In activity monitor FortiClient is running as the logged in user. There are FortiClient LaunchDaemons and LaunchAgents so its running as root and the logged in user.

So is it as simple as running at command in jamf to reload the daemon/agent?

It's likely the LaunchDaemon is running one part of the Forticlient process, and the LaunchAgent is running something user facing, like the icon at the top of the toolbar that you referenced in your first post.
So, if you need to relaunch the LaunchAgent, the above launchctl load code by itself isn't going to work when run from a policy, because policies run as root, and it would attempt to load the LaunchAgent in the root account space, which it can't do.

For this, I would use launchctl asuser, possibly first to see if the agent is running, and then to launch it if it's not already running and needs to be.

Here's a sample script, but you will need to determine the exact process name that shows up in the command line and plug that in, as well as the LaunchAgent file name. I don't use Forticlient so I don't know what either of those are. Is the FortiClientAgent name in your screenshot the actual user facing process? If so, you would use that in the ForticlientProcess section below.

#!/bin/bash

## Get logged in user and UID
loggedInUser=$(stat -f%Su /dev/console)
loggedInUID=$(id -u $loggedInUser)

## Put the name of the process you want to check on here. Do "ps axc" in Terminal to look for the name
ForticlientProcess="FortiClientProcess"
## Put the LaunchAgent plist path and name here
ForticlientAgentPlist="/Library/LaunchAgents/com.something.plist"

if [ "$loggedInUser" != "root" ]; then
    echo "A user is logged in. Checking for agent process..."
    ## Check for agent as user
    FCProcCheck=$(/bin/launchctl asuser $loggedInUID sudo -iu $loggedInUser ps axc | grep "$ForticlientProcess" 2>&1 >/dev/null; echo $?)
    if [ "$FCProcCheck" != 0 ]; then
        echo "Agent is not running. Reloading..."
        /bin/launchctl asuser $loggedInUID /bin/launchctl unload "$ForticlientAgentPlist"
        /bin/launchctl asuser $loggedInUID /bin/launchctl load "$ForticlientAgentPlist"
    else
        echo "Agent process is running. Nothing to do."
        exit 0
    fi
else
    echo "No-one logged in. Cannot check on agent process."
    exit 0
fi