Application Resilience policies for WinMagic MagicEndpoint

Application Resilience policies for WinMagic MagicEndpoint are supported on devices running:

• a supported version of the Windows operating system

• PowerShell version 5.1 or higher

  Due to PowerShell restrictions imposed by Microsoft, Application Resilience isn't supported for this application on devices running Windows 11 SE.

• one of the following versions of WinMagic MagicEndpoint:

  • 1.2.x or higher

    Significant software changes in higher versions may cause health checks to become invalid.

In addition to checking the version, the following table describes the health checks performed:

If you select Report higher versions as Compliant, higher versions report Compliant without running health checks.

Component	Test performed
Services	Installed	Running	Signed by
MagicEndpoint Core Service (MagicEndpoint.Core.exe)	P	P	One of the signers entered in the policy configuration By default, Signers contains "WinMagic Inc".
Application name
The application uses the following name: MagicEndpoint (x64)

You can configure an Application Resilience policy for WinMagic MagicEndpoint to enable the Application Resilience (RAR) component A lightweight software component of the Secure Endpoint Agent that detects the status of third party applications installed on a device. The component may also attempt to repair the third party application if it is non-compliant. The RAR component is deployed on a device only when the device is associated with a customized policy group and that policy group's Application Resilience policy is activated. to attempt to repair WinMagic MagicEndpoint if it's not functioning, or reinstall it if it's missing or can't be repaired.

Depending on the Absolute product licenses associated with your account, the Report and repair and Report, repair, and reinstall options may not be available.

The RAR component of the Secure Endpoint Agent can respond to the following issues:

Issue	Resolution
Repair
The MagicEndpoint Core Service (MagicEndpoint.Core.exe) isn't running	The RAR component restarts the service.
The MagicEndpoint Core Service (MagicEndpoint.Core.exe) isn't installed and the service's executable can be detected on the device	The RAR component reinstalls the missing service.
Reinstall
Downgrades are not supported. If the version installed on a device is higher than the expected version, no action is taken.
The MagicEndpoint Core Service (MagicEndpoint.Core.exe) isn't installed and the service's executable cannot be detected on the device	If the application is installed, the RAR component uninstalls it. After the application is uninstalled, or if the application wasn't installed, the RAR component downloads and installs the configured version of the application.
WinMagic MagicEndpoint failed to be repaired, or the expected version isn't installed

If you want the Secure Endpoint Agent to reinstall WinMagic MagicEndpoint if it's non-functional or missing, you need to provide the installer.

The installer:

• must be an EXE file

• can have any file name

If you want the Secure Endpoint Agent to reinstall WinMagic MagicEndpoint if it has never been installed on the device, you also need to provide the certificate file.

The certificate file is optional but if WinMagic MagicEndpoint has never been installed on the device and the certificate file isn't provided, the installation fails and the device reports Not Compliant.

To prepare the certificate file (optional)

1. In File Explorer, navigate to MagicEndpoint.exe.
2. Right-click on the file and select Properties.
3. Click the Digital Signatures tab. In the Signature list, verify the name of the signer is WinMagic Inc.
4. Click on the signature and click Details. Digital Signature Details opens.
5. On Digital Signature Details, click View Certificate. Certificate opens.
6. On Certificate, click the Details tab.

7. Copy the certificate to a file:

   1. Click Copy to File. The Certificate Export Wizard opens.
   2. On the Certificate Export Wizard, click Next.
   3. Select one of the following formats and click Next.
      • DER encoded binary X.509 (.CER)
      • Base-64 encoded X.509 (.CER)

   4. Click Browse, set the location where you want to save the certificate, and click Save.

      Broadcom recommends using an easy to recognize file name and saving the certificate to a common area such as Desktop.

   5. On the Certificate Export Wizard, click Next.

   6. Click Finish.

   7. Click OK.

8. Close any remaining open windows.

The certificate file can now be uploaded to the Secure Endpoint Console or hosted on your own server.

Before you activate an Application Resilience policy, you need to configure the policy. You need to configure the application version in addition to the settings in Configuring Application Resilience policies.

To configure the application version:

Under WinMagic MagicEndpoint version, enter the version of WinMagic MagicEndpoint that you expect to be running on your devices.

• The target version must be a sequence of digits separated by a period.
• You can use wildcard "*" characters after the major version number, for example, 1.*, 1.2.*, or 1.2.0.*.

Make sure the version you are entering is consistent with version 1.2.x or higher.

If you selected the Report, repair, and reinstall option, you also need to configure these settings in addition to the settings in Configuring Application Resilience policies.

To configure the WinMagic MagicEndpoint specific settings:

1. [Optional] To only reinstall the application if it's missing, select the checkbox next to Do not reinstall or upgrade if the app is already installed. When this option is selected, the application is not reinstalled when either of the following conditions apply:

   • The application version is lower than the expected version.
   • The application can't be repaired.

2. [Optional] To enable the RAR component to install WinMagic MagicEndpoint if it has never been installed on the device, you need to upload the certificate file or provide the location of the certificate file.

   The certificate file is optional but if WinMagic MagicEndpoint has never been installed on the device and the certificate file isn't provided, the installation fails and the device reports Not Compliant.

   Do one of the following:

   Upload the certificate file:

   For Report, repair, and reinstall with Upload installer selected.

   1. Under Certificate file (*.cer), select Upload.

   2. Do one of the following:

      • Click browse. Navigate to and select the certificate file you created in Preparing the files.
      • Navigate to and select the certificate file you created in Preparing the files and drag it to the work area.
   3. Wait for the file to upload.
   4. [Optional] Click Add description (optional) and enter a description, if desired.

   5. When you have finished uploading the file, click Save.

   Provide the location of the certificate file:

   For Report, repair and reinstall with Host my own installer file selected.

   1. Under URI for certificate file, enter the location of the certificate file you created in Preparing the files. Use the following format:

      Copy

      https://example.com/path/example.cer

   2. Click Go to URI to test that you entered the location correctly.

   3. Assign a SHA-256 hash to each application certificate file by doing the following:

      1. Use a hash generator tool of your choice to generate a SHA-256 hash for the certificate file your created in Preparing the files. For example, you can use the CertUtil.exe command-line utility, which is included with most Windows operating systems.
      2. Enter the hash in the Hash for certificate file field. Ensure that you haven't inadvertently inserted any whitespace characters in the field along with the hash.
3. [Optional] Under Additional installation commands, enter the applicable installation command-line parameters to configure any settings not covered by the policy configuration.