diff --git a/agents/MeshCmd-signed.exe b/agents/MeshCmd-signed.exe
index d156934b..85acbc5e 100644
Binary files a/agents/MeshCmd-signed.exe and b/agents/MeshCmd-signed.exe differ
diff --git a/agents/MeshCmd64-signed.exe b/agents/MeshCmd64-signed.exe
index 08bb8198..9b32d363 100644
Binary files a/agents/MeshCmd64-signed.exe and b/agents/MeshCmd64-signed.exe differ
diff --git a/exeHandler.js b/exeHandler.js
index cd4cf0e7..42e14bcc 100644
--- a/exeHandler.js
+++ b/exeHandler.js
@@ -49,7 +49,7 @@ module.exports.streamExeWithJavaScript = function (options) {
     if ((options.platform == 'win32') && (!options.peinfo)) { options.peinfo = module.exports.parseWindowsExecutable(options.sourceFileName); }
 
     // If unsigned Windows or Linux, we merge at the end with the GUID and no padding.
-    if ((options.platform == 'win32' && options.peinfo.CertificateTableAddress == 0) || options.platform != 'win32') {
+    if (((options.platform == 'win32') && (options.peinfo.CertificateTableAddress == 0)) || (options.platform != 'win32')) {
         // This is not a signed binary, so we can just send over the EXE then the MSH
         options.destinationStream.sourceStream = require('fs').createReadStream(options.sourceFileName, { flags: 'r' });
         options.destinationStream.sourceStream.options = options;
@@ -64,7 +64,7 @@ module.exports.streamExeWithJavaScript = function (options) {
         // Pipe the entire source binary without ending the stream.
         options.destinationStream.sourceStream.pipe(options.destinationStream, { end: false });
     } else {
-        throw ('js content not specified');
+        throw ('streamExeWithJavaScript(): Cannot stream JavaScript with signed executable.');
     }
 };
 
diff --git a/webserver.js b/webserver.js
index 8a653b6e..5078bb16 100644
--- a/webserver.js
+++ b/webserver.js
@@ -4684,12 +4684,14 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                     res.sendFile(meshCmd64Path); return;
                 }
             }
+
             // No signed agents, we are going to merge a new MeshCmd.
-            if ((agentid < 10000) && (obj.parent.meshAgentBinaries[agentid + 10000] != null)) { agentid += 10000; } // Avoid merging javascript to a signed mesh agent.
+            if (((agentid == 3) || (agentid == 4)) && (obj.parent.meshAgentBinaries[agentid + 10000] != null)) { agentid += 10000; } // Avoid merging javascript to a signed mesh agent.
             var argentInfo = obj.parent.meshAgentBinaries[agentid];
             if ((argentInfo == null) || (obj.parent.defaultMeshCmd == null)) { try { res.sendStatus(404); } catch (ex) { } return; }
             setContentDispositionHeader(res, 'application/octet-stream', 'meshcmd' + ((req.query.meshcmd <= 4) ? '.exe' : ''), null, 'meshcmd');
             res.statusCode = 200;
+
             if (argentInfo.signedMeshCmdPath != null) {
                 // If we have a pre-signed MeshCmd, send that.
                 res.sendFile(argentInfo.signedMeshCmdPath);
@@ -4697,6 +4699,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                 // Merge JavaScript to a unsigned agent and send that.
                 obj.parent.exeHandler.streamExeWithJavaScript({ platform: argentInfo.platform, sourceFileName: argentInfo.path, destinationStream: res, js: Buffer.from(obj.parent.defaultMeshCmd, 'utf8'), peinfo: argentInfo.pe });
             }
+            return;
         } else if (req.query.meshaction != null) {
             if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { try { res.sendStatus(404); } catch (ex) { } return; } // Check 3FA URL key
             var user = obj.users[req.session.userid];